IT Central Station is now PeerSpot: Here's why

IBM Guardium Data Protection OverviewUNIXBusinessApplication

IBM Guardium Data Protection is #1 ranked solution in top Database Security tools and top Data Masking tools. PeerSpot users give IBM Guardium Data Protection an average rating of 8.2 out of 10. IBM Guardium Data Protection is most commonly compared to Imperva SecureSphere Database Security: IBM Guardium Data Protection vs Imperva SecureSphere Database Security. IBM Guardium Data Protection is popular among the large enterprise segment, accounting for 70% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 25% of all views.
IBM Guardium Data Protection Buyer's Guide

Download the IBM Guardium Data Protection Buyer's Guide including reviews and more. Updated: August 2022

What is IBM Guardium Data Protection?

The IBM Security Guardium portfolio empowers organizations to grow their business and prove compliance with smarter data protection capabilities. It provides complete visibility, actionable insights, real time controls and automated compliance workflows throughout the entire data protection journey, to support your most critical data protection needs.

IBM Security Guardium delivers discovery & classification, vulnerability & risk assessments, real-time monitoring & alerting, encryption, advanced analytics and compliance reporting across structured, unstructured, and semi-structured data in on-prem (including mainframe), cloud, and across hybrid cloud environments.

IBM Guardium Data Protection was previously known as InfoSphere Guardium, Guardium, IBM Guardium.

IBM Guardium Data Protection Customers


IBM Guardium Data Protection Video

IBM Guardium Data Protection Pricing Advice

What users are saying about IBM Guardium Data Protection pricing:
  • "For IBM Guardium, licensing is very simple and straightforward. There are no issues I can speak of."
  • "IBM Guardium Data Protection charges you based on the number of users, e.g. based on the number of licenses, and it's either on a per-license or a per-data basis."
  • "Guardium is most suitable for large scale enterprises because the pricing model is better if you are implementing a large number of databases."
  • "Its cost is good. With the new metric of licensing, such as PDO not being available now, customers are expecting a good price for the solution."
  • "The cost depends on the number of databases. You can purchase advanced licenses, but the standard license is calculated based on the number of databases you have to onboard."
  • IBM Guardium Data Protection Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Md Saiful Hyder - PeerSpot reviewer
    AGM, Enterprise Solutions at Omgea Exim Ltd
    MSP
    Top 5Leaderboard
    Better integration options than competitors, with affordable licensing
    Pros and Cons
    • "IBM Guardium Data Protection has better integration options than most of the leading competitors on the market, and the price is always better."
    • "Guardium Data Protection is far better in terms of external integration. But in terms of firewall features, like when you're blocking activities, it's as if Oracle AVDF simply has superior features. This is just from third-party observations, but the users of Oracle AVDF are saying that when it comes to the firewall and protection functionality, they're much more inclined to AVDF."

    What is our primary use case?

    Currently, my customer has 10 different types of databases for their various banking applications and they intend to deploy IBM Guardium Data Protection to secure their database activities. As soon as it is deployed, we're able to get some insights into what is going on with their databases, to help ensure the integrity of their data in the future.

    Two banks are also working on two opportunities with IBM Guardium right now. I believe this is a compliance requirement; nowadays, everyone has to buy database protection. In that case, technically, Oracle will get the added advantage here, because most of the banks are already using Oracle database.

    What is most valuable?

    IBM Guardium Data Protection has better integration options than most of the leading competitors on the market, and the price is always better. 

    What needs improvement?

    One thing I'm always thinking with regard to Guardium Data Protection is that, when compared to Oracle AVDF, Oracle's often got the upper hand when it comes to the standard features. So I believe that needs to be addressed by IBM. 

    Guardium Data Protection is far better in terms of external integration. But in terms of firewall features, like when you're blocking activities, it's as if Oracle AVDF simply has superior features. This is just from third-party observations, but the users of Oracle AVDF are saying that when it comes to the firewall and protection functionality, they're much more inclined to AVDF. Considering the competitive benefits that AVDF is providing compared to Data Protection, I can see that some improvement is required in terms of the firewall-related features.

