Guardium Hosts Database Security and Compliance Seminar Series Featuring Leading Data Protection Experts

Business Wire,  April 29, 2008  

• E-mail
• Print
• Link

Experts to Highlight Data Privacy, Governance and Compliance Essentials

WALTHAM, Mass. -- Guardium, the database security company, will host a three-city spring seminar series on "Best Practices for Database Security & Compliance," featuring a Gartner analyst and Guardium's CTO. Starting May 6 in New York, the seminars will educate C-level executives and day-to-day IT security and database professionals on the latest technology to safeguard enterprise data and automate compliance controls. The events are produced by the publisher of SearchSecurity.com and Information Security Magazine.

Attendees will receive strategic and tactical recommendations on how to effectively protect sensitive data stored in corporate databases such as financial/ERP information, credit card data, personally identifiable information (PII) and intellectual property. Gartner will highlight how to mitigate risk and tighten internal controls while reducing costs to comply with Sarbanes Oxley (SOX), the Payment Card Industry Data Security Standard (PCI-DSS) and data privacy laws.

The featured keynote Gartner speaker is Jeffery Wheatman, who has 13 years of information security experience, including 9 years consulting for Fortune 500 and Global 200 organizations in financial services, insurance, healthcare, pharmaceuticals and media. According to Wheatman, "Although there have been improvements in DBMS [database management system] security options, organizations struggle to secure established DBMSs that were not designed with effective security controls" ("Take Six Steps to Secure Your Databases," by Jeffrey Wheatman, October 2007). Gartner also recommends that organizations "implement database activity monitoring (DAM) functionality to mitigate the high levels of risk resulting from database vulnerabilities and to address audit findings in such areas as database segregation of duties (SOD) and change management" ("DAM Technology Provides Monitoring and Analytics With Less Overhead," by Mark Nicolett and Jeffrey Wheatman, November 2007).

Guardium's keynote presenter, CTO Ron Bennatan, brings more than 20 years of experience developing enterprise applications and security technology for blue-chip companies such as Merrill Lynch, J.P. Morgan, Intel, and AT&T Bell Laboratories. An IBM Gold consultant, he architected the industry's first real-time database security and auditing solution. Bennatan holds a Ph.D. in distributed computing and has authored 10 technical books, including the definitive guide Implementing Database Security and Auditing (Elsevier Digital Press, 2005).

The series is targeted to professionals involved with IT security, risk management and compliance, corporate governance and privacy, database administration and enterprise application architectures. Presentations will focus on saving time and money via centralized policies, automated reporting and oversight processes, standardization of controls across multiple compliance initiatives, and a risk-oriented approach to identifying key controls. Specific takeaways include:

* Tips/tactics to protect sensitive information within data centers

* Implementing granular DBMS auditing without the overhead of native logging

* Monitoring privileged users and enforcing separation of duties

* Providing granular access controls for sensitive data

* Enforcing change controls with real-time security alerts

* Protecting against external attacks such as SQL injection

* Preventing fraud with application monitoring for Oracle EBS, PeopleSoft, Siebel, SAP, etc.

* Automating change reconciliation with BMC Remedy and other change management systems

* Creating a centralized, cross-platform audit repository

* Automating compliance oversight workflows (sign-offs, escalations, etc.)

* Practical alternatives to field-level encryption for PCI-DSS

* Comparison to complementary technologies such as security information and event management (SIEM) and data leakage protection (DLP)

* Case study examples, with ROI models

[TABLE OMITTED]

About Guardium

Guardium, the database security company, delivers the most widely-used solution for ensuring the integrity of enterprise information and preventing information leaks from the data center.

The company's enterprise security platform is now installed in more than 350 data centers worldwide, including more than 60 Global 500 and Fortune 1000 companies in all major industries. Customers include 3 of the top 4 global banks; one of the world's largest PC manufacturers; a global soft drink brand; a top 3 global retailer; and a leading supplier of business intelligence software. The company has partnerships with Oracle, Microsoft, IBM, Sybase, BMC, EMC, RSA, Accenture, NetApp, McAfee, ArcSight and NEON, with Cisco as a strategic investor, and is a member of IBM's prestigious Data Governance Council and the PCI Security Standards Council.

Founded in 2002, Guardium was the first company to address the core data security gap by delivering a scalable enterprise platform that protects databases in real-time and automates the entire compliance auditing process.