IBM Security Guardium Data Protection Reviews

We mostly use Guardium as a data activity monitoring solution (DAM). We also use it to perform vulnerability assessment (VA) for data. We deployed Guardium on a private cloud. It isn't a hardware product. It's all virtual machines.

IBM should add more database security features to Guardium. They could add user profiling, anomaly detection, and machine learning. IBM has user profiling, but they need to strengthen it. It should make sense for the users. It should remove most of the false positives.

Anomaly detection would help. Let's say you had a thousand anomalies and 990 are false positives. Who will take care of this? People will simply ignore all 1,000. They need to improve a lot in this area. They're coming out with a new product called Guardium Insights. It will be able to store more data, and its algorithm will be stronger. That will probably fix all my concerns. They have yet to release the beta version.

I have been with this company for the last two years, and they have been using Guardium for five years or six years. However, I more than 10 years of experience with the product. I started using it in 2010.

The scalability and stability are excellent. 

IBM support is good. They're very responsive. 

Setting up Guardium is straightforward. The time needed for deployment depends on the number of databases you're onboarding. It could take two or three months for a hundred databases. However, it might take much longer if you have thousands. It doesn't require much maintenance if you deploy and monitor it correctly. You need to do a lot of maintenance if not. 

We deployed Guardium ourselves because we know the website.

The cost depends on the number of databases. You can purchase advanced licenses, but the standard license is calculated based on the number of databases you have to onboard.

I rate Guardium nine out of 10 overall. I rate Guardium 10 out of 10 for data activity monitoring and nine for vulnerability assessment. It's easy to implement and does its job. But I would rate it seven out of 10 in terms of advanced features.

My advice to prospective users is to have a proper source to deploy it in your environment, or you're wasting money. The second thing is to know precisely what you want from Guardium. Is it DAM, VA, or are you going further? In terms of security posture, those lines should be clear.

To keep track of client information, index security risks, and other information needed at a moments notice. IBM Guardium performs transparent encryption and decryption provides on the fly encryption without needing to be indoctrinated into lengthy training to use it. 

Efficiency is key and IBM Guardium provides information in a heartbeat, but protects the data with military grade encryption. IBM Guardium is used for file and database security for protecting structured and unstructured data. Security policy enforcement of policy-based encryption and centralized encryption key management allows us to maintain data in a secure environment.

IBM Guardium provides a unified key management system to help simplify encryption key management. In a large organization, this is a critical feature and IBM went above and beyond while developing the software. 

Personally, I would like to see IBM Guardium have other encryption algorithms employed, such as DES/3DES or TripleDES, Twofish, Blowfish, or IDEA. I especially would like to see Twofish used, since it is a block cipher designed by Counterpane Labs. It was one of the five Advanced Encryption Standard (AES) finalists and is unpatented and open source.

No, IBM Guardium is well designed and compatible with Windows-based computers.  

I have not had nor do I know of any such issues. I believe the design of IBM Guardium is perfect for small to large scale settings, and does not reduce accessibility to content with on the fly encryption.

No, IBM Guardium was already in use. 

Unknown, since I was not involved with the purchase. 

I would suggest to review the type of data, need for security, and if the organizational structure needs the options IBM Guardium provides. 

No, there was no need to. 

Put simply, human error is often the downfall of computer security. When using IBM Guardium, or any encryption software for that matter, use common sense: Encrypt data when not in use, watch where you enter in passwords (not at Starbucks in view of security cameras that can be retrieved by an adversary, or the person next to you), and watch out not to inadvertently install spyware while clicking on a random link. 

IBM Guardium Data Protection is used not just for protecting data, but also for vulnerability protection. We use it to monitor our active users, activity, and databases, to look at the kind of commands users do on the databases.

We also use the solution to restrict unauthorized users from accessing the databases. Apart from restricting unauthorized users from accessing these databases, we also need to have the stability to add the database, then switch to another database.

We can also turn on the blocking feature of IBM Guardium Data Protection to ensure that some IPs are unable to connect to some databases.

I like IBM Guardium Data Protection because of its good performance. The resources aren't used up to the detriment of the application. It's robust, and we don't really have any serious downtime on it. The support for the application is also okay.

An area for improvement in IBM Guardium Data Protection is automation. I would want it to be more automated, as it runs too much on manual processes. More processes should be automated on the application.

For example: I want a learning environment where IBM Guardium Data Protection can learn the behavior of an environment, e.g. it should be more intelligent, because there is no intelligence yet on the application. It should be able to learn, e.g. you cannot try to block IBM Guardium Data Protection, in general. This is what I want to see: I want to be able to block it, in general.