    Another observation I have is that industry resources are not available to handle this product, and I believe that deployment should be much easier than what we have right now. I'm thinking along the lines of some kind of wizard that makes it easier for users to get started right away. For example, to make it so they can do the deployment easier with drag and drop, etc.

    It has to be more user-friendly so that anybody can deploy it, anybody can adopt it, and anybody can do the configuration. It has to be built in such a way that even if you are not a product expert, whether from IBM or otherwise, or that if you know only Word, then you can still configure it. So they have to offer that flexibility in the product.

    They can hide the complexity by bringing in more GUI elements so that people can more easily get on board. And also they can introduce the knowledge base side by side so that whenever they are using the product, they can quickly check what exactly needs to be configured. You have Redbooks, and Redbooks can help but maybe they can include something extra. While users are installing maybe IBM can put in some guidance, "Okay, if you do this then you configure this and that."

    At the same time, the market has lots of Oracle expertise here. But for IBM, there are no local resources available, and we are highly reliant on external resources. So, I would highly recommend that IBM initiates something like a certification campaign for the end user, as well as for the partner. As a partner, we are trying to do our level best, but I believe it would really benefit users for IBM to come up with some pre-certification campaigns like AWS and Azure do, especially in terms of how they promote their products through learning.

    What I believe is that, in order to establish the product in the market, IBM has to invest in developing resources. IBM need to strategize in such a way that it's not just selling. IBM has to develop the resources within the industry, so that there's more word of mouth; people are now talking about AVDF, because they only know about AVDF.

    For how long have I used the solution?

    I have been working with IBM Guardium Data Protection since last year. 

    Buyer's Guide
    IBM Guardium Data Protection
    August 2022
    Learn what your peers think about IBM Guardium Data Protection. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
    621,548 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    I can say that it's a stable product. 

    What do I think about the scalability of the solution?

    Scalability is no problem. 

    How are customer service and support?

    Support is where the problem is. Since IBM is not in this country, in terms of technical support and also skill sets in the market, there is not much help available to handle Guardium Data Protection. That's where I suggest that IBM should bring marketing people and do some campaigns, like certification campaigns, so that we can have some skilled experts who will develop resources within the industry to promote and support this product.

    How was the initial setup?

    Since it comes as an appliance, it's kind of plug and play. I can't be too precise, but it only takes around two hours to initialize the virtual appliance.

    What's my experience with pricing, setup cost, and licensing?

    For IBM Guardium, licensing is very simple and straightforward. There are no issues I can speak of.

    Regarding the pricing, Guardium's price is always better compared to competitors like Oracle. It's not expensive compared to what the leading competitors are providing and on top of that, the integration options with IBM are also better for the price you pay.

    What other advice do I have?

    I can definitely recommend IBM Guardium and we are going to continue using and promoting it in the future.

    I have been working with IBM for approximately 13 years and I've personally found that IBM products are very useful. However, the problem is that IBM's product stack isn't fully present in this country and there is a clear lack of industry resources, so customers remain unaware of their products and they are not adopting products even though this product is very good. Whenever we are talking about the idea of data protection we talk about IBM's solution, Guardium Data Protection.

    The main problem is that customers often throw questions like, "What about deployment? What about the support? Are we going to get good support from the local team?" They're not bothered about portal support, they talk about the internal market industry resources. That's where we come in. So even though I am recommending IBM, I know some customers will also like Oracle AVDF.

    I would rate IBM Guardium Data Protection an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    PeerSpot user
    AsifIqbal - PeerSpot reviewer
    Chief Information Security Officer at MIB
    Real User
    Top 5Leaderboard
    Very stable with good access but requires better technical support, in addition it required heavy hardware resources in recovery which is a big challenge.
    Pros and Cons
    • "he solution offers trouble-free access."
    • "The technical support is very poor."

    What is our primary use case?

    We primarily use the solution for database access management where they are using DML commands. We use it for compliance and validation. If there's any change in the record, this solution will notify us.

    How has it helped my organization?

    It provide real time alerts and report for the review with senior management.  

    What is most valuable?

    The solution is very good at marking.

    The initial setup is quite easy.

