IBM Security Guardium Data Protection Reviews

Database activity management to ensure compliance audit regulations. It is also to manage risk. It is performing well, but we have a large journey to go.

Previously, we had no monitoring for our databases. Now, we have the ability to  begin to understand how people, applications, and service accounts are interacting with data to better protect it.

We use IBM Guardium to support security initiatives and compliance policies.

We have integrated IBM Guardium with QRadar.

Being able to go back to see what people are touching, and when they are touching it, then look at the risk of who is touching what and how they are touching the data. This will give us a better understanding of how people interact with our data. 

We do not use many of the advance features, but we will soon. We are looking at Sensitive Data and User Behavior Analytics.

It will not go as fast as you want. 

We are about 50 to 60 percent there. A lot of that has to do with us implementing it a little better, and redesigning what we thought would be their protection. We need to do a bit more efficient architecture, as some things are coming down the pipeline for the roadmap of the product.

The scalability is not an issue, though it is not the easiest thing to scale. However, I seen the coming roadmap, where the scalability will be easier.

I would rate technical support as fair. Unfortunately, it takes time to figure out an answer to our issues, because they are unique, not just a standard answer.

It is very complex.

Pushing agents and tabs seems pretty standard from a technical perspective. Once you start interacting with people's databases, they get very hesitant. Then, the amount of social tasks to socialize the solution ensuring people are comfortable with it became a much heavier lift.

There are a lot of things that could be better, but it is performing pretty well.

Take your time and learn each step. Make sure that you understand each step, because if you miss something, it will come back. Then, you have to circle back and figure it out anyway.

Most important criteria when selecting a vendor:

• Price
• Support
• Reliability in the marketplace
• Integration with other systems.

We are monitoring about 1500 or more applications, we have 150 million customers and their PHI/PII data in the repository. We have to protect that data. That is a big challenge because it's a vast environment that we have to protect. That is one of the prime use cases which caused us to select this product.

Initially, we had some challenges, but as we talked with IBM and they provided some good support on it, now we are evolving pretty well. Certainly, everything is not perfect yet, but we are moving into that direction. We are far better than we were two years back.

We use Guardium to support security initiatives and compliance policies within the organization. For example, an audit comes in once every three months or six months. In that case they ask specific questions and they say, "Hey, just check the box if you are doing this stuff or not," and we are providing them all the evidence that we have collected through Guardium.

It helps comply with industry regulations. It's basically the same thing. If somebody wants to know if we are protecting their data or not and, if yes, how? And they ask us to present the definitions of what we are doing, we just go and get the reports that are required. Let's say for a particular application, it says "This database was down last night, who did it, and how?" we provide all that kind of information.

The solution has definitely saved us time, because if you want to monitor this kind of vast environment of different products, it's going to take a lot of time. Let's say one database server has 100 database instances running on it; I don't need to install 100 data instances, I just need to install on the one database server and that will cover all of my instances on that particular database. 

In terms of saving money, today, if you want to monitor and protect your environment, you have to spend money. So, that's not a question.

In terms of advanced features, we are using the Database Activity Monitoring and the Vulnerability Assessment as well. Now we are thinking of using the GDPR because that's going to be a compliance as well. So some but not all of them.

Initially it did not have support external applications like, say, Tableau, ServiceNow, Remedy, and the like. They have started growing into it, but I would like to have more and more integration with outside applications. So that, let's say my one of my application owners has Tableau and wants to directly report on that; if I can just pick and see that report with one click, that would help.

It's stable. When I used this product back in 2007 it was challenging, but now it's it's stable.

The scalability is not that easy to use because, you need a lot of knowledge about it, on data security; basically you need to know where your sensitive data is. We tried to use Guardium for that, to find out with the Discovery feature, but it didn't work, because we had a lot of irregular data. We found it ourselves, but Guardium is protecting it; so that's good for us.

I would say eight and a half out of 10. I've been in this Guardium stuff for the last 10 to 11 years. I have worked with IBM throughout that time. It has improved, but still it is eight and a half out of 10.

It was pretty straightforward.

