IBM Security Guardium Data Protection Reviews

* Quick search

* Ability to define reports based on SQL query, especially when you have complex report criteria.

* Stream audit data to 2 collectors simultaneously.

* GIM passive install. You can connect GIM from Colletor or CM when GIM is running in listening mode.

Can't tell as I did POC only.

* First of all. GUI and user experience needs to be reworked from scratch. Product management console look like from 90's.

* Deployment process is very complicated as you need to now all advanced parameters. Almost not possible to figure out for yourself.

* Central Manager (CM) needs rework to. Some configuration params still needs to be done on collectors locally.

* Agent statistics is not available by default. You have to make a report and still you will not see all information like data interface activity.

* Dynamic datasets is rocket science. To make it work you have to build several additional procedure, which make it extremely fragile.

* Audit data is a single block. if you have several policies you can't purge data for specific policy.

* Collectors requires enormous amounts of resources comparing to other products available on the market.

a month only to evaluate this product

Yes, during the deployment you get nothing out of the box. You have to manually configure everything. Tune parameters for agent, collectors. Agent deployment is very complicated.

Yes, scaling the product might be a tricky task as you have to configure parameters locally or collectors or agents.

Product looks easily scalable.

SMEs that were together with me during the POC were very technical and did understand their product.

n/a for POC

Yes we use Imperva SecureSphere, and still use it as Guardium has failed POC. We were not able to replicate our current deployment and some major issues, Guardium had, prevented us from selecting this product.

It was extremely complex. Without IBM support it would take years for you to setup infrastructure.

Throught the vendor team. These guys were very technical and helped me to understand each steps during the POC

n/a

We haven't talked much about pricing and licencing. But it is not cheap for sure

We haven't chosen this product.

If you have complicated report requirements which involves very specific filtering and/or aggregation. And you have lots of resources in your virtual platform. Then give it a try.

Also I suggest you take a look at other top grade product like Imperva SecureShere. the reduction in resource requirements is 3 times less and it have plenty of nice features out of the box.

Database activity monitoring (DAM)

It can provide the logs for the activities performed by the privileged users across the all databases (MSSQL, DB2, Teradata, Oracle Sybase and many more) which can avoid the internal frauds and keep data secured. It can also alert if any hackers tried to log-in to the databases from failed login alerts.

Some improvements were needed in version 9.6, those are covered in version 10 already. If we face any issues or bugs in the product IBM provides the patch on that.

Since last 4 years I am working on this project and organisation using this sine seven years

There are very less or minimal issues deployment those might be due to the human error , IBM documented the all steps in details for the deployment and they are available on internet.

Yes there was the issue on the high CPU utilisation by Guardium services ,on the database host but IBM has introduce the Guardium service monitoring service(watch dog process) which auto restart the Guardium services when CPU utilisation reach the defined threshold percentage.

If you follow the recommended configuration as per the IBM and correct capacity sizing done there is no issues.

8 out of 10

8 out of 10

NA

Initial setup is very easy to perform . this has only 4 level architecture (Central Manager-->Aggregator-->Collector-->Guardium STAP agent)

we are implementing In-house with help of documents

Little high as compare to other products available in the market but the service provided by vendor is great and there are many additional functionalities as compare to other tools

NA

vast product as there are many features of this product to full fill the customer requirements, and less expertise are the there worldwide.

Database logging and audit functions are the most valuable features. In some fields like banking, it's very important to be aware of the actions of database users, and ensure that those without the permission to access information do not access it.

We succeeded at hardening our customer databases by defining policies for alerting and blocking access to prohibited and restricted data.

I would like to be able to upgrade appliances within major versions without needing to rebuild the appliance. Once, I tried to upgrade a Guardium Appliance from v9.5 to v10 and there was no available patch for that. Therefore, the solution was to back up the appliance data, rebuild the appliance with the v10 image and then restore the data. This procedure is highly risky, because you can lose all the data if the restoration does not succeed. Installing a patch is much easier and there is no data loss risk!