    The solution offers trouble-free access.

    What needs improvement?

    The reporting on the solution is weak. It needs to be improved and enhanced. From a management point of view, it's really important to have reports. They should be offering easily extractable reports that we, as users, can benefit from.

    The technical support is very poor.

    Integrations are difficult to configure upon the initial setup.

    The solution needs to offer data encryption.

    For how long have I used the solution?

    We've been using the solution for the last three and a half years.

    What do I think about the stability of the solution?

    The solution is very stable. We don't seem to experience bugs or glitches. It doesn't crash or freeze.

    What do I think about the scalability of the solution?

    The product's scalability is fine, however, the requirements for scalability make it somewhat limited, as you will need to add hardware resources in order to expand it. Other than that, yes, the scalability is there, and you can use it, but you need to keep in mind that there is hardware that you have to have in place.

    How are customer service and support?

    We haven't been happy with the support. We're always facing issues with integration with one database and we don't get a detailed response. Their help just hasn't been adequate. Our team is now basically working with a local partner for support, however, it's an aspect of the product I'm very unhappy with.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    We didn't previously use a different solution.

    How was the initial setup?

    The initial setup is quite easy. It's not an issue and is very straightforward. That said, teamwork becomes an issue due to the fact that the troubleshooting part is a little bit difficult. We need to have some more insights from IBM to help us along. 

    If you are new to the product, you need to have a more qualified person to assist you with the process, and ultimately we have to engage with technical support. The response is not fast, however. The product is a critical part of our environment, so we need a rapid response from the site to sort out the issue, whatever it might be.

    We have two people currently managing the product.

    You only need one person to deploy the product.

    What about the implementation team?

    We had one person from the vendor come and help us deploy the solution.

    We definitely needed more assistance and have tried to get the help of technical support for some integration issues, however, the response hasn't been fast enough.

    What's my experience with pricing, setup cost, and licensing?

    I'm not sure of the exact cost of the solution, however, I believe the features have separate costs. We have a data protection license and on top of that, we need to buy however many databases we need to monitor everything effectively.

    Which other solutions did I evaluate?

    In the current environment that I'm working in, I did not evaluate other products. However, in the past, I have had to utilize other products.  don't recall what it was exactly, though. The other solution was from McAfee.

    In terms of the ease of access and ease of deployment, IBM Guardium was much easier to deploy. However, in terms of maturity, then definitely that the other product that I used in the past was more mature than the IBM Guardium Products. 

    What other advice do I have?

    We're looking to upgrade the solution soon. I'm not sure which version we are currently using.

    I would recommend others considering the solution to make sure they get local partners who can basically deploy the product. They need to have someone with sound experience. I have found a partner who applies the product often just simply deploys it and they don't have a use case available. They don't have the right experience. You need to choose your partner carefully or be ready to work hard yourself to deploy the product in the best possible way. 

    I would rate the solution seven out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    IBM Guardium Data Protection
    August 2022
    Learn what your peers think about IBM Guardium Data Protection. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
    621,548 professionals have used our research since 2012.
    Peter Arabomen - PeerSpot reviewer
    Security Engineering, Team Lead at Fidelity Bank Plc
    Real User
    Top 5Leaderboard
    Stable and scalable data activity monitoring application, with an easy setup and competent technical support
    Pros and Cons
    • "Easy to set up data activity monitoring solution that provides competent technical support. Scalable, stable, and has good performance."
    • "More automation, user guides, and tips would make this solution better."

    What is our primary use case?

    IBM Guardium Data Protection is used not just for protecting data, but also for vulnerability protection. We use it to monitor our active users, activity, and databases, to look at the kind of commands users do on the databases.

    We also use the solution to restrict unauthorized users from accessing the databases. Apart from restricting unauthorized users from accessing these databases, we also need to have the stability to add the database, then switch to another database.

    We can also turn on the blocking feature of IBM Guardium Data Protection to ensure that some IPs are unable to connect to some databases.

    What is most valuable?

    I like IBM Guardium Data Protection because of its good performance. The resources aren't used up to the detriment of the application. It's robust, and we don't really have any serious downtime on it. The support for the application is also okay.

