MAINFRAME > TRENDS > SECURITY

IBM Guardium Updates Help Organizations Reduce Risk and Demonstrate Compliance

IBM Guardium

Workloads are getting bigger. To manage all of this information and application data, businesses have a few options: store workloads on a company-owned server, tap the storage space of a managed service provider (MSP) or go with a hybrid model that combines a private, on-premises cloud with an MSP.

2016 is known as the “year of the mega breach,” according to the IBM X-Force* Threat Intelligence Report for 2017 (ibm.co/2oWtjI4). The quantity of breached records has reached epic proportions, at an awe-inspiring 4 billion. Mainframe administrators rightly regard security on the platform as top-notch, but breaches are often caused by weaknesses outside of native security controls, including:

  • Phishing attacks, the attempt to get privileged credentials and gain access to data by disguising as a trustworthy entity
  • •nsider attacks, which originate from within an organization or by its contractors, either by malicious intent or simple mistakes. X-Force reports that in some industries (e.g., financial services and healthcare), the “malicious insider” attack vector increased in 2016 when compared to the prior year: 5 percent increase in financial services and 25 percent in healthcare. Inadvertent insider threats were up in double digits in both sectors.
  • Mainframe data that’s feeding (and being fed by) applications that have exposure to the internet. SQL and other injection-type attacks have been around a while, but are still a favored entry point for hackers. Simple application or database misconfigurations can lay down the welcome mat to your crown jewels.

On top of this risk is the additional burden of compliance. Many mainframe clients struggle to produce adequate compliance reporting for the variety of existing regulations such as the Sarbanes-Oxley Act (SOX) and PCI DSS. Approved in 2016, the European Union General Data Protection Regulation (GDPR) impacts all organizations worldwide that house data for European subjects. There’s little doubt many mainframe systems include customer or patient data on European subjects.

Data Protection Solutions

Developed with deep mainframe knowledge and tightly integrated with the mainframe systems, IBM offers the most robust software with the necessary knowledge to perform these functions with performance in mind. IBM Guardium* provides a robust set of capabilities to protect data, assess and recommend changes for security, reduce risk and improve compliance across the data landscape. Guardium for the mainframe includes support for data activity monitoring, data classification for DB2*, data encryption for IMS* and DB2, and more.

Complementing perimeter controls, Guardium data protection is the closest layer of protection to the data and therefore plays a critical role in a holistic information risk and protection strategy. The data activity monitoring capability in Guardium for IMS, DB2 and data sets provides real-time monitoring, alerting and analytics on data access.

Monitoring mainframe data access provides the raw data and the analytics to give you unprecedented insights into the who, what, where and when of data access and privilege management.

Some benefits of activity monitoring include:

  • Instantly alert security operations teams of privileged user access outside of designated timeframes or from approved IP addresses
  • Negative SQL reporting for DB2 to help detect possible SQL injection attacks or the presence of an actor that’s fishing for data. Monitoring negative SQL codes provides value to the application developers and database administrators by uncovering application problems that cause additional overhead on the system.
  • Satisfy compliance reporting requirements (e.g., SOX, PCI DSS, HIPAA, GDPR)
  • Mitigate risks. For example, clients who use Guardium have uncovered operational risks by analyzing activity, such as the user of IDs that are no longer approved for access.
  • Enhanced data protection, including blocking access and quarantining connections while investigation takes place


comments powered by Disqus

Advertisement

Advertisement

2017 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

Application Integration With PCI

The problematic nature of PCI-compliance application integration makes research, analysis and planning important. It can also greatly simplify and reduce the effort involved.

Upgrade Your Mainframe with Operational Business Intelligence

Companies race to transform their businesses by delivering operational insights to their employees

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
Mainframe News Sign Up Today! Past News Letters