IBM Guardium

IBM Guardium

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

Hybrid Cloud Data Protection with External-TAP

By Gali Diamant posted Wed May 29, 2019 10:20 AM

  

This is part 2 of our Hybrid Multicloud Data Protection with IBM Security Guardium series. You can read the introduction here.

 
As Guardium’s traditional agent (S-TAP) can’t be installed on a managed DB in the cloud, it was redesigned to run in front of the DB server. External-TAP uses the same mechanisms as S-TAP to provide the full protection offered by Guardium.

 

Data Capturing

 

External-TAP is installed in front of the DB, between the client and the server. Since it is in-line, it provides real time monitoring as all traffic between client and server goes through it. This allows –

  • Near real-time alerting, as events are captured and processed immediately.
  • Implementation of Guardium features such as S-TAP terminate and redaction (in the roadmap). These tools can only be implemented when capturing in-line. 

 

Capabilities and Features

 

External-TAP captures the raw data sent between DB client and server. This gives the Guardium engine full visibility to all information on the channel including failed logins, failed SQL statements and all metadata passed between client and server.

 

Architecture

 

The basic External-TAP deployment is comprised of two or more Docker instances and a load balancer. A provided script will guide you through the installation process.

Note: the load balancer is not part of the Guardium deployment. Depending on the environment you can choose a native Cloud load balancer, an open source load balancer or a commercial one. Guardium provides scripts to help you intgrate with your favorite load balancer.

External Tap architecture

 

TLS support

 

To allow External-TAP to collect encrypted traffic, follow the pre-installation steps –

Use the Guatdium CLI to generate a CSR and have the certificate signed by your preferred CA (it can also be self-signed).

Once signed, import the certificate to Guardium. It will be sent to External-TAP and will be used for monitoring encrypted traffic.

 

High Availability and Fault Tolerance

 

To eliminate a single point of failure, follow these guidelines -

  • Install at least 2 External-TAP docker images. Follow Guardium’s recommendations to deploy the correct number of images based on your Database size.
  • Use more than one VM to install the instances, for better tolerance.

 

More information about External-Tap can be found at the IBM Knowledge center.

 

 

 

 



#Guardium
0 comments
27 views

Permalink

https://community.ibm.com/community/user/blogs/gali-diamant1/2019/05/29/hybrid-cloud-data-protection-with-external-tap