Database Security with IBM Guardium
Database protection at the enterprise level is a complex task. The issues include access control, encryption, malware detection, traffic monitoring, application security, and more. IBM’s Security Guardium provides multiple tools to prevent database breaches. It is available on dedicated hardware appliances, or it can be deployed on an enterprise’s own hardware or a cloud service. The typical company using Guardium has over 10,000 employees and
correspondingly large data management systems.
Large-scale data repositories spread out over multiple servers, sometimes even over multiple clouds. They’re often on NoSQL databases, which are less structured than relational databases. Guardium provides a comprehensive approach which covers all the cases, protecting against external and internal threats.
Vulnerability assessment: Identifying risk areas before anyone exploits them makes databases safer. Guardium looks for unpatched software and checks for configuration weaknesses. It identifies sensitive data fields, based on user-provided templates. It generates a report recommending actions based on what it finds. The recommendations may include disabling default accounts, limiting privileges, and applying patches.
Compliance: The EU’s GDPR has imposed new requirements on data privacy and retention. Fines for violations can run into the millions. The IBM Security Guardium Analyzer is a tool for assessing GDPR compliance risks. It may be extended in the future to cover other regulatory frameworks.
Monitoring and data protection: Guardium monitors databases for suspicious traffic. It learns normal user behavior patterns and uses cognitive analytics to spot and report abnormal ones. Its real-time security enforcement can block access from accounts that may be compromised or from rogue IP addresses.
Big Data: Non-relational databases such as MongoDB and Cassandra handle large collections of data, with less structuring then SQL databases. Guardium treats them with the same thoroughness it gives to relational databases. Guardium includes extensive support for Hadoop, which Big Data collections often rely.
Administrators can manage Guardium for all of an enterprise’s data through a single console. They can identify sensitive data and set security policies directly from the console. By setting up a centralized audit repository, they can review and analyze all the security issues which Guardium detects and create reports, even if the enterprise has tens of thousands of databases.
They can use GuardAPI to control Guardium from the command line or create scripts. A command in a script can include an encrypted parameter, so that scripts can be stored safely. Guardium logs all commands that it executes, aiding in auditing security activity.
Another alternative is to use the REST API to create applications that automate Guardium activities. An application can generate periodic reports, set up custom alerts, and streamline the addition and removal of users. OAuth2 protocols are built in to ensure that only authorized users can issue requests.
Guardium includes powerful user management capabilities. Administrators can define database users and assign roles. The users can be members of groups or inherit rights hierarchically.
Manually searching raw security logs for signs of trouble is unrealistic. Dynamic graphic views are available to better visualize activity over time. This helps to spot bursts of activity and identify its sources. It can make the start of an attack plainly visible. For example, if one user starts attempting to access all the company’s databases, that will stand out in the display.
Then it’s possible to take remedial action before the attack does any damage.
Guardium Data Protection is available in Express and standard versions. Express Data Protection for Databases is an entry-level package which relies on preset configurations. The standard version is more configurable and covers more types of data, including data warehouses and files.
Guardium places an emphasis on scalability and flexibility, making it suitable for protecting the largest and most complex databases. It can handle highly heterogeneous environments. These considerations make it one of the most popular choices for protecting enterprise databases.