I want the application to be able to learn, and learn from the environment. IBM should try to bring in more of e-learning to the application. That's another thing that's missing.

What I'd like to see in the next release of IBM Guardium Data Protection is for them to make resources available for the end users to be able to do a self-study, to understand more deeply how the environment works. Having user guides so people can learn more on what the application can do, about its operations, etc. I would like them to occasionally give users tips, e.g. how to do something, how to make your work easy, etc. This is how they can add value, in particular give more value for money, as they give valuable tips, just like how Microsoft does it, for example: "You can use IBM Guardium Data Protection to do this", then they should explain how to do it.

We've been using IBM Guardium Data Protection for two years.

IBM Guardium Data Protection is a stable application.

IBM Guardium Data Protection is a scalable application.

IBM Guardium Data Protection support is okay. Their response time is fine. They have very competent technicians, and their response is high-level.

The setup for IBM Guardium Data Protection was not that complicated. It was easy.

We evaluated Imperva.

We use IBM Guardium Data Protection for our databases. I can't remember the version we're currently using.

I don't think IBM Guardium Data Protection charges you based on the number of users, e.g. they charge based on the number of licenses, and it's either on a per-license or a per-data basis, so I cannot give the number of users currently using the application.

Increasing the usage of IBM Guardium Data Protection depends on the budget. Nobody wants to increase costs, but costs are increasing, so I don't think we plan on increasing usage for the application.

For the deployment of the application, we have the OEM and our technical team in charge.

I'm giving IBM Guardium Data Protection a rating of nine out of ten.

We are resellers of this solution and IBM partners. I'm a manager of security solutions.

Data encryption is a good feature and I also like the data masking functions. This is a technically strong solution.

The only downside is that the deployment is complex and requires special expertise to deploy.

We've been using this solution for seven years. 

In terms of stability, this is one of the top solutions. Our customers are happy with it.

The solution is scalable; scalability depends on the number of databases more than number of users. Accounts can be expanded without any impact on performance. 

IBM do a good job in terms of technical support.  

Positive

The deployment requires trained people because it's complex. It's better to go with the vendor for implementation because they are specialized.  

I recommend this solution and rate it nine out of 10. 

We are using the data protection module to look after the PML queries of our Oracle admin accounts. I'm the chief information security officer at a financial institution. 

The vulnerability assessment is a valuable feature for us. 

I've found that the backup and recovery is very resource-hungry and requires a huge amount of available storage capacity along with other components, such as processing the RAM. We have a need for 200 GB of data to restore. Reporting needs to be improved as does integration capability with the other DBs. From a technical perspective, reporting is good but not from the management perspective. Due to the legacy application, there is sometimes another version of the DB that is not supported and requires a restart which is a very technical aspect of running applications.

I've been using this solution for 18 months. 

The solution is stable. 

The solution is scalable

The support is not as good as it should be, and when it comes to backup or restoration activity, they can take months to respond. 

The deployment is not complex and we currently have four users of this product.

Licensing costs are higher than other solutions on the market. It's part of our concern and one of the reasons we are discontinuing the use of this solution. 

I don't feel that our local partners are fully equipped with the technical knowledge of the product. Whenever we need support that requires technical expertise, we go to the IBM support portal. As a result, we experience time delays in terms of support and it would be helpful if the local partner improved their knowledge. The other option would be for IBM to provide some management training for the on-prem engineers. 

I rate the solution five out of 10. 

We are monitoring about 1500 or more applications, we have 150 million customers and their PHI/PII data in the repository. We have to protect that data. That is a big challenge because it's a vast environment that we have to protect. That is one of the prime use cases which caused us to select this product.

Initially, we had some challenges, but as we talked with IBM and they provided some good support on it, now we are evolving pretty well. Certainly, everything is not perfect yet, but we are moving into that direction. We are far better than we were two years back.

We use Guardium to support security initiatives and compliance policies within the organization. For example, an audit comes in once every three months or six months. In that case they ask specific questions and they say, "Hey, just check the box if you are doing this stuff or not," and we are providing them all the evidence that we have collected through Guardium.

It helps comply with industry regulations. It's basically the same thing. If somebody wants to know if we are protecting their data or not and, if yes, how? And they ask us to present the definitions of what we are doing, we just go and get the reports that are required. Let's say for a particular application, it says "This database was down last night, who did it, and how?" we provide all that kind of information.

The solution has definitely saved us time, because if you want to monitor this kind of vast environment of different products, it's going to take a lot of time. Let's say one database server has 100 database instances running on it; I don't need to install 100 data instances, I just need to install on the one database server and that will cover all of my instances on that particular database. 