    What needs improvement?

    An area for improvement in IBM Guardium Data Protection is automation. I would want it to be more automated, as it runs too much on manual processes. More processes should be automated on the application.

    For example: I want a learning environment where IBM Guardium Data Protection can learn the behavior of an environment, e.g. it should be more intelligent, because there is no intelligence yet on the application. It should be able to learn, e.g. you cannot try to block IBM Guardium Data Protection, in general. This is what I want to see: I want to be able to block it, in general.

    I want the application to be able to learn, and learn from the environment. IBM should try to bring in more of e-learning to the application. That's another thing that's missing.

    What I'd like to see in the next release of IBM Guardium Data Protection is for them to make resources available for the end users to be able to do a self-study, to understand more deeply how the environment works. Having user guides so people can learn more on what the application can do, about its operations, etc. I would like them to occasionally give users tips, e.g. how to do something, how to make your work easy, etc. This is how they can add value, in particular give more value for money, as they give valuable tips, just like how Microsoft does it, for example: "You can use IBM Guardium Data Protection to do this", then they should explain how to do it.

    For how long have I used the solution?

    We've been using IBM Guardium Data Protection for two years.

    What do I think about the stability of the solution?

    IBM Guardium Data Protection is a stable application.

    What do I think about the scalability of the solution?

    IBM Guardium Data Protection is a scalable application.

    How are customer service and support?

    IBM Guardium Data Protection support is okay. Their response time is fine. They have very competent technicians, and their response is high-level.

    How was the initial setup?

    The setup for IBM Guardium Data Protection was not that complicated. It was easy.

    Which other solutions did I evaluate?

    We evaluated Imperva.

    What other advice do I have?

    We use IBM Guardium Data Protection for our databases. I can't remember the version we're currently using.

    I don't think IBM Guardium Data Protection charges you based on the number of users, e.g. they charge based on the number of licenses, and it's either on a per-license or a per-data basis, so I cannot give the number of users currently using the application.

    Increasing the usage of IBM Guardium Data Protection depends on the budget. Nobody wants to increase costs, but costs are increasing, so I don't think we plan on increasing usage for the application.

    For the deployment of the application, we have the OEM and our technical team in charge.

    I'm giving IBM Guardium Data Protection a rating of nine out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    CTO at a tech services company with 11-50 employees
    Real User
    Top 20
    Easy to use and has comprehensive monitoring options
    Pros and Cons
    • "The most valuable features have been how easy it is to deploy and use, as well as the comprehensive monitoring options. These are a few things that customers like most about this product."
    • "The analysis part of this product could be improved. It's a very comprehensive product, so the features it has complement customer requirements. But I would like to see more emphasis on analytics, and it would be great if they added machine learning. They already have analysis insights, but a comprehensive analytical feature that's already incorporated into the solution would be very helpful."

    What is our primary use case?

    The primary use case for most of our customers is for monitoring and compliance. It's mostly deployed on-premises and it's a database activity monitoring solution. 

    What is most valuable?

    The most valuable features have been how easy it is to deploy and use, as well as the comprehensive monitoring options. These are a few things that customers like most about this product. 

    What needs improvement?

    The analysis part of this product could be improved. It's a very comprehensive product, so the features it has complement customer requirements. But I would like to see more emphasis on analytics, and it would be great if they added machine learning. They already have analysis insights, but a comprehensive analytical feature that's already incorporated into the solution would be very helpful. 

    For how long have I used the solution?

    I have been working with IBM Guardium for the past 10 years. 

    What do I think about the stability of the solution?

    This solution is stable and reliable. 

    What do I think about the scalability of the solution?

    This solution is scalable. That's one of the missions of this product—it can scale. 

    How are customer service and support?

    I think technical support is generally helpful, but it depends on the situation and the complexity of the problem. Most of the time, we resolve customers' issues ourselves, but technical support is helpful whenever I do require their help. 

    How was the initial setup?

    Most of the time, the deployment process is straightforward. There is a specific process which isn't too complicated or difficult. The amount of maintenance that will be required depends on the deployment. When we set up the solution, we usually try to optimize it so that it requires little maintenance. 

