Proactive EarlyThreat Detection and Securing Oracle Database with IBM QRadar, IBM Security Guardium Data Protection, and IBM Copy Services Manager by using IBM FlashSystem Safeguarded Copy

An IBM Redpaper publication

thumbnail 

Published on 29 July 2022, updated 09 August 2022

  1. .EPUB (1.0 MB)
  2. .PDF (5.4 MB)

Apple BooksGoogle Play Books
Share this page:   

ISBN-10: 0738460710
ISBN-13: 9780738460710
IBM Form #: REDP-5686-00


Authors: Shashank Shingornikar and Raninder Ravi Bhandari

    menu icon

    Abstract

    This IBM® blueprint publication focuses on early threat detection within a database environment by using IBM Security Guardium® Data Protection and IBM QRadar®. It also highlights how to proactively start a cyber resilience workflow in response to a cyberattack or potential malicious user actions.

    The workflow that is presented here uses IBM Copy Services Manager as orchestration software to start IBM FlashSystem® Safeguarded Copy functions. The Safeguarded Copy creates an immutable copy of the data in an air-gapped form on the same IBM FlashSystem for isolation and eventual quick recovery.

    This document describes how to enable and forward Oracle database user activities (by using IBM Security Guardium Data Protection) and IBM FlashSystem audit logs by using IBM FlashSystem to IBM QRadar.

    This document also describes how to create various rules to determine a threat, and configure and launch a suitable response to the detected threat in IBM QRadar.

    The document also outlines the steps that are involved to create a Scheduled Task by using IBM Copy Services Manager with various actions.

    Table of Contents

    About this document

    Executive summary

    Scope

    Introduction

    IBM FlashSystem Safeguarded Copy function

    IBM Security Guardium Data Protection

    IBM Copy Service Manager

    IBM QRadar Security Intelligence Platform

    Prerequisites

    Solution overview

    Control path use cases

    Lab setup

    Brute force login attack on database or operating system

    Summary

     

    Others who read this also read