1. Introduce
Vietnam Joint Stock Commercial Bank for Industry and Trade (Vietinbank) is one of the largest commercial banks in Vietnam and plays a significant role as a pillar in the Vietnamese banking industry. Over the years, Vietinbank has continuously grown its customer base, both in terms of corporate and individual customers. Not only operating domestically, but Vietinbank is also the first bank to have branches operating in Europe. With its extensive operations, Vietinbank handles millions of financial transactions every day. Therefore, Vietinbank places great importance on investing in Information Technology infrastructure to support its banking activities, following a specific strategy and clear roadmap.
2. Request
In order to enhance information security, specifically strengthening the security of critical databases, VietinBank sets specific objectives to equip its Information and Communication Technology (ICT) systems with the capability to meet the following requirements:
- Database activity monitoring: Collect, analyze, and monitor real-time actions on the secured databases.
- Detect and prevent unauthorized intrusions into the databases from unauthorized sources/channels, and detect and prevent unauthorized activities on the databases in real-time.
- Prevent data loss and concealment of data through unauthorized and unauthorized access.
- Real-time alerts and reporting assessments in accordance with international standards.
3. Soloution
To meet these objectives, HPT has selected and proposed the IBM InfoSphere Guardium Data Security solution, which offers superior and comprehensive capabilities to ensure the security of VietinBank's data systems. The solution includes the following features:
- Advanced security features: Real-time monitoring of database activities and timely alerts.
- Prevention of unauthorized database access. Prevention of data loss and concealment. Automation of audit processes in compliance with international security standards.
- Review and assessment of security vulnerabilities related to databases.
- Ease of building security policies and conducting post-assessment reporting.
- Support for most popular database systems worldwide, such as Oracle, DB2, Netezza, Informix, MS SQL Server, MySQL, Sybase, etc.
- Support for multi-platform environments, including MS Windows, Sun Solaris, Linux, AIX, HP-UX, Exadata, z/OS, etc.
- The solution operates independently and does not impact the configuration or content of the monitored and protected databases. Flexible deployment options: It can be deployed as an Appliance using pre-installed IBM servers to reduce initial installation efforts and ensure stable performance on dedicated hardware platforms. Alternatively, it can be deployed as a Software Appliance on physical servers with Intel Xeon processors or on VMware ESX virtualization platforms.
- Ensuring data security for VietinBank's internal Financial Management System (Oracle EBS) and Card System (Tranzware).
In addition, the IBM Guardium solution can integrate with other systems within VietinBank to enhance the effectiveness of centralized security monitoring for the entire ICT infrastructure of the bank. It provides timely alerts for any abnormal access to VietinBank's critical database systems.
4. Feature
Monitoring:
- Monitoring user access and activities on the local server without network connections, preventing unauthorized actions directly on the server.
- Tracking access to Store Procedures/Triggers/User-defined objects, such as creation, modification, execution, etc. Monitoring privileged actions using Data Definition Language (DDL) statements, schema changes (Create, Alter, Drop...), account modifications, roles, and privileges (Grant, Revoke).
- Monitoring Data Manipulation Language (DML) statements that modify data content, such as Insert, Update, Delete.
Prevention:
- Real-time monitoring and tracing of activities, identifying the timing and origin of each action.
- Preventing unauthorized access to protected data areas by masking sensitive data from unauthorized objects (programs, administrators).
- Protecting sensitive data leakage in audit reports, monitoring screens, temporary data, solution storage, and system log records.
- Preventing data loss through expressions or patterns.
Reporting and Alerting:
- Aggregating activities occurring in the database.
- Reporting user-induced errors on the database.
- Providing details on SQL statements executed within a specific timeframe.
- Reporting parameters and operational statuses of database server components such as CPU usage, throughput, connections per second, and the number of SQL queries to the database.
To meet the deployment requirements, the security policies applied on the IBM Guardium system for VietinBank's critical databases are as follows:
- Recording all user activities on the database system.
- Recording all instances of failed user login attempts to the database system.
- Alerting when a user makes three consecutive incorrect login attempts within a five-minute timeframe.
- Alerting when sensitive data is queried.
- Alerting when there are structural changes to sensitive data tables (using DDL statements).
- Alerting when there are changes to user privileges and database administrator roles (using DCL statements).
- Alerting when there are modifications to the content of sensitive data tables (using DML statements).
6. Benefits
- Ensuring data security helps gain customer trust, enhance the bank's reputation, and strengthen competitiveness in the market.
- Simplifying and automating the process of ensuring the security of enterprise information systems, increasing system security, quickly identifying security vulnerabilities for timely remediation. Compliance with international security standards such as PCI-DSS, SOX.
- Separating user privileges and responsibilities within the system helps minimize external attacks and data loss from within the protected systems without the need to modify applications or data systems.
- Enhancing security for financial and account information, reducing audit and reporting costs. Easy operation, configuration, and modification of security policies, creating post-audit reports. Real-time monitoring and alerting of the system help detect and prevent unauthorized activities on the database system.