Try our new research platform with insights from 80,000+ expert users
Ile Ristov - PeerSpot reviewer
Sales Manager at InTec System
MSP
Top 10
A powerful tool that can be used for the protection and hardening of databases
Pros and Cons
  • "The most valuable feature of the solution for the customers is the monitoring and full log of the database activity of privileged users."
  • "The solution could be improved for NoSQL databases."

What is our primary use case?

Our customers include financial institutions like banks, insurance companies, and government entities that use IBM Security Guardium Data Protection for the protection and hardening of their databases.

What is most valuable?

The most valuable feature of the solution for the customers is the monitoring and full log of the database activity of privileged users. It includes everything happening on the network and locally on the database server.

What needs improvement?

The solution's pricing should be reduced because it is very high. The solution could be improved for NoSQL databases. From the functionality point of view, the solution has almost everything you need for your database. Overall, the product's functionalities align with the customer's needs.

For how long have I used the solution?

I have been using IBM Security Guardium Data Protection for more than ten years.

Buyer's Guide
IBM Security Guardium Data Protection
June 2025
Learn what your peers think about IBM Security Guardium Data Protection. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
857,688 professionals have used our research since 2012.

What do I think about the stability of the solution?

I rate IBM Security Guardium Data Protection a nine out of ten for stability.

What do I think about the scalability of the solution?

Our clients are mostly enterprise businesses.

I rate IBM Security Guardium Data Protection ten out of ten for scalability.

How are customer service and support?

Technical support is always challenging with IBM, but overall it's okay.

How would you rate customer service and support?

Positive

How was the initial setup?

IBM Security Guardium Data Protection is easy to set up and maintain.

What about the implementation team?

Implementing IBM Security Guardium Data Protection takes up to ten days, but the customization and the customer requirement span from one month to six months.

You need to install the product. It's a virtual appliance or a hardware appliance depending on the implementation. When it's set up, the agent must be deployed. Then you have to set the policy. The policy relies on the outcome that the customer wants in the report regarding what has been done with the database and what has been changed.

What's my experience with pricing, setup cost, and licensing?

The solution's pricing was higher before it was acquired. The policy should be for smaller customers to have SMB pricing and for bigger customers to have bigger pricing.

On a scale from one to ten, where one is low price, and ten is very high price, I rate the solution's pricing a nine out of ten.

What other advice do I have?

It is the only solution that can meet the needs of both internal and external audits. It's a very powerful tool that can solve a lot of audit needs.

Overall, I rate IBM Security Guardium Data Protection ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner

PeerSpot user
AsifIqbal - PeerSpot reviewer
Chief Information Security Officer at a financial services firm with 1,001-5,000 employees
Real User
Resource-hungry requiring a huge amount of storage capacity; good vulnerability assessment feature
Pros and Cons
  • "The vulnerability assessment is a valuable feature."
  • "The backup and recovery is very resource-hungry and requires a huge amount of storage capacity."

What is our primary use case?

We are using the data protection module to look after the PML queries of our Oracle admin accounts. I'm the chief information security officer at a financial institution. 

What is most valuable?

The vulnerability assessment is a valuable feature for us. 

What needs improvement?

I've found that the backup and recovery is very resource-hungry and requires a huge amount of available storage capacity along with other components, such as processing the RAM. We have a need for 200 GB of data to restore. Reporting needs to be improved as does integration capability with the other DBs. From a technical perspective, reporting is good but not from the management perspective. Due to the legacy application, there is sometimes another version of the DB that is not supported and requires a restart which is a very technical aspect of running applications.

For how long have I used the solution?

I've been using this solution for 18 months. 

What do I think about the stability of the solution?

The solution is stable. 

What do I think about the scalability of the solution?

The solution is scalable

How are customer service and support?

The support is not as good as it should be, and when it comes to backup or restoration activity, they can take months to respond. 

How was the initial setup?

The deployment is not complex and we currently have four users of this product.

What's my experience with pricing, setup cost, and licensing?

