IBM Security Guardium Data Protection Reviews

We have implemented it on an industrial network to monitor the production of medicines. This is something that is very controlled by Brazilian regulations and we have to keep an audit trail for this data. Trying to enable it on SQL Server - that was our client's main server - the load would go so high that they couldn't use the application anymore. They are using Guardium now so they can produce that audit trail for audit compliance.

We have integrated IBM Guardium with IBM Watson Curator. They access Curator to identify and correlate other actions the user is doing to determine if this is a legitimate action or not.

In terms of advanced features, our clients are starting to implement it on an order basis so they can get to GDPR and the like; those Accelerators. They also use it a lot for PCI, to get access to credit cards.

Guardium has saved us time and money, mainly on the discovery process and senior management is aware of this, of course.

The Audit Trail.

They could improve the Data Masking a little.

Stability is quite good. We had some problems, but support is very effective so we were able to solve them very quickly.

We had instability with reports, they were giving some errors. I don't know exactly what had happened because I wasn't the one involved, but we couldn't access reports.

Tech support is very good.

We knew we needed to switch because of that problem with the audit trail, that SQL couldn't keep up with what we needed to do for auditing. That's why we had to search for a new solution.

It's very easy.

I would rate it an eight out of 10 because it is very stable; we had some problems but they were solved, and we can do what we need to do.

• Detailed and customizable reports with real-time alerts for the full vision of database/files activity.
• Versatile rules for access control in real-time including blocking, masking, etc.: These rules are really helpful to fulfill enterprise security specifications. With them, you could divide roles, creating safe access zones; manage credentials; and access rules. The rules are easy to develop and customize.

• UI: Version 10 of Guardium was introduced with a new UI that was completely redesigned. Some fast-access functions and options are not easy to find in the new UI.
• Real-time masking is a bit simple and doesn't allow you to create complex masking rules.

I have about one year of hands-on experience.

I have not encountered any stability issues.

I have not encountered any scalability issues.

Technical support is 9/10. I participated in communication with tech support only once.

I did not previously use a different solution.

Initial setup is straightforward. All the commands are simple to understand. The installation guide is simple and comprehensive.

Before choosing this product, I evaluated Imperva products.

This product could by easily used with other security products; for example, SIEM products such as IBM QRadar and ArcSight.

I like Guardium's document protection features.

Guardium's storage capabilities could use some improvement. I'd also like to have some better integration using digital technology or a connector.

Guardium is scalable. I've been able to integrate it with other solutions.

I have initiated tickets for various reasons, and IBM support was very good.

Setting up Guardium was easy and straightforward. 

It's an enterprise license.

I rate IBM Guardium nine out of 10. I would absolutely recommend the solution to others.

We are using IBM Guardium Data Protection for activity monitoring, blocking users,  entitlement for knowing the privilege for users, and Guardium data features.

The solution supports a lot of databases.

I have been using IBM Guardium Data Protection for approximately three years.

IBM Guardium Data Protection is stable.

The solution is scalable.

We have approximately six people using the solution.

The technical support has been very good.

IBM Guardium Data Protection's installation is straightforward and takes a few hours.

We have five people that do the implementation and maintenance of the solution.

The price of the solution could be better.

I would recommend this solution to others.

I rate IBM Guardium Data Protection a nine out of ten.

Guardium is used based on our Manual of Internal Procedures (MPI), and its uses range from creating a rule to generating customized reports. The main use case is the procedure "Investigate Incidents Recorded by Unauthorized Access," with action "notify by electronic message the manager and/or leader of the area."

Improved security through the visibility and control of all access to the databases.

The most valuable feature is using the capture operation mode “S-TAP/K-TAP agent”, because all activities in the database are captured, including direct access to the database server by privileged users. This is useful because, even if the database server logs were deleted, the Guardium Collector has already stored such data to enable traceability of access.

I have already mentioned to IBM that a primary need is to improve the number of records in the reports above 65,535.

Depending on the policy and rules applied, there is a need to increase the minimum requirements (RAM and storage - HD) for better operation and not to experience hardware slowdowns due to the high flow of traffic. IBM brings the "minimums" and "recommendation." From experience in versions 9x and 10x, when installing Guardium, it's important to verify the "recommendation" requirements of IBM for stability. It is worth mentioning that the requirements (minimums or recommendation) are different for Collector and aggregator.

The two major Database Audit and Protection (DAP) solutions are IBM Guardium and Imperva SecureSphere. There are two modes of operation of these solutions: remote agent and sniffer (out-of-band). I recommended using the remote agent to obtain direct access captures on servers. 