    What about the implementation team?

    My company provides implementation services to customers. 

    What's my experience with pricing, setup cost, and licensing?

    Guardium is most suitable for large scale enterprises because the pricing model is better if you are implementing a large number of databases. It may be suited to medium enterprises, but to a lesser extent. It depends on customer requirements, but it's best suited to large companies because of affordability. 

    Which other solutions did I evaluate?

    I have experience with Oracle Audit Vault and Imperva SecureSphere Database Security, which are the two main competitors. If you compare Guardium with Audit Vault, the main differences are in the deployment model, how they work, and the focus of each product with regard to monitoring. Audit Vault has a different deployment method. Imperva is more similar to Guardium. 

    What other advice do I have?

    If you are looking to implement Guardium, you first need to understand your requirements. The objective of these database and security monitoring solutions is for compliance and auditing. You want a solution that will monitor everything, but the main objective is to monitor the right areas or the key parts of the area that should be monitored. This is the one thing customers should consider before choosing any database or similar solution. 

    We have good relationships with our customers, so whenever they're looking for a solution, we try to partner with them and align them with a product that will meet their needs. Usually when we go with this product, we go with SQL first, then go for integration deployment. Our recommendations are based on customer requirements. Even if it's a good product, it may not be a good fit for the customer. 

    I would rate this product an eight out of ten, just because there's always room for improvement. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Socio Director at RAMDIA
    Real User
    Top 20
    An easy-to-deploy solution with good price, compatibility, stability, and scalability
    Pros and Cons
    • "One of the most valuable features is the accelerator. It has a predefined report for PCI SOX compliance and other compliances."
    • "The most important requirements for us are integration with new database solutions and the ability to manage things like Jailbreak or something like that. Its reduction feature can also be improved. It has a functionality called reduction, which is like masking data, but it is just a replacement of characters. Sometimes the customer needs more than this. It would be good if it was more advanced or complete. We also have a problem with this solution because the IBM aggregator isn't working very well. IBM has created big data intelligence for Guardium, and occasionally, customers need three or four months of data, but they can't run it from the collectors. It can have a better dashboard and more pre-defined use cases for those customers who don't have any idea about data protection or don't have expert personnel in this area. For example, they can include five use cases for banks and five use cases for retail."

    What is our primary use case?

    One of my customers is a company that manages telecommunications in Mexico. It is a very important company, and they use Guardium for compliance purposes. They use it to comply with PCI, for example.

    We have on-premises and cloud deployments. We are currently deploying a customer's environment in Microsoft Azure with SQL Server.

    How has it helped my organization?

    One of our customers uses IBM Security Guardium to discover the production time and to know the transactions about their databases.

    What is most valuable?

    One of the most valuable features is the accelerator. It has a predefined report for PCI SOX compliance and other compliances.

    What needs improvement?

    The most important requirements for us are integration with new database solutions and the ability to manage things like Jailbreak or something like that.

    Its reduction feature can also be improved. It has a functionality called reduction, which is like masking data, but it is just a replacement of characters. Sometimes the customer needs more than this. It would be good if it was more advanced or complete.

    We also have a problem with this solution because the IBM aggregator isn't working very well. IBM has created big data intelligence for Guardium, and occasionally, customers need three or four months of data, but they can't run it from the collectors.

    It can have a better dashboard and more pre-defined use cases for those customers who don't have any idea about data protection or don't have expert personnel in this area. For example, they can include five use cases for banks and five use cases for retail.

    For how long have I used the solution?

    I have been using this solution for eight or nine years. I have been using Guardium before it was bought by IBM.

    What do I think about the stability of the solution?

    Its stability is very good. It is quite available all the time.

    What do I think about the scalability of the solution?

    Its scalability is perfect. In Mexico, we did most of the implementations for medium and large customers. Our company implemented this solution for banks and telecommunication companies.

    How are customer service and technical support?

    IBM's technical support is good, but it can be improved. They can improve the response time for the tickets and the availability for the resolution of the tickets.

    How was the initial setup?