Licensing costs are higher than other solutions on the market. It's part of our concern and one of the reasons we are discontinuing the use of this solution. 

What other advice do I have?

I don't feel that our local partners are fully equipped with the technical knowledge of the product. Whenever we need support that requires technical expertise, we go to the IBM support portal. As a result, we experience time delays in terms of support and it would be helpful if the local partner improved their knowledge. The other option would be for IBM to provide some management training for the on-prem engineers. 

I rate the solution five out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

PeerSpot user
Buyer's Guide
IBM Security Guardium Data Protection
June 2025
Learn what your peers think about IBM Security Guardium Data Protection. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
857,688 professionals have used our research since 2012.
DevidharsanJ - PeerSpot reviewer
Information Security Engineering Consultant at Optum
Real User
It's easy to implement at scale and has strong vulnerability assessment features
Pros and Cons
  • "I rate Guardium 10 out of 10 for data activity monitoring and nine for vulnerability assessment. It's easy to implement and does its job. But I would rate it seven out of 10 in terms of advanced features."
  • "IBM should add more database security features to Guardium. They could add user profiling, anomaly detection, and machine learning. IBM has user profiling, but they need to strengthen it. It should make sense for the users. It should remove most of the false positives."

What is our primary use case?

We mostly use Guardium as a data activity monitoring solution (DAM). We also use it to perform vulnerability assessment (VA) for data. We deployed Guardium on a private cloud. It isn't a hardware product. It's all virtual machines.

What needs improvement?

IBM should add more database security features to Guardium. They could add user profiling, anomaly detection, and machine learning. IBM has user profiling, but they need to strengthen it. It should make sense for the users. It should remove most of the false positives.

Anomaly detection would help. Let's say you had a thousand anomalies and 990 are false positives. Who will take care of this? People will simply ignore all 1,000. They need to improve a lot in this area. They're coming out with a new product called Guardium Insights. It will be able to store more data, and its algorithm will be stronger. That will probably fix all my concerns. They have yet to release the beta version.

For how long have I used the solution?

I have been with this company for the last two years, and they have been using Guardium for five years or six years. However, I more than 10 years of experience with the product. I started using it in 2010.

What do I think about the scalability of the solution?

The scalability and stability are excellent. 

How are customer service and support?

IBM support is good. They're very responsive. 

How was the initial setup?

Setting up Guardium is straightforward. The time needed for deployment depends on the number of databases you're onboarding. It could take two or three months for a hundred databases. However, it might take much longer if you have thousands. It doesn't require much maintenance if you deploy and monitor it correctly. You need to do a lot of maintenance if not. 

What about the implementation team?

We deployed Guardium ourselves because we know the website.

What's my experience with pricing, setup cost, and licensing?

The cost depends on the number of databases. You can purchase advanced licenses, but the standard license is calculated based on the number of databases you have to onboard.

What other advice do I have?

I rate Guardium nine out of 10 overall. I rate Guardium 10 out of 10 for data activity monitoring and nine for vulnerability assessment. It's easy to implement and does its job. But I would rate it seven out of 10 in terms of advanced features.

My advice to prospective users is to have a proper source to deploy it in your environment, or you're wasting money. The second thing is to know precisely what you want from Guardium. Is it DAM, VA, or are you going further? In terms of security posture, those lines should be clear.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner

PeerSpot user
Peter Arabomen - PeerSpot reviewer
Security Engineering, Team Lead at Fidelity Bank Plc
Real User
Top 5
Stable and scalable data activity monitoring application, with an easy setup and competent technical support
Pros and Cons
  • "Easy to set up data activity monitoring solution that provides competent technical support. Scalable, stable, and has good performance."
  • "More automation, user guides, and tips would make this solution better."

What is our primary use case?

IBM Guardium Data Protection is used not just for protecting data, but also for vulnerability protection. We use it to monitor our active users, activity, and databases, to look at the kind of commands users do on the databases.

We also use the solution to restrict unauthorized users from accessing the databases. Apart from restricting unauthorized users from accessing these databases, we also need to have the stability to add the database, then switch to another database.

