IBM Security Guardium Data Protection Reviews

The main features are database activity monitoring and firewall feature blocking.

I'm working as a consultant for security products. I'm not a user of this product. Guardium is helping customers to get insights into who is accessing company data, when they are doing it, and from which location.

Guardium can block malicious connections to the databases. For example, if someone is accessing sensitive data in a production database during non-working hours, Guardium can block this connection.

I would like to see a better GUI. IBM is working on GUI improvements with every new release.

I have used this solution for five years.

I did not encounter any issues with stability.

The system is scalable.

Technical support is fast and responsive. The typical response time is less than two hours.

The initial setup is relatively simple. It depends on how many collectors and aggregators are in the setup and the number of databases included in the monitoring solution.

After the initial setup, the level of complexity depends on the customer’s needs.

Ask for a PoC project and then decide.

It’s available as a hardware appliance as well as software. This provides flexibility as to how you want to deploy the tool.

It can automatically locate DBs, as well as discover and classify sensitive data.

Data Activity Monitor covers what appears to be every DB imaginable, even data warehouses and file shares.

It allows administrators to enforce trigger alerts built around predefined policies, so that any access to sensitive data can be tracked and blocked if necessary.

It helped control excessive administrator rights to databases and automated the compliance auditing process.

It located/discovered unknown databases and the sensitive data that existed in those databases.

There was a slight performance tax on the system and load balancing could be better. We would also like more robust reporting.

I have used Guardium for six months.

Once it was installed and implemented, it seemed to be a very stable product.

This is definitely a scalable product. You can build out a basic stand-alone architecture with one collector all the way to enterprise wide architecture that covers multiple datacenters and continents.

I never interacted with tech support.

No previous or different solution was used.

If I remember correctly, the setup was a bit complex; not so much the installation, but a lot of tweaking and tuning of policies, setting up traffic filters, whitelisting the traffic, and so on.

I was not privy to this information.

I wasn’t part of the evaluation for the tool.

Try to have a dedicated team. There are a lot of moving parts and you need take a hands-on approach. It doesn’t come configured out of the box.

The Data Activity Monitor is the most valuable feature of this product.

It has the capability to capture database queries and is using policies to feed SIEM tools for deeper correlation and for analysis of cyber security concerns on monitored databases.

It provides our organization with an integrated and tamper-proof audit of logged data to ensure that the database activities are checked and operating according to the industrial best practices.

The maintenance and support aspects of the product need improvement.

Probably, it should be more related to the product patching method. Even though the support service was great, the resolution doesn't comes quick enough to address the client's issue. We understand those resolutions only exist in the next patch version after quality testing. However, till that release comes out, we have to suffer in silence with the bug issues.

I have used this solution for around two and half years.

We have encountered issues with stability.

We have encountered issues with scalability.

I would give the technical support a 7/10 rating.

We were not using any other product prior to this one.

The setup was not straightforward. There was some level of complexity in setting it up.

Ensure what you want to protect, since it is charged as per the database instances.

We evaluated a couple of other options.

I would not like to discuss this much as it affects the other companies' image and integrity. The competitive products have their own good and bad.

You need to know what you want to protect very well.

• Detailed and customizable reports with real-time alerts for the full vision of database/files activity.
• Versatile rules for access control in real-time including blocking, masking, etc.: These rules are really helpful to fulfill enterprise security specifications. With them, you could divide roles, creating safe access zones; manage credentials; and access rules. The rules are easy to develop and customize.

• UI: Version 10 of Guardium was introduced with a new UI that was completely redesigned. Some fast-access functions and options are not easy to find in the new UI.
• Real-time masking is a bit simple and doesn't allow you to create complex masking rules.

I have about one year of hands-on experience.

I have not encountered any stability issues.

I have not encountered any scalability issues.

Technical support is 9/10. I participated in communication with tech support only once.

I did not previously use a different solution.

Initial setup is straightforward. All the commands are simple to understand. The installation guide is simple and comprehensive.

Before choosing this product, I evaluated Imperva products.

This product could by easily used with other security products; for example, SIEM products such as IBM QRadar and ArcSight.

The database activity monitoring and firewall features of Guardium address our database security requirements. The combination of policies, alerts, baselines, reports, and query rewrite functions are easy to use and provide enough room for customization.

It provides us more visibility and control of our business functions. The query rewrite and redaction functions also provide flexible/dynamic control of our data, which is indeed helpful for complex scenarios.

The backend database requires improvement for faster searching. This makes it easier for analysts to investigate older data.

I have been using Guardium since mid-2013.

I did not encounter any major stability issues in the last three years, except a couple of minor issues with S-TAP agents.

The solution is easily scalable.

I mostly get quick support although I did not encounter any complex error yet. I rate technical support at 7/10.

The installation and configuration of a collector is simple and straightforward. The ease of deployment is dependent on whether you choose agent-based monitoring or network traffic, SPAN-based monitoring.

The Guardium licensing is based on PVU and as a result, the solution became a bit costly. I am not aware of the licensing and pricing model of its competitors. But if the focus is pricing, then one can consider other options as well.

We were considering DbProtect but at that time, DbProtect had no support for Teradata.

If you have enough budget for database security, you must evaluate this product for your use cases.

For us, the most valuable features are the auditing capabilities and the Guardium inspection engine. The GIM (Guardium Installation Manager) makes it easy to manage the S-TAP agent. You can enable/disable, install and upgrade remotely with no need for the system administrator.

DB user profiling is something that should be part of Guardium auditing systems.

Also, reporting is not user friendly as compared to other tools. Moreover, for each report, you have to create an audit policy to create the report. It should be policy-based.

We have been using Guardium for 2 years.

We did experiences a few system crashes.

Technical support is very good.

The initial setup was complex.

We also looked at McAfee and Fortinet.

I would consider IBM brand value.

I mainly use this solution to monitor the activity happening in the database.

The most valuable features are the modules, discovery classification, and vulnerability assessment. The reporting side is also very, very good, especially its flexibility which allows you to tailor the reports to whatever information you want. It also has the advantage of architectural data collection from the database.

An improvement would be to make the pricing relative in terms of regions. In the next release, IBM should incorporate more AI capabilities to better detect vulnerabilities.

I've been using Guardium for four years.

Guardium is a stable system.

You can scale Guardium up and down according to your needs.

IBM's technical support is very good.

Positive

The initial setup will be straightforward for those with technical experience but may be more challenging for less experienced users.

Guardium's pricing is quite high, but it gives good value for money for all sizes of enterprises, especially for partners.

I would give Guardium a rating of eight out of ten.