    It is not complex now. Prior to version 11, in general, the console and the environment were not good. They were bad, but they are good in version 11. The deployment duration varies, and complete integration in Windows can take three weeks to two months.

    What's my experience with pricing, setup cost, and licensing?

    Its cost is good. With the new metric of licensing, such as PDO not being available now, customers are expecting a good price for the solution.

    Which other solutions did I evaluate?

    Oracle Vault, Guardium, and Imperva are the three main solutions that clients consider. Easy deployment and good compatibility with all the solutions that customers have gives Guardium an advantage over other solutions.

    What other advice do I have?

    We would recommend this solution to others. It is a good solution at a good price, and your data is invaluable.

    I would rate IBM Guardium Data Protection a nine out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Sr. Network Specialist at a tech services company with 501-1,000 employees
    MSP
    A mature product that identifies abnormal activity on the database
    Pros and Cons
    • "The purpose of EBM Guardium is to monitor database activity and who is accessing it. This is the most valuable feature."
    • "IBM Guardium Data Protection is a mature product. There is a lot of encryption that is not owned by IBM and is done by a third party and is not an integral part of the solution."

    What is our primary use case?

    We are resellers of IBM. Most of the use cases of IBM Guardium are to monitor the database activity. The first is to identify any abnormal activities like trying to access the database or trying to create or delete any scheme on the tables. 

    What is most valuable?

    The purpose of EBM Guardium is to monitor database activity and who is accessing it. This is the most valuable feature.

    We have privileged users, like the DBAs, who are most often the ones accessing the database. We also have web services and application services that talk to the database. With IBM Guardium Data Protection we can see who the previous users were and what web or server actually connected to the data business. 

    Secondly, any changes done by the DBAs are recorded so we know that the DB has changed in the data structure, scheme, or creation of a table or drop of a table. 

    What needs improvement?

    IBM Guardium Data Protection is a mature product. There is a lot of encryption that is not owned by IBM and is done by a third party and is not an integral part of the solution.

    What do I think about the stability of the solution?

    This solution is stable, I don't believe there is another product that is more stable.

    What do I think about the scalability of the solution?

    The solution is part of IP so you can scale it.

    How are customer service and support?

    IBM Guardium Data Protection has one of the best supports out there.

    How was the initial setup?

    The initial setup of IBM Guardium is straightforward. The deployment depends on the organization and types of servers. The only delay is when there are critical data servers that require a planned approach. 

    You can deploy the solution by pushing it through a central aggregator or a collector.

    What about the implementation team?

    We engage a consult to deploy the solution because it is not only installing the solution but also doing a report. 

    The installation requires the involvement of a DBA, but it depends on the number of databases.

    What's my experience with pricing, setup cost, and licensing?

    The licensing is much easier now. It's for IP, it is not part It's not part number of databases of schema, it's for the IP so it's much simpler now.

    What other advice do I have?

    If you are considering IBM Guardian Data Protection you should be aware of your environment. For example, if you are in the banking sector you need to plan very well so it can be scaled accordingly.

    It is important to hire a consultant when installing this solution. They can provide an analysis of what exactly needs to be done. Keep in mind that this is a data access management database, it's not only about data but also about files. 

    I rate this solution a 9 out of 10.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    DBA Dept. Manager at a computer software company with 501-1,000 employees
    Real User
    Top 10
    Flexible, stable, and easy to use
    Pros and Cons
    • "The product has proven to be flexible"
    • "The installation should be a bit easier."

    What is our primary use case?

    We will primarily use the solution for protecting our database. We're still implementing the product. It's not fully in place just yet.

    What is most valuable?

    The solution is easy to use.

    We've found the solution to be very stable.

    The product has proven to be flexible.

    The system, overall, is quite reliable.

    What needs improvement?

    The installation should be a bit easier. It's pretty hard to implement right now.

    The solution is very expensive. It's expected, as IBM is known to be pricey. It would be nice if they could make it cheaper.

    As we are still in the process of implementing the product, it's hard to discuss the features and what might be missing, or could be added. We need more time with the solution to see how it works or what's missing.

    For how long have I used the solution?