I have used it for 2 years.

I have not encountered any stability issues.

I have not encountered any scalability issues.

Technical support is unsatisfactory. IBM Support failed to provide me with the v9-v10 upgrade patch as it is suggested on a upgrade roadmap technote.

Back when I was a developer, I developed an audit trail module in Java/JEE. Obviously, it was not as sophisticated as Guardium.

Initial setup was straightforward.

Before choosing this product, I did not evaluate other options. We implement exclusively IBM products.

At first, IBM Guardium may seem complicated, but once you learn the basics, it becomes simple to use.

• Database Activity Monitoring: Fulfills the international standard security requirements, such as PCI DSS
• It is very transparent on all of the query access controls of the monitored databases

According to my client, it fulfills the PCI DSS standard requirements that are implemented in his bank.

The graphics are so lame. I am sure that the latest version of Guardium, Version 10, would have improved it perfectly.

I see that they have improved the chart and diagram in the latest version of Guardium. However, there are some limitations on how the chart displays the data for analytic needs.

I am not sure if Guardium has the dashboard design to see the information much better.

I have used it for three years.

We did encounter stability issues. Do not upgrade directly to the latest fix pack unless people have confirmed that it is stable.

There were no scalability issues.

Technical support is always available for you. I suggest the following:

• Call IBM and make a Severity 2 request instead of Severity 3 request.
• Ask them to provide remote access to your system right away.
• Prepare the log files that they usually request.

They have changed the way of licensing. It is no longer according to your core. It is now based on how many servers you use. The price should be way less expensive.

• Monitors database activities of end users who are connected to databases (DBAs and developers)
• Classifies critical objects on the databases
• Discovers databases on your network
• Finds vulnerabilities of your databases
• Blocks critical activities

• Helps us define and monitor critical data in the environment, even when stored in RDBMS, big data, or unstructured files.
• Helps us to pass compliance audits, such as like HIPAA, SOX, and PCI.

The blocking and dynamic data masking features need improvement.

I am working as an IBM partner. We have provided solutions for nearly 50 customers for five years. Most of our customers are banks and telecoms.

IBM Security Guardium is a mature product. Although it needs agents on the server to monitor their database or file traffic, we did not encounter serious issues so far.

IBM has three layers for Guardium support. In critical cases, technical support analyzes the issues very quickly to find a solution.

I did not use another solution before this one.

The setup is straightforward. There is an ISO file that is developed by IBM that contains all of the OS and Guardium application files. All that remains to be done is to configure the post-installation settings.

Licensing is the worst part of the product. This is because IBM uses Processor Value Units (PVUs) to calculate the license. The customers complain about this.

In the latest version of the product, there are four types of licenses:

• DAM (Database Activity Monitoring)
• DAM Advanced
• FAM (File Activity Monitoring)
• FAM Advanced

If you only need database activity monitoring, then DAM is enough.

If you need blocking and masking features, you will need the DAM Advanced license.

I did not evaluate other options. I am an IBM partner.

There are three main steps when implementing a Data Activity Monitor (DAM) solution.

1. Discover and Classify: Find your databases in your environment, and decide which one of them has confidential data that you need to monitor. Classify your data in your database if it includes critical data like personal ID, credit card, or IMEI numbers.
2. Monitor Activities: Monitor all end-user activities while developing your policy rules and critical activities.
3. Block Critical Activities: Define and block critical activities to prevent data leakage.

All the features are useful for the customer and they have many use cases, especially for DB protection.

They have a module called Redaction. For query rewriting, it can protect some data stored in the table by the DB admin to return the masked data, in case he tries to view our customer personal information such as phone numbers,names, account number etc.

In some cases it blocked the bad user from deleting or copying data , For example, in use cases to block creation of the users on the DB without filing forum/ following the company policy.

