Monday, August 1, 2016

Information Insights Expands Data Security Capabilities


                                               

Information Insights Expands Data Security Capabilities with BTRG Practice Group Acquisition

Through the recent acquisition of the Data Security/ Governance Practice of The Business & Technology Resource Group (BTRG)), Information Insights strengthens the delivery capacity and competency of their Nationally-Recognized Data Security Practice.

August 1, 2016 (Atlanta, GA) – Information Insights, LLC, an IBM Premier Business Partner, is pleased to announce their recent acquisition of BTRG’s Information Governance Practice. BTRG is a leading industry partner, known for providing comprehensive security strategies and data masking.

“The addition of BTRG’s proven Data Security and Information Governance team to our group expands our ability to deliver data security solutions to an expanding client base, in a time when data security is a critical issue for all enterprises. At the same time, the complementary nature of the teams allows Information Insights to maintain a tight focus on delivering excellence in our core competencies and enhances our Guardium Managed Services capability,” said Bill Crawford, Information Insights’ President. “Additional Data Security capabilities let us be very responsive to our clients and our partners. Adding the BTRG team allows us to quickly bring talented resources to bear on time sensitive initiatives, like securing enterprise data assets.”

Information Insights helps clients improve their security posture through robust data security, privacy and encryption strategies and solutions. By joining BTRG with their team, Information Insights increases the delivery capacity and tools at their disposal to help clients advance their data security programs, while at the same time addressing key business challenges around privacy, compliance and scalability.
To learn more about how Information Insights safeguards enterprise data through activity monitoring, encryption and masking of critical IT assets, visit them online at www.infoinsightsllc.com.
____________________________________________________________________________
About Information Insights
Information Insights, LLC, North America’s only Gold Accredited Guardium Partner, is a software solutions provider focused on helping companies improve enterprise data management. With domain expertise in the areas of data security, data privacy and data lifecycle management, Information Insights has the skills and experience required to help clients drive cost reduction and risk mitigation in their enterprise application portfolios.


Friday, April 29, 2016

Don't Ignore More Than You Expect - Notes On Whitelisting Objects in Policies

by John Haldeman, Enterprise Architect

We had a customer using DB2/z that was receiving a lot of events from SYSIBM.SYSDUMMY1. So, they wanted to implement a rule as shown in Figure 1:
Figure 1: Policy Rule to SKIP LOGGING on SYSIBM.SYSDUMMY1 - Click to Enlarge
This seemingly simple and innocuous rule has some unintended consequences. That's what this blog post is all about.

Wednesday, April 20, 2016

Why Outlier Detection Won't Save You

by John Haldeman, Enterprise Architect

Now that it's been out for awhile, I feel like it's time for some hard truths on Guardium Outlier Detection. Before I get into some of it's limitations, I want say that it does indeed work, and it is indeed useful and powerful. This post is meant to serve as a healthy discussion on the practical problems of using it. To be clear, I would rather use the function than not - ie: it provides more value than what it costs to deal with the issues below.

Tuesday, February 2, 2016

Information Insights and jSonar Partner to Optimize IBM Guardium Database Security Solutions

Newly announced partnership combines the experience and knowledge of Information Insights with the SonarG Big Data Platform from jSonar to enable IBM Guardium clients to more fully leverage their Guardium systems while reducing costs and complexity.

February 2, 2016 (Atlanta, GA) – Information Insights, LLC, an IBM Premier Business Partner, is pleased to announce their partnership with jSonar, an industry-leading Big Data technology provider with a deep technical understanding of the IBM Guardium Database Security architecture. The combination of these strengths will enable IBM Guardium customers to accelerate and expand upon the compliance and security benefits of the IBM Guardium system via the next generation SonarG Big Data solution.

Information Insights helps clients improve their security posture through robust data security, privacy and encryption strategies and solutions. By delivering SonarG, Information Insights continues to expand upon the tools at their disposal to help clients advance their data governance programs, while at the same time addressing key business challenges around cost of ownership and scalability.
“Partnering with jSonar to help bring SonarG to market represents a critical opportunity for Information Insights and our Guardium clients,” said Bill Crawford, Information Insights CEO. “jSonar is collaborating with Information Insights and IBM to modernize Guardium implementations and enable clients to realize even greater benefit and value from their Guardium investment.”