Note that in non-mainframe environments, both solutions are scalable. For the mainframe environment, Guardium has updated installation agents with the latest kernels and releases. This makes a big difference in companies with mainframes, so it is necessary to keep the technology pack updated.

Regardless of the mode of operation, when increasing the number of servers monitored it is important to re-evaluate or perform new sizing. The possible number of databases and database servers which can be monitored by Guardium is high. For me, this is a differentiator of IBM.

On a "bad, good, and excellent" scale, I rate it as good.

Initially, there were two solutions to be evaluated: Oracle and Imperva. Oracle DAP was not evaluated because it does not monitor Linux or Windows Server-only environments. 

I evaluated Imperva and got good results. However, there is a delay by Imperva in creating updated agents for Linux and Unix, including for mainframe. For me, this is a problem because it is necessary to always keep the environment up to date. If you update the kernel or release of mainframes and do not have the agent upgraded, the DAP will not monitor.

For those who do not have experience, it is complex. There are several configurations to be made, from the configuration of NTP, IP, Mask, registration of the Collectors in the Central Manager, integration with other tools like storage (backup), LDAP, SIEM, through to the application of the policies and customized rules. Note: There are some pre-set rules that can also be customized.

The price of Guardium is higher than the main competitor, Imperva. In addition, it's complex as the calculation of the licensing is done by Processor Value Unit (PVU).

However, before purchasing a DAP solution, it is important to analyze specific points to evaluate the cost-benefit of each tool. For example: Does the environment to be monitored have mainframes? If so, it's a point for Guardium. If not, a point for Imperva. Note: IBM is looking into a new licensing policy and reducing the price of Guardium.

1. Read important articles related to DAP such as the "2017 Planning Guide for Security and Risk Management."
2. Gather information from the servers (operating system with version and database types with the versions) of the environment to be monitored.
3. Check which DAP solutions can monitor the environment.
4. List the “mandatory requirements” and “non-mandatory requirements.” It is important to have in mind which points will be evaluated.
5. Request PoCs with the main DAP manufacturers (IBM, Imperva, and Oracle).
6. Do the sizing with the topology to get an idea of the requirements and cost of the project.

Database encryption.

• Encryption
• Data activity monitoring
• It has a set of modules.
• I compliment with Optum for a data masking solution.

An integration with Optum. Optum is another solution, but it is a segmenting software, portfolio not security. However, I am selling them together as one solution, Guardium and Optum.

I am dependent on my team for support of this product.

My main solution was Micro Focus voltage data encryption solution, but it was too complicated. 

Encryption is not straightforward, but Guardium made the setup easy for us.

Most important criteria when choosing to partner with a company: I started working with IBM only one year back. When I started a partnership with them, IBM had the security portfolio which covered most of the region where my customers were. IBM has a name with the support along the quality of its products.

The primary use case is security of our data in the bank.

Performance is very good.

Security. This is the main capability that you have in this solution.

In terms of compliance, we need to track users, database logins, and run inquiries. Guardium stores this log information very well. We don't use it for compliance with industry regulations like SOX, PCI or GDPR.

We have integrated Guardium with our database, SQL server, Hadoop, and Oracle Database. The integration is very simple. We just installed the solution and the rest was very simple.

I believe Guardium save us time and money. Upper management is aware of these savings.

It's simple to use and managing the solution. It's very, very good for security and tracking users and databases in the organization.

Stability is very good. I don’t have downtime with this solution.

We used support to configure Guardium with Hadoop only. The support was good. I did not need to escalate this ticket.

The pricing was for a big package, including all IBM products. As such, it was good value.

I don’t know because I am new in this company. I don’t know the history.

When selecting a vendor, I look at the price and the scope of solution.

My advice is to use this solution. For security and compliance it is very, very good.

• Database Activity Monitoring: Fulfills the international standard security requirements, such as PCI DSS
• It is very transparent on all of the query access controls of the monitored databases

According to my client, it fulfills the PCI DSS standard requirements that are implemented in his bank.

The graphics are so lame. I am sure that the latest version of Guardium, Version 10, would have improved it perfectly.

I see that they have improved the chart and diagram in the latest version of Guardium. However, there are some limitations on how the chart displays the data for analytic needs.

I am not sure if Guardium has the dashboard design to see the information much better.

I have used it for three years.

We did encounter stability issues. Do not upgrade directly to the latest fix pack unless people have confirmed that it is stable.

There were no scalability issues.

Technical support is always available for you. I suggest the following:

• Call IBM and make a Severity 2 request instead of Severity 3 request.
• Ask them to provide remote access to your system right away.
• Prepare the log files that they usually request.

They have changed the way of licensing. It is no longer according to your core. It is now based on how many servers you use. The price should be way less expensive.