We can also turn on the blocking feature of IBM Guardium Data Protection to ensure that some IPs are unable to connect to some databases.

What is most valuable?

I like IBM Guardium Data Protection because of its good performance. The resources aren't used up to the detriment of the application. It's robust, and we don't really have any serious downtime on it. The support for the application is also okay.

What needs improvement?

An area for improvement in IBM Guardium Data Protection is automation. I would want it to be more automated, as it runs too much on manual processes. More processes should be automated on the application.

For example: I want a learning environment where IBM Guardium Data Protection can learn the behavior of an environment, e.g. it should be more intelligent, because there is no intelligence yet on the application. It should be able to learn, e.g. you cannot try to block IBM Guardium Data Protection, in general. This is what I want to see: I want to be able to block it, in general.

I want the application to be able to learn, and learn from the environment. IBM should try to bring in more of e-learning to the application. That's another thing that's missing.

What I'd like to see in the next release of IBM Guardium Data Protection is for them to make resources available for the end users to be able to do a self-study, to understand more deeply how the environment works. Having user guides so people can learn more on what the application can do, about its operations, etc. I would like them to occasionally give users tips, e.g. how to do something, how to make your work easy, etc. This is how they can add value, in particular give more value for money, as they give valuable tips, just like how Microsoft does it, for example: "You can use IBM Guardium Data Protection to do this", then they should explain how to do it.

For how long have I used the solution?

We've been using IBM Guardium Data Protection for two years.

What do I think about the stability of the solution?

IBM Guardium Data Protection is a stable application.

What do I think about the scalability of the solution?

IBM Guardium Data Protection is a scalable application.

How are customer service and support?

IBM Guardium Data Protection support is okay. Their response time is fine. They have very competent technicians, and their response is high-level.

How was the initial setup?

The setup for IBM Guardium Data Protection was not that complicated. It was easy.

Which other solutions did I evaluate?

We evaluated Imperva.

What other advice do I have?

We use IBM Guardium Data Protection for our databases. I can't remember the version we're currently using.

I don't think IBM Guardium Data Protection charges you based on the number of users, e.g. they charge based on the number of licenses, and it's either on a per-license or a per-data basis, so I cannot give the number of users currently using the application.

Increasing the usage of IBM Guardium Data Protection depends on the budget. Nobody wants to increase costs, but costs are increasing, so I don't think we plan on increasing usage for the application.

For the deployment of the application, we have the OEM and our technical team in charge.

I'm giving IBM Guardium Data Protection a rating of nine out of ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

PeerSpot user
Raphael Moore - PeerSpot reviewer
Policy manager at National Grid
Real User
Top 20
Deployment is complex but the tech support is good
Pros and Cons
  • "I think IMB's technical support is good."
  • "Personally, I would not recommend this product."

What is our primary use case?

Our primary use case for IBM Guardium Data Protection is audit logging. We monitor transactions and access particular tables in the database with it. 

What needs improvement?

I would like to see improvements in scalability and easier installation.

For how long have I used the solution?

I have been using IBM Guardium Data Protection for three years. 

What do I think about the scalability of the solution?

Personally, I have not been very involved with IBM Guardium Data Protection for the last couple of years. However, I think we've had some problems scaling it, but I'm not the right person, really, to answer questions about scalability. My understanding is that there has been some frustration with scaling it, but those may be local issues.

How are customer service and support?

I think IMB's technical support is good. 

How was the initial setup?

The installations are complex. They take several days.

What about the implementation team?

We had help from IBM with deployment.

What's my experience with pricing, setup cost, and licensing?

We pay yearly.

Which other solutions did I evaluate?

We initially looked at Oracle's own products, but we had legacy databases so we didn't really have many options. We had old flavors of Oracle in place.

What other advice do I have?

Personally, I would not recommend this product. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

PeerSpot user
reviewer1633014 - PeerSpot reviewer
DBA at a manufacturing company with 10,001+ employees
Real User
Given our use of multiple database technologies, data centralization is a very valuable feature
Pros and Cons
  • "Has a great Big Data Intelligence feature."
  • "Could be more user friendly; deployment is a little complex."