"Information Insights has a long and very successful track record in enabling customer success with IBM Guardium DAM," said Ron BenNatan, jSonar Founder, "and we are excited about the opportunity to join forces to help clients optimize their use of IBM Guardium."
SonarG was developed by key technologists from the original Guardium engineering team and merges that knowledge with their next generation Big Data warehousing technology. The resulting solution is specifically built for optimizing Guardium data aggregation, infrastructure and storage, enabling clients to simplify their deployment, extend their data collection and retention policies to a year or longer, while also providing improved access to database activity data for reporting and security analytics.
Information Insights, North America’s only Gold Accredited Guardium Partner, and jSonar will be available to offer further insight into this advanced solution at IBM’s 2016 InterConnect Conference, being held February 21-25, in Las Vegas, Nevada.
____________________________________________________________________________

About Information Insights 
Information Insights, LLC, an IBM Premier Business Partner, is a software solutions provider focused on helping companies improve enterprise data management. With domain expertise in the areas of data security, data privacy and data lifecycle management. Info Insights has the skills and experience required to help clients drive cost reduction and risk mitigation in their enterprise application portfolios.


About jSonar
jSonar is a VC-based company headquartered in Boston, MA, founded by serial entrepreneurs and industry veterans with expertise in the areas of databases, Big Data and Guardium. Their core focus is making Big Data work more easily and efficiently for enterprises. An emphasis on unique technology translates into better experiences and better outcomes for their customers.


Monday, September 7, 2015

Building an LDAP/AD Group Membership Report in Guardium

 by John Haldeman, Practice Lead


Guardium Entitlement Reports are a useful feature that help you determine what privileges have been assigned in your databases. It's primary value is in helping you create standardized reporting for entitlements based on the database catalog information in each database without you having to create custom scripts.

This being said, that's all Guardium does - query the database catalogs of the databases you register and shows you that information. Certain database types, MS SQL Server for instance, may obscure who the end user that has a certain privilege is because the database catalog just has a listing for the groups assigned, not the users in those groups. An example is show in figure 1. A role for a MS SQL Server database is shown to be assigned to a WINDOWS_GROUP. Invariably, the next question becomes: who is in that Windows group, and can I see that information in the same report set and environment I am getting delivered to me anyway rather than having to look up the information in my corporate directory server separately.

Figure 1: A Guardium Entitlement Report showing a role assigned to two groups: TESTDIR\testgroup1 and TESTDIR\testgroup2 - Who are the users in those groups?

Building a report on that group membership is what this post is all about. You should be warned though: Guardium is not very good at this. In this post you will see mechanisms to try and help make this happen but keep in mind that these mechanisms were not originally designed to fulfill this specific use case. So, it may start to feel a little awkward in making this happen.

Tuesday, September 1, 2015

Guardium V10 - Micro Tips #1 - RHEL 6

by John Haldeman, Practice Lead

Everyone by now knows that Guardium V10 has been released. It's an exciting release with a lot of features. I expect to see a lot presented and written on the big features like the new UI, file activity monitoring, query rewrite, and new vulnerability assessment data sources, etc. in the next few months. What I want to take some time to do on this blog is talk about the little features that might not get a lot of attention but can make a difference in the everyday lives of Guardium administrators and practitioners like me. I'll be calling those Micro Tips, and this is the first one.

Since I have just finished deploying a virtual machine in my lab environment for V10, let's talk about the operating system and virtualization (btw, if you want a step by step guide for the installation of Guardium V10 and some things that have changed since V9, this blog post is a great resource. One particularly nice thing is that the imaging process is now completely unattended - no waiting to enter passwords half way through the install process. That is a great decision.)

Guardium V10 got an upgrade in it's OS from RHEL 5 to RHEL 6 (RHEL 6.5 to be exact). Since you never really get to touch the underlying operating system, this might be transparent and not matter to you. That being said, it does actually make a difference for some using VMWare deployments using newer types of virtual adapters. If you want to use paravirtual SCSI adapaters (as described here) and VMXNET3 type virtual network adapters (as described here), you should now be able to do that a lot more easily. Those drivers were included in RHEL6, but not RHEL5 by default.

Note, in the case of VMXNET3 adapters, you could enable them in the past with some awkward additional steps, but now since it is running on RHEL6, it *should* come packaged with a VMXNET3 driver and work out the gate.

Note that I have not confirmed this - my current lab environment doesn't have those options. Theoretically the Guradium organization could have taken the drivers out, but I don't see why they would. I will try and confirm they are in there and update this post.



Saturday, April 25, 2015

Querying Live Guardium Data with Cognos (Without the CSV Exports)

by John Haldeman, Security Practice Lead

This post is all about how to configure Cognos to query Guardium DAM data directly on the appliance. That is without exporting the data to CSV first and then loading it into a database that Cognos can access. How it works is by using a web service that accesses the Guardium REST API and then exposes the resulting Guardium data in an XML format that Cognos accepts. Cognos queries the web service and displays the data.


Architecture for Querying Guardium Data Directly from Cognos