- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
The CIO-level business angle on the latest tech
"It's the data, stupid." OK, the phrase is not quite catchy enough to become a must-have bumper sticker, but it's a mantra for every organization with sensitive information. Today's article looks at two enterprise security platforms designed to protect corporate data. Guardium focuses on securing the data and actions involving databases, and Symantec's Vontu platform provides data loss prevention (Compare Data Leak Protection products) on the network, at the endpoint, and in storage devices.
Guardium's technology platform (also called Guardium) safeguards databases and enterprise applications. It uses policy-based controls and anomaly detection to prevent unauthorized activities by potential hackers, privileged insiders, and end users of enterprise databases and applications such as Oracle EBS, PeopleSoft and SAP. All user activities are monitored, including those by privileged users, application users, DBAs accessing databases directly, remote developers, and even batch processes.
Guardium has the ability to monitor for anomalous activities at a very granular level, such as a single transaction by a specific user. The software can initiate responses to specific behaviors if desired. For example, when a particular user attempts to access sensitive tables, he can be sent a pop-up alert telling him his action is forbidden.
The software monitors change control, allowing companies to detect when the database structure or critical data values have
been changed without authorization. Guardium helps with database vulnerability assessments to detect potential problems such
as misconfigured privileges, missing patches and excessive administrator logins.
Guardium creates an audit trail of all database activities, which helps companies verify compliance with regulatory mandates like SOX and HIPAA.
The Guardium platform is sold as an appliance or as software. It supports all major database platforms and database protocols on all major operating systems, as well as all enterprise applications and application server platforms. The appliance sits outside the databases, and because of the non-invasive architecture of the solution, Guardium doesn’t affect or degrade business processes in any way.
While Guardium protects data in databases and applications, Symantec’s Vontu Data Loss Prevention platform covers data at three primary threat points: when it’s moving on the network, such as when a spreadsheet is attached to an outbound e-mail; when it’s at rest in a storage device, including PC hard disks as well as central storage systems; and when it’s being accessed at an endpoint, for example, being copied to a USB thumb drive.
The Vontu Data Loss Prevention platform is “content aware,” meaning it knows what kind of content needs to be protected. Out-of-the-box, the platform knows that data in the form of, say, credit card account numbers and social security numbers should be protected. An administrator can define other types and formats of data to protect. Vontu uses sophisticated detection technology to detect when sensitive content is at risk and can initiate an action in real-time to prevent data loss. For example, the system could detect if an employee is copying confidential financial information to a thumb drive or CD and block that action from completing.