I would definitely recommend it. It's easy to use and it can save a lot of headaches, by just implementing it and being able to ask at the time of audit. When it comes to audits, every company wants to be safe.

Database monitoring. At the moment, we are using it to do a lot of data discovery from a data classification for structured data.

Its ability to find data. Once I find data, I can leverage it to perform specific select statements against PII data and do smarter controls rather than monitoring the entire database. 

My only negative thing on Guardium would be it is too smart. I am struggling getting through to social. In an ideal world, I would be able to populate every US zip code and have Guardium find the number, then identify it as a zip code. Right now, I have to pull it down and compare it.

It is a stable product. We just finished upgrading to version 10, and had no issues with the upgrade. We are excited about working with the newest version.

It should meet our need going forward as it is a huge product. We have scanned 7000 SQL databases and 1500 Oracle Databases.

We have a strong partnership with IBM. Their tech support is very knowledgeable.

The initial setup was before me.

We are doing what we call a reboot of the product. We are calling it the Guardium reboot project. We are starting back with the classifications to understand what controls we are implementing, thus stepping back to step forward. We are doing this because in the beginning we moved forward by getting everything monitored without being smart about what data was monitored.

We implemented the most recent upgrade in-house.

Most important criteria when selecting a vendor: At the end of the day, it would have to be the support and relationship. There are a lot of smart people out there building products which do things. However, not everyone can use them, and without having someone to call, it is sort of its own disadvantage. 

• Database access monitoring
• Vulnerability assessment
• PCI compliance
• SOX compliance
• GDPR compliance 

• It provides us regulatory compliance proof and evidence for audit. 
• It allows us to find bad actors. 
• It allows us to find people who are doing stupid things, and do it without the intervention and loss of data integrity of the people that we are monitoring manipulating the data.

We have integrate IBM Guardium with ArcSight and Splunk.

The ability to collect the data without database administrators being able to modify it.

• There are some GUI improvements that I have provided to development already.
• Performance and the ability to use resources could be improved. 
• The ability for Central Managers to talk to one another could be improved. I have 26 Central Managers and 26 silos which are independent.
• Some of the data handling or data recording could be improved. We are doing it with external software, components, etc. 

For the most part, it is stable. Depends on the year.

It has scaled. It was pulling teeth, but it does scale. 

We taught IBM about the limits of the product. They did not think there were limits to the product. There were, because we do very extensive testing of performance. We can tell you when a product is going to break. Their development thought this was valuable because they do not have the facilities to do this sort of extensive testing.

Technical support is very knowledgeable now. 

At one time, they were horrible since they were blue washed. After the blue wash and a couple of years on the honeymoon, then they have gotten considerably better. They have had problems understanding that they do not know as much about the company's environment as the employee does. This will result in them downgrading tickets, and they will just do it on the fly. This is not a good thing because they do not understand the issue. This may not look like a sub 1 ticket to IBM support, but it is.

We went in and tested it. We continually test everything that is in the industry. Guardium has significantly gone past the mark of acceptable every single time, as compared to their other competitors.

Overall, it is a very solid product. 

Database activity monitoring.

It performs its job quite well.

We use Guardium to support security initiatives and compliance policies such as  APCI, SOX, GDPR, pretty much everything.

We are in the process of integrating Guardium with a couple of systems including IDSM.

It does save us time and money. I can't quantify it in terms of money, but it has been very difficult to analyze all the network traffic somewhere else. Guardium provides that feature, it's heuristic. So we have rule-based algorithms in place to take care of that.

The ability to do its job properly, database activity monitoring for insider threat. That's primarily why we use it and it does a good job.

Among the advanced features, we use Vulnerability Assessments. We are in the process of using Discovery Classification as well.

We have made a list of RFIs. There are features like end-to-end and S-TAP mapping, and the ability to install policies for your configuration builder. They're not there, but we'd like to see them in the next version.

Stability has improved with the newer versions.

It scales well. The newer versions scale very well compared to the earlier versions.

They're brilliant. 

