The Complexity Challenge
A core responsibility of the IT security organization is to protect the business from internal and external threats.? But the threat environment is constantly changing—and enterprise application and database environments are particularly challenging to secure because their functionality and complexity are constantly increasing.
In particular:
| ˙ |
DBMS systems are rich and complex systems incorporating hundreds of millions of lines of code.? Over the past 25+ years, DBMS vendors have continuously added functionality to their systems.? Today’s DBMS’ run virtual machines (Java within the database), offer Web services from within the database, link heterogeneous distributed repositories into one virtual store, and run XML and full procedural languages such as PL/SQL.? The many new DBMS features and services have brought numerous new vulnerabilities and the potential for misconfiguration and misuse |
| ˙ |
Web applications have transformed and improved the ways companies do business but have also left the database more exposed.? The exposure exists because the application which uses the data now caters to a much wider audience and because users are not limited to inside employees. Attackers now have a direct pipe—through the application, past perimeter defenses—into the database |
| ˙ |
There is an imbalance in many organizations between the sophistication with which organizations run their businesses and the knowledge, skills, and processes required to secure their underlying business systems.? Most organizations utilize DBAs to manage the database (the lifeblood of any application) and ensure availability, performance, and correctness. However, what percentage of a DBA’s time is devoted to data security?? How much does the average information security professional know about databases?? Finally, can these professionals address the complexity of modern, distributed data management in heterogeneous environments and secure it through robust technology and processes? |
Addressing the Vulnerability Management Lifecycle
Guardium provides the only solution that enables enterprises to go beyond vulnerability reporting to address the entire vulnerability management lifecycle, including assessing business risk, supporting mitigation activities and streamlining compliance reporting and oversight processes.? In particular, Guardium allows you to rapidly:
Pinpoint database vulnerabilities
Missing patches, misconfigured privileges, default accounts, and weak passwords create enormous risk.? Guardium incorporates an extensive library of assessment tests, based on industry best practices, to flag these and other static vulnerabilities.? It also identifies dynamic or behavioral vulnerabilities—such as sharing of administration accounts and excessive administrator logins—by monitoring actual user activity over time.? Finally, it includes embedded knowledge about enterprise applications such as Oracle EBS and SAP, to protect critical tables reserved for these applications (an essential control for SOX).? A quarterly subscription service ensures that assessment tests are always up to date.
Prioritize remediation activities—based on business risk
Guardium automatically locates and classifies sensitive data such as credit card numbers in corporate databases, and analyzes baseline behavior to understand how and when line-of-business applications are accessing vulnerable databases.? Risk assessment is crucial for prioritizing remediation, since most organizations do not have sufficient resources to patch all vulnerable systems at the same time.
Protect unpatched systems with real-time controls
Vulnerable systems can take 3-6 months to patch. Guardium’s solution protects databases before and after they’re patched, through database activity monitoring and signature-based policies, along with preventive controls such as real-time alerts, automated account lockouts and blocking.? Policies and activity baselining can also protect against application vulnerabilities such as SQL injection and buffer overflow.
Harden databases
Once vulnerable systems have been repaired using recommendations provided by the assessment tests, organizations need to ensure that only authorized changes are made.? Guardium’s Configuration Audit System (CAS) prevents unauthorized changes to databases once a secure configuration baseline has been established.
Document and streamline compliance
Auditors want to know that incidents are being tracked and resolved in a timely manner.? Guardium’s incident management and Compliance Workflow Automation modules allow you to track progress on the remediation of vulnerable systems and automate compliance report distribution, electronic sign-offs and escalations. |