What is our primary use case?

Our primary use case of this product is for privileged database activity monitoring. We are customers of IBM and I'm the DBA.

What is most valuable?

We use the GBDI feature which is very helpful for our needs. The centralization of data is probably the most valuable feature because we span multiple database technologies. 

What needs improvement?

In general, I find the solution a little complicated to use. Another problem is that we have  encrypted traffic on Oracle and it requires a database outage. That's creates problems because you're monitoring critical systems and they don't like outages.

What do I think about the stability of the solution?

The solution has been pretty stable for us. 

What do I think about the scalability of the solution?

Our environment is pretty small for scalability purposes, so scalability is not relevant. In terms of the collectors agency, you can always add them. From that perspective, it's scalable, but it introduces more complexity because the more collectors you have, the more management is required. We don't allow people to connect and use self-service. We produce reports for the application teams from the tool ourselves, which is why we only have around 15 users involved in deployment, maintenance and reporting.

How are customer service and technical support?

The professional services we initially received were really good. Technical support has been okay; it's not outstanding, but it hasn't been too bad either.

How was the initial setup?

The initial setup is quite complex so we used IBM professional services for implementation. We're still in the process of deploying, it's taking a while. That doesn't reflect on the solution; we're very lean with staff and I think that's probably the issue.

What other advice do I have?

If I were choosing a solution now, I would probably look at Imperva and Insights, and go the agentless route, rather than deal with collectors. They still have them with the new system, but they're a little lighter weight. From a manageability perspective, from a scalability perspective, in terms of supporting model databases, they seem to be more viable solutions moving forward.

I rate this solution an eight out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

PeerSpot user
AsifIqbal - PeerSpot reviewer
Chief Information Security Officer at a financial services firm with 1,001-5,000 employees
Real User
Very stable with good access but requires better technical support, in addition it required heavy hardware resources in recovery which is a big challenge.
Pros and Cons
  • "he solution offers trouble-free access."
  • "The technical support is very poor."

What is our primary use case?

We primarily use the solution for database access management where they are using DML commands. We use it for compliance and validation. If there's any change in the record, this solution will notify us.

How has it helped my organization?

It provide real time alerts and report for the review with senior management.  

What is most valuable?

The solution is very good at marking.

The initial setup is quite easy.

The solution offers trouble-free access.

What needs improvement?

The reporting on the solution is weak. It needs to be improved and enhanced. From a management point of view, it's really important to have reports. They should be offering easily extractable reports that we, as users, can benefit from.

The technical support is very poor.

Integrations are difficult to configure upon the initial setup.

The solution needs to offer data encryption.

For how long have I used the solution?

We've been using the solution for the last three and a half years.

What do I think about the stability of the solution?

The solution is very stable. We don't seem to experience bugs or glitches. It doesn't crash or freeze.

What do I think about the scalability of the solution?

The product's scalability is fine, however, the requirements for scalability make it somewhat limited, as you will need to add hardware resources in order to expand it. Other than that, yes, the scalability is there, and you can use it, but you need to keep in mind that there is hardware that you have to have in place.

How are customer service and support?

We haven't been happy with the support. We're always facing issues with integration with one database and we don't get a detailed response. Their help just hasn't been adequate. Our team is now basically working with a local partner for support, however, it's an aspect of the product I'm very unhappy with.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We didn't previously use a different solution.

How was the initial setup?

The initial setup is quite easy. It's not an issue and is very straightforward. That said, teamwork becomes an issue due to the fact that the troubleshooting part is a little bit difficult. We need to have some more insights from IBM to help us along. 

If you are new to the product, you need to have a more qualified person to assist you with the process, and ultimately we have to engage with technical support. The response is not fast, however. The product is a critical part of our environment, so we need a rapid response from the site to sort out the issue, whatever it might be.

We have two people currently managing the product.

