IBM Security Guardium Data Protection for SAP HANA Comprehensive, Scalable and Actionable IBM Security / © 2019 IBM Corporation
IBM Security Guardium Data Protection for SAP HANAComprehensive, Scalable and Actionable
IBM Security / © 2019 IBM Corporation
IBM Security Guardium empowers you to meet your most important data protection needs
IBM Security / © 2019 IBM Corporation 2
– Complete visibility – Actionable insights – Real-time controls – Automated compliance
Advanced analytics
Real-time monitoring and alerting
Blocking, masking, quarantining and encryption
Purpose-built patterns, reports, policies and workflows
Vulnerability and risk assessment, issue remediation
Discovery and classification
Discover
ComplyProtect
Transform
Cloud
Applications
MainframeFiles |Unstructured data
Databases and warehouses | Structured data
Big data | Semi-structured data
IBM Security
Guardium
Risk-based
approach
With smarter capabilities throughout your entire data protection journey
3
Businesses are undertaking transformation initiatives to modernize their SAP HANA deployment;
- Migrating to cloud - Migrating their legacy S/3 to SAP S/4
Data security
blindspots : Data access behavior and activities change over time, so there needs to be an easy way to distinguish between normal business-as-usual activities versus malicious activity.
Database vulnerabilities: Vulnerabilities such as missing patches, weak passwords, unauthorized changes and misconfigured privileges put SAP data stores at risk.
Unauthorized privileged user access: Insiders with privileged access can potentially view, change or exfiltrate SAP stored data outside of business policy, without their actions being tracked and detected.
Dispersed data: Sensitive information may be stored in hundreds of different database columns, making it extremely difficult to conduct column-level monitoring or encryption.
Data security concerns we hear from SAP HANA clients
I need help with:
IBM Security / © 2019 IBM Corporation 4
Data security concerns for SAP HANA environments
IBM Security / © 2019 IBM Corporation 5
Manual processes create inaccurate & unreliable results
• Using spreadsheets to track data repositories containing structured and unstructured data, data owners, data access rights etc.
• Emailing critical notifications from person to person, without clear, defined workflows
• Lack of visibility into what data you have, where is it stored and if it is sufficiently protected
• No confidence that you have the processes, workflows and/or solutions to comply data security & compliance risks
Data Security A proactive approach
IBM Security / © 2019 IBM Corporation 6
Guardium for SAP HANA
Discover & classify
Protect
Monitor
Take action
8IBM Security / © 2019 IBM Corporation
Auto-discover SAP HANA instances
Scan the entire SAP HANA environment to understand where sensitive data resides based on compliance and privacy regulations such as CCPA, SOX, PCI, GDPR, PII etc.
Report on SAP HANA entitlements for access review and governance
Discover and classify: uncover and prioritize risks
Guardium for SAP HANA
Discover & classify
Protect
Monitor
Take action
IBM Security / © 2019 IBM Corporation
Discover and classify
10IBM Security / © 2019 IBM Corporation
Automate vulnerability scanning and configuration
Get detailed reports and recommendations on entitlements and risky configurations
Leverage 92+ out-of-the-box SAP HANA vulnerability assessments based on CVEs, industry best practices and SAP recommended security practices
Keep up-to-date with the latest CVEs with quarterly and rapid response Data Protection Subscription (DPS).
Protect: assess vulnerabilities
Guardium for SAP HANA
Discover & classify
Protect
Monitor
Take action
IBM Security / © 2019 IBM Corporation
Protect – Assess vulnerabilities
12IBM Security / © 2019 IBM Corporation
Monitor users in real-time to identify risk and outlier activities and behaviors
Use pre-built policies and threat analytics use cases to take action on specific activities such as failed login attempts, large volume queries, access to sensitive tables, off-work activities, privilege account escalations, SQL injections etc.
Gain application-centric visibility into data risks
Collect years of data security & audit data
Monitor: database activities in real-time
Guardium for SAP HANA
Discover & classify
Protect
Monitor
Take action
IBM Security / © 2019 IBM Corporation
Protect – Enforce controls
IBM Security / © 2019 IBM Corporation
Monitor for compliance
15IBM Security / © 2019 IBM Corporation
Centrally protect & respond to risk
Use pre-built reports and workflows to automate the review and approvals of compliance audits
Investigate data usage patterns and deviations from access policies
Leverage pre-built integrations with CyberArk, Splunk, IBM Security QRadar, ServiceNow and other IT/SecOps tools for incident orchestration and response
Take action: quickly remediate risks
Guardium for SAP HANA
Discover & classify
Protect
Monitor
Take action
IBM Security / © 2019 IBM Corporation
Take action: Report
17IBM Security / © 2019 IBM Corporation
Enforces robust access controls with clear separation of duties between users' access and database auditing
Built-in integration with IT and SecOps tools
Easy to configure and use with interactive videos/tutorial
Scales effortlessly to meet the needs of SAP HANA deployments, no matter how large or complex
Easy deployment and scalable
Guardium for File and DB Encryption (GDE) – SAP HANA Support
Host
Guard Points
Agent
Policy
Key
Resources
Users
ProcessesEffects
Actions
Policy
DSM
Guardium for File and Database Encryption is supported on SAP HANA. The administrative policies are enforced consistently across big data and distributed platforms.
IBM Security / © 2019 IBM Corporation 19
IBM Security engaged to secure their SAP HANA applications on Power Systems
Client success
A Luxury Goods Company protected
critical assets, detected and stopped
insider threats, and enhanced security
hygiene
✓ Protected distributed databases, including SAP HANA
✓ Automated manual and time-consuming processes
✓ Minimized false positives
Results
Client study finds Guardium improves efficiency and effectiveness in the protection of data:
IBM Security / © 2019 IBM Corporation
Following the deployment of Guardium Data Protection, 65% say their organizations recognized value in less than one month.
20
Source: “Ponemon Report: Client Insights on Data Protection with IBM Security Guardium,” Ponemon Institute, June 2019
Ability to accurately detect threats improved 43%
Ability to detect data source vulnerabilities and misconfigurations increased by 67%
Time spent identifying and remediating data security issues decreased 42%
Accuracy of data classification improved by 50%
What customers and business partners are saying
“We can take advantage of that built-in functionality to give us a faster start, without having to build up things from scratch.”
- Sr. governance specialist, insurance company
“Our old solution did not scale as well. Now, we add more databases and the same size team can absorb that into their daily workload, without us having to hire new people.”
- VP, cyber security management, financial services institution
“Because we are using Guardium and it’s monitoring 24x7, I sleep a lot better at night –and so does my management team.”
- Data Security Engineer, Westfield Insurance
“Smart Assistant for compliance monitoring was quicker to complete. Best attempt yet to let people get up and running quickly..”
• Data Security Engineer , IBM Security Business Partner
IBM Security / © 2019 IBM Corporation
Read
the IBM Security Guardium for SAP HANA Tech Note
Explore
Explore the interactive IBM Security Guardium persona demo
Visit
IBM Security Guardium Webpage for more information
Schedule
a consultation with our security professionals
Data security concerns we hear from SAP HANA clients
I need help with:
IBM Security / © 2019 IBM Corporation 22
Learn more
ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
© Copyright IBM Corporation 2019. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
FOLLOW US ON:
THANK YOU
ibm.com/security/community
IBM Security