"It's the data, stupid." OK, the phrase is not quite catchy enough to become a must-have bumper sticker, but it's a mantra for every organization with sensitive information. Today's article looks at two enterprise security platforms designed to protect corporate data. Guardium focuses on securing the data and actions involving databases, and Symantec's Vontu platform provides data loss prevention on the network, at the endpoint, and in storage devices.
"It's the data, stupid." OK, the phrase is not quite catchy enough to become a must-have bumper sticker, but it's a mantra for every organization with sensitive information. Today's article looks at two enterprise security platforms designed to protect corporate data. Guardium focuses on securing the data and actions involving databases, and Symantec's Vontu platform provides data loss prevention (Compare Data Leak Protection products) on the network, at the endpoint, and in storage devices.
Guardium's technology platform (also called Guardium) safeguards databases and enterprise applications. It uses policy-based controls and anomaly detection to prevent unauthorized activities by potential hackers, privileged insiders, and end users of enterprise databases and applications such as Oracle EBS, PeopleSoft and SAP. All user activities are monitored, including those by privileged users, application users, DBAs accessing databases directly, remote developers, and even batch processes.
Guardium has the ability to monitor for anomalous activities at a very granular level, such as a single transaction by a specific user. The software can initiate responses to specific behaviors if desired. For example, when a particular user attempts to access sensitive tables, he can be sent a pop-up alert telling him his action is forbidden.
The software monitors change control, allowing companies to detect when the database structure or critical data values have been changed without authorization. Guardium helps with database vulnerability assessments to detect potential problems such as misconfigured privileges, missing patches and excessive administrator logins.Guardium creates an audit trail of all database activities, which helps companies verify compliance with regulatory mandates like SOX and HIPAA.
The Guardium platform is sold as an appliance or as software. It supports all major database platforms and database protocols on all major operating systems, as well as all enterprise applications and application server platforms. The appliance sits outside the databases, and because of the non-invasive architecture of the solution, Guardium doesn’t affect or degrade business processes in any way.
While Guardium protects data in databases and applications, Symantec’s Vontu Data Loss Prevention platform covers data at three primary threat points: when it’s moving on the network, such as when a spreadsheet is attached to an outbound e-mail; when it’s at rest in a storage device, including PC hard disks as well as central storage systems; and when it’s being accessed at an endpoint, for example, being copied to a USB thumb drive.
The Vontu Data Loss Prevention platform is “content aware,” meaning it knows what kind of content needs to be protected. Out-of-the-box, the platform knows that data in the form of, say, credit card account numbers and social security numbers should be protected. An administrator can define other types and formats of data to protect. Vontu uses sophisticated detection technology to detect when sensitive content is at risk and can initiate an action in real-time to prevent data loss. For example, the system could detect if an employee is copying confidential financial information to a thumb drive or CD and block that action from completing.
The Vontu product is modular, with a policy engine at the core. On top of that, customers can install any or all of the six products that focus on data loss detection and prevention on the network, the endpoint, or storage.
Vontu has focused on developing a product that is built around relevant business concepts, such as the risk of having certain types of data exposed to the public. A lot of sophisticated content identification technology is built into this platform, but the complexity is hidden from the user.
Symantec Corporation acquired Vontu in November 2007, and the Vontu technology is being integrated into the Symantec enterprise security strategy as time goes by. For example, this technology can feed data compliance information into the Symantec Control Compliance Suite, an enterprise framework for governance, risk and compliance.