It provides the customer to help secure the DB, especially for the multi-DB environments. It also provides visibility for the DB activity, secures the customer information in the DB, from any privilege misuse by an insider.

The FAM module needs to be improved. This module is for file activity monitoring and here if IBM would focus on marketing this part, it will be good as the end-user can monitor any configuration file in servers and not only the DB.

I have used this solution for around six years.

Some issues have been experienced but no big issues as such. The solution is 90% stable.

We have not encountered any scalability issues.

I would give the technical support a 9/10.

The setup was very easy. It took us around one day to set it up and running.

You should make sure of the DB size before you buy the product. It is also important to define the requirement very carefully as it could affect the sizing. You should make sure of the monitoring mode that they would like to apply.

We looked at the Oracle and Imperva solutions.

Take care of the scope and the monitoring mode. Also, if the size of the DB is high then do not do it over virtual.

Heterogeneous support for data activity monitoring. I have not been able to find any other product that can monitor as many platforms from one application. Guardium can monitor Windows servers, Linux, Unix, mainframe, and big data environments from one policy. Guardium captures data access activity across networks and local connections.

We now have one go-to application for all data monitoring. This has decreased the number of skills needed and enabled a faster route to compliance. Reporting is automated and activity alerts are routed to the appropriate responders.

While Guardium is great at structured monitoring (DAM), the product is lacking features on the file activity side (FAM). We would also like to see tighter integration with Active Directory and Exchange monitoring.

I have been using Guardium for seven years.

We had some minor issues with earlier versions around agent compatibility. These were solved through support.

Guardium scales easily. Simply add another collector appliance and the system will balance the load across all available appliances.

IBM support has been responsive and we rarely need to escalate.

Previously, we were using home grown scripts and native database tools. The issue with this approach is the need for expertise on every platform and ending up with dozens of tools to manage.

Guardium is an enterprise class product and, with that, does require some training. I would suggest any enterprise looking to implement Guardium to purchase some amount of services. There is an option for Quickstarts. Once you understand how the agents work and have setup the first few, the rest are relatively simple. The real work is aligning your business goals with the Guardium policies you create. We often know we need to monitor a system but are not exactly sure what policy is needed. There has to be collaboration between IT, business owners, and compliance.

Previously, Guardium fell under the IBM PVU license model. This was complicated to license and costly. The new license structure is per server and includes all features. Now we simply count the number of servers to monitor and purchase accordingly.

Besides native database auditing, which is very resource intensive, and homegrown tools, there are not a lot of options out there. The closest competitor is Imperva. Imperva is a close second. We chose Guardium over Imperva based on the ability for greater custom reporting, more platform support, and better integration with other IT tools.

Buy services. You do not need to have services for the entire implementation, but, at a minimum, invest in the Quickstart option to get up and running and to provide knowledge transfer. Once Guardium is installed on a few systems, it is very easy to add and manage.

It captures all data requests regardless of the source and consolidates them for analysis.

The ability to audit across multiple data environments led to a greater understanding of the data traffic and the potential weaknesses in the access controls. This eased the creation of audit trails for customers.

Reporting has always been a weakness, but it has improved across the versions. In early versions, the reporting always seemed like a late add-on, and the graphics were poor. This has improved over the years and the reporting is a lot better now, with greater filtering and display options.

I have used this solution with various clients for ten years.

There were issues with stability of the agent software in previous versions, but it is less of an issue now.

The only issues are when users have not maintained the collection policies or the archiving and aggregation policies correctly. Units can fill up if not maintained and managed.

Over the years, it has changed many times, but the US support is very good.

I have often replaced internal database auditing features with Guardium. The main reason for the switch was to segregate the auditing from the database administrators.

It is very dependent on the environment in which it is being installed. It can be complex if users do not take the time to build their policies carefully.

Take your time. Think about the elements you want to audit. Don't just audit everything. Understand the normal traffic, so you can focus on the abnormal traffic.