The importance of data security and privacy seems obvious especially since its everyday we hear of a data breach in the news. And it gets more challenging as the amount of data increases and the need to access it faster. With the need to protect data so urgent that companies should look at the lowest hanging fruit first such as vulnerability assessments and data classification (know where your sensitive data is) and user access/entitlement reports. Most breaches can be prevented with proper configurations. Regulations such as GDPR and CCPA will driving the enterprise space to adopt more data security technologies like Database Activity Monitoring (DAM) and Data Encryption.
Compliance and Regulations
GDPR and CCPA seems to be on everyone’s mind these days and understandably so. We strongly urge our clients to conduct a data discovery and classification project as soon as possible. Only when you know where your data is, that’s when you’ll be best able to comply with regulations such as GDPR, NYDFS, PCI DSS, HIPAA and SOX.
GDPR Security Requirements
- Manage and implement Security Program Practices such as risk assessment, roles and responsibilities, program effectiveness
- Document Security program – Ongoing monitoring, assessment, evaluation and reporting of security controls and activities
Database Monitoring Solutions
Database activity monitoring (DAM) captures and analyzes database events in near real time, and creates an alert on policy violations.
It is different than any other intrusion detection system or data loss prevention systems because it’s an infosec technology that is wholly database focused. It looks into SQL queries and is able to determine not just look at the specific tables but is able to do a whole lot more such as business process analysis and be able to infer when someone is misusing the database and filters that from normal database activity.
Adaptive Systems Inc is a certified IBM Security business partner and we have a team of Guardium Engineers/Architects/Admins based in the US, Canada and India. We currently provide Guardium professional services and managed services to clients in the financial services, health care and retail/distribution industries. Whether you are looking for an FTE, partial FTE or just a few hours per week, our team can help.
We offer four (4) levels of service:
- IBM Guardium Advisory Services (no-login credentials required)
- Attend weekly database security engineering meetings to understand the gaps
- Architect and engineer IBM Guardium solutions to fill the gaps
- Provide advice on build/fix audit reports
- Health check advise on current IBM Guardium environment
- Advise on policy health and white noise reduction
- IBM Guardium Engineering/Architecture Services
- Attend weekly database security engineering meetings to understand the gaps
- Architect and engineer IBM Guardium solutions to fill the gaps
- Build/fix audit reports
- Conduct health check on current IBM Guardium environment
- Conduct policy health check and white noise reduction
- IBM Guardium Operational Services
- Deploy & Upgrade Collectors, Aggregators and Agents
- Build queries/reports/audit jobs
- Apply patches and troubleshoot issues with appliances/agents/traffic
- Setup various policy and co-related alerts
- IBM Guardium Managed Services
- We work as an extension of your information security team(s) and provide the engineering and operational tasks with well defined SLAs to maintain and mature your IBM Guardium environment as described above.
Please Contact Us to discuss in detail how we can help your organization with IBM Guardium.
User Access Control
New Vulnerabilities are discovered every day; over 20,000 were discovered in 2017 in various OSs, applications, databases, etc.
A process of identifying and qualifying security vulnerabilities in a company’s network and systems provides a risk score for each database and/or file-share folder.
User Access Control and Entitlement Reports (permission visibility) should be reviewed on a monthly basis. Most companies have stale users in AD who have left the company years ago still showing as active.