    We've only been using the solution for a short time by now. We're in the middle of implementing it. It's likely only been a couple of weeks.

    What do I think about the stability of the solution?

    We have found the stability to be quite good. It doesn't crash or freeze. There are no bugs or glitches. Its performance has been very good so far.

    What do I think about the scalability of the solution?

    The solution is very scalable. If a company needs to expand it, it can do so easily.

    Only the administrators really deal with the solution at this time. There are four of us.

    We did pay for it, therefore we do plan to continue to use it for the foreseeable future.

    How are customer service and technical support?

    Our support is through a third-party service, and not directly through IBM itself.

    It's been very good so far. They are helpful and responsive.

    Which solution did I use previously and why did I switch?

    We did not previously use another solution before choosing this IBM product.

    How was the initial setup?

    The installation is not straightforward at all. In fact, it is very, very complicated. We found the process to be quite difficult to handle. The hardest part is the tuning of the system, to make it work right.

    What's my experience with pricing, setup cost, and licensing?

    The product is expensive, which is what you tend to expect from IBM products. It's not cheap.

    What other advice do I have?

    We may be using version 11 of the product at this time.

    We're still in the process of implementing the solution. It's still quite new to us.

    Right now, I would rate the solution at a nine out of ten, however, I do need more time to really get to know it to evaluate it properly. I likely need another good six months or so with the solution before I can really rate it effectively.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    DevidharsanJ - PeerSpot reviewer
    Information Security Engineering Consultant at Optum
    Consultant
    Top 20
    It's easy to implement at scale and has strong vulnerability assessment features
    Pros and Cons
    • "I rate Guardium 10 out of 10 for data activity monitoring and nine for vulnerability assessment. It's easy to implement and does its job. But I would rate it seven out of 10 in terms of advanced features."
    • "IBM should add more database security features to Guardium. They could add user profiling, anomaly detection, and machine learning. IBM has user profiling, but they need to strengthen it. It should make sense for the users. It should remove most of the false positives."

    What is our primary use case?

    We mostly use Guardium as a data activity monitoring solution (DAM). We also use it to perform vulnerability assessment (VA) for data. We deployed Guardium on a private cloud. It isn't a hardware product. It's all virtual machines.

    What needs improvement?

    IBM should add more database security features to Guardium. They could add user profiling, anomaly detection, and machine learning. IBM has user profiling, but they need to strengthen it. It should make sense for the users. It should remove most of the false positives.

    Anomaly detection would help. Let's say you had a thousand anomalies and 990 are false positives. Who will take care of this? People will simply ignore all 1,000. They need to improve a lot in this area. They're coming out with a new product called Guardium Insights. It will be able to store more data, and its algorithm will be stronger. That will probably fix all my concerns. They have yet to release the beta version.

    For how long have I used the solution?

    I have been with this company for the last two years, and they have been using Guardium for five years or six years. However, I more than 10 years of experience with the product. I started using it in 2010.

    What do I think about the scalability of the solution?

    The scalability and stability are excellent. 

    How are customer service and support?

    IBM support is good. They're very responsive. 

    How was the initial setup?

    Setting up Guardium is straightforward. The time needed for deployment depends on the number of databases you're onboarding. It could take two or three months for a hundred databases. However, it might take much longer if you have thousands. It doesn't require much maintenance if you deploy and monitor it correctly. You need to do a lot of maintenance if not. 

    What about the implementation team?

    We deployed Guardium ourselves because we know the website.

    What's my experience with pricing, setup cost, and licensing?

    The cost depends on the number of databases. You can purchase advanced licenses, but the standard license is calculated based on the number of databases you have to onboard.

    What other advice do I have?

    I rate Guardium nine out of 10 overall. I rate Guardium 10 out of 10 for data activity monitoring and nine for vulnerability assessment. It's easy to implement and does its job. But I would rate it seven out of 10 in terms of advanced features.

    My advice to prospective users is to have a proper source to deploy it in your environment, or you're wasting money. The second thing is to know precisely what you want from Guardium. Is it DAM, VA, or are you going further? In terms of security posture, those lines should be clear.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user