You only need one person to deploy the product.

What about the implementation team?

We had one person from the vendor come and help us deploy the solution.

We definitely needed more assistance and have tried to get the help of technical support for some integration issues, however, the response hasn't been fast enough.

What's my experience with pricing, setup cost, and licensing?

I'm not sure of the exact cost of the solution, however, I believe the features have separate costs. We have a data protection license and on top of that, we need to buy however many databases we need to monitor everything effectively.

Which other solutions did I evaluate?

In the current environment that I'm working in, I did not evaluate other products. However, in the past, I have had to utilize other products.  don't recall what it was exactly, though. The other solution was from McAfee.

In terms of the ease of access and ease of deployment, IBM Guardium was much easier to deploy. However, in terms of maturity, then definitely that the other product that I used in the past was more mature than the IBM Guardium Products. 

What other advice do I have?

We're looking to upgrade the solution soon. I'm not sure which version we are currently using.

I would recommend others considering the solution to make sure they get local partners who can basically deploy the product. They need to have someone with sound experience. I have found a partner who applies the product often just simply deploys it and they don't have a use case available. They don't have the right experience. You need to choose your partner carefully or be ready to work hard yourself to deploy the product in the best possible way. 

I would rate the solution seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

PeerSpot user
Sr. Network Specialist at a tech services company with 501-1,000 employees
MSP
A mature product that identifies abnormal activity on the database
Pros and Cons
  • "The purpose of EBM Guardium is to monitor database activity and who is accessing it. This is the most valuable feature."
  • "IBM Guardium Data Protection is a mature product. There is a lot of encryption that is not owned by IBM and is done by a third party and is not an integral part of the solution."

What is our primary use case?

We are resellers of IBM. Most of the use cases of IBM Guardium are to monitor the database activity. The first is to identify any abnormal activities like trying to access the database or trying to create or delete any scheme on the tables. 

What is most valuable?

The purpose of EBM Guardium is to monitor database activity and who is accessing it. This is the most valuable feature.

We have privileged users, like the DBAs, who are most often the ones accessing the database. We also have web services and application services that talk to the database. With IBM Guardium Data Protection we can see who the previous users were and what web or server actually connected to the data business. 

Secondly, any changes done by the DBAs are recorded so we know that the DB has changed in the data structure, scheme, or creation of a table or drop of a table. 

What needs improvement?

IBM Guardium Data Protection is a mature product. There is a lot of encryption that is not owned by IBM and is done by a third party and is not an integral part of the solution.

What do I think about the stability of the solution?

This solution is stable, I don't believe there is another product that is more stable.

What do I think about the scalability of the solution?

The solution is part of IP so you can scale it.

How are customer service and support?

IBM Guardium Data Protection has one of the best supports out there.

How was the initial setup?

The initial setup of IBM Guardium is straightforward. The deployment depends on the organization and types of servers. The only delay is when there are critical data servers that require a planned approach. 

You can deploy the solution by pushing it through a central aggregator or a collector.

What about the implementation team?

We engage a consult to deploy the solution because it is not only installing the solution but also doing a report. 

The installation requires the involvement of a DBA, but it depends on the number of databases.

What's my experience with pricing, setup cost, and licensing?

The licensing is much easier now. It's for IP, it is not part It's not part number of databases of schema, it's for the IP so it's much simpler now.

What other advice do I have?

If you are considering IBM Guardian Data Protection you should be aware of your environment. For example, if you are in the banking sector you need to plan very well so it can be scaled accordingly.

It is important to hire a consultant when installing this solution. They can provide an analysis of what exactly needs to be done. Keep in mind that this is a data access management database, it's not only about data but also about files. 

I rate this solution a 9 out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

PeerSpot user
Buyer's Guide
Download our free IBM Security Guardium Data Protection Report and get advice and tips from experienced pros sharing their opinions.
Updated: June 2025
Product Categories
Database Security
Buyer's Guide
Download our free IBM Security Guardium Data Protection Report and get advice and tips from experienced pros sharing their opinions.