I was not involved in the initial setup, my manager was. But I have been involved with the latest versions. Initially, from 32-bit to 64-bit was a nightmare, but the latest 64-bit versions are pretty straightforward.

When selecting a vendor, what's important for us is 

• how quickly they can provide customer support
• scalability
• reliability
• dependency.

Overall, I'd rate it at eight out of 10. It could be a 10, however there are few features, like the ones I mentioned, that are still a work in progress.

Regarding advice to a colleague, determine what your business needs are. If your business needs are similar to the ones Guardium solves then you should go for it. The implementation is seamless, the requirements are straightforward, and it's easy to use the product.

Database activity monitoring.

Its performance is good, most of the time.

The benefit is that it's made database monitoring more visible to the business, creating more conversations about how we should do it better. So it's increased the visibility and discussion.

It also helps us with GDPR and SOX compliance and just looking at specific policies around; protecting sensitive data. 

We haven't integrated it with other systems we use.

In terms of saving us time and money, I'm not sure if Guardium does. I know we spend more time and money to cover monitoring, this is something we didn't do before, so I think it's more about the capabilities it's given us.

The architecture and the robustness of the data it produces.

Regarding advanced features, I'm using enforcement in the policies. In the future I would like to do more classification. 

More cloud support. 

For the most part, it's pretty stable. We've had some issues recently that we're working through, on the agent software that runs on the databases.

The scalability is good.

I would say tech support is about a seven out of 10.

It can be complex. The documentation is in so many different locations, and a lot of times we have to leverage support and higher level resources to figure out the right steps to take.

Our most important criteria when selecting a vendor are stability and architecture.

I rate this solution a nine out of 10 because there are a few things I'm working through that I would like to see improved, mostly around the stability on the agent software side, working with the database vendors.

Regarding advice, I would recommend you use it and that you try to leverage IBM's support and services as much as possible to help get through the initial installation and configuration.

We have implemented it on an industrial network to monitor the production of medicines. This is something that is very controlled by Brazilian regulations and we have to keep an audit trail for this data. Trying to enable it on SQL Server - that was our client's main server - the load would go so high that they couldn't use the application anymore. They are using Guardium now so they can produce that audit trail for audit compliance.

We have integrated IBM Guardium with IBM Watson Curator. They access Curator to identify and correlate other actions the user is doing to determine if this is a legitimate action or not.

In terms of advanced features, our clients are starting to implement it on an order basis so they can get to GDPR and the like; those Accelerators. They also use it a lot for PCI, to get access to credit cards.

Guardium has saved us time and money, mainly on the discovery process and senior management is aware of this, of course.

The Audit Trail.

They could improve the Data Masking a little.

Stability is quite good. We had some problems, but support is very effective so we were able to solve them very quickly.

We had instability with reports, they were giving some errors. I don't know exactly what had happened because I wasn't the one involved, but we couldn't access reports.

Tech support is very good.

We knew we needed to switch because of that problem with the audit trail, that SQL couldn't keep up with what we needed to do for auditing. That's why we had to search for a new solution.

It's very easy.

I would rate it an eight out of 10 because it is very stable; we had some problems but they were solved, and we can do what we need to do.

To provide cyber security for databases.

It has performed very well.

It has made us more responsive and more productive, more efficient.

We use Guardium to support security initiatives and compliance policies. We are in the healthcare world, so it helps us with HIPAA compliance. It has also helped us with PCI. We haven't gone with GDPR.

We have not yet integrated Guardium with other systems we use.

It has saved us time and money by definitely making us more productive. Senior management is aware of this.

It provides a comprehensive security for databases, both on-prem and on the cloud.

Among the advanced features we use automatic backups, DR. We'd like to implement more predictive, using Watson.

More predictive, using Watson AI would be good.

It's very stable.

It's scalable.

We sometimes use technical support from IBM. It has been good, very good.

We were using traditional cyber security stuff. But this is a pretty good product. We became an IBM business partner, we are a cyber security business partner for IBM. We have other products besides Guardium that we are marketing.

The most important criteria when selecting a vendor are their

• stability
• quality
• support.

It was straightforward.

Buy it.