In terms of saving money, today, if you want to monitor and protect your environment, you have to spend money. So, that's not a question.

In terms of advanced features, we are using the Database Activity Monitoring and the Vulnerability Assessment as well. Now we are thinking of using the GDPR because that's going to be a compliance as well. So some but not all of them.

Initially it did not have support external applications like, say, Tableau, ServiceNow, Remedy, and the like. They have started growing into it, but I would like to have more and more integration with outside applications. So that, let's say my one of my application owners has Tableau and wants to directly report on that; if I can just pick and see that report with one click, that would help.

It's stable. When I used this product back in 2007 it was challenging, but now it's it's stable.

The scalability is not that easy to use because, you need a lot of knowledge about it, on data security; basically you need to know where your sensitive data is. We tried to use Guardium for that, to find out with the Discovery feature, but it didn't work, because we had a lot of irregular data. We found it ourselves, but Guardium is protecting it; so that's good for us.

I would say eight and a half out of 10. I've been in this Guardium stuff for the last 10 to 11 years. I have worked with IBM throughout that time. It has improved, but still it is eight and a half out of 10.

It was pretty straightforward.

I would definitely recommend it. It's easy to use and it can save a lot of headaches, by just implementing it and being able to ask at the time of audit. When it comes to audits, every company wants to be safe.

Our primary use case would be for compliance reporting: DBA activity monitoring for SOX regulations.

It has performed fairly well. There are issues here and there, but it is the only product on the market that can do this job. It is the industry leader in database security.

It has improved the way our organization functions. It has automated a bunch of manual tasks, giving us insights into activities that we would not otherwise be able to capture.

We use it to support our top two security initiatives. We have one large project that is focused around locating our sensitive data elements and we have used the discovery agent to do just that. Then, we also have another stream in that project towards monitoring these sensitive data stores, so we use some of the Guardium monitoring features and alerting features to monitor these sensitive databases.

We use it for our SOX compliance reporting. We have it integrated with LDAP and Active Directory. We are looking to integrate it further with Splunk and a change management system. 

The integration process is challenging: 

• Pulling from the Active Directory and LDAP is not bad once you figure it out. Typically, customers need to work with IBM support to do this. 
• For the Splunk integration, we are in process of doing this. We have been working with Splunk to pull the data out. 
• For the change management piece, we have not really started this yet.

Some of its reporting capabilities. Guardium does a great job of capturing data and having the ability of trying to pull it out and make sense of it. Using it for business applications is its biggest capability. 

We use many of the advanced features. We are one of the more advanced Guardium clients, thus we use features, such as custom tables and the ability to import custom data. We have used some of the data discovery pieces before, along with the classification builder. Therefore, we are pretty strong power users in the product.

We have been looking into Guardium Big Data Intelligence and seeing if it makes sense for our organization.

Overall testing and quality need improvement. It is fairly buggy at times, so it feels like it could use additional staff on the product, testing and trying it out.

I would like to see a lot of additional reporting and analytics features. They have basic outlier detection, but I would love to see that go further, and model it after analytics tools like Splunk. If the product could integrate with Splunk, or mimic it, it would provide a lot of value. 

Stability is average. There are frequently new issues with releases. As long as you stay a version or two behind, you are pretty stable. However, we have had some issues with patches breaking things unexpectedly in our environments.

Scalability is very good. You could easily throw it onto a VM or add additional hardware. One central manager supports about a hundred managed units, so scalability is excellent.

We frequently use technical support. We have some arrangements made with them, but our support is generally pretty good for smaller issues. For larger issues, we would like a bit more communication from them. Therefore, when there is a known product bugs, known fixes, or known issues, it would be great if they made those a little easier to find or published them at all. That would save us a lot of time and effort.

We invested in Guardium because of regulatory compliance issues. Guardium is the only product in the market that could meet these needs. 

I was not involved in the initial setup.

Guardium has not saved us time or money. Senior management is aware of this.

If you are researching this type of solution, work with IBM.

Only Guardium.

Most important criteria when selecting a vendor: 

1. The ability to meet requirements.
2. Costing
3. Scalability and market share.

We use it for activity monitoring and vulnerability assessments.

The features I like are the robust policies, which allow us to create customized monitoring based on specific activities. 

Also, the dynamic encryption and masking functionality is interesting. And the vulnerability assessment feature is comprehensive; we can scan for specific vulnerabilities.

The main issue I have with IBM Security Guardium Data Protection is the support. It's not good.  They're slow, and they don't seem to resolve issues effectively. We have an ongoing problem that they haven't been able to fix.

We had an issue with the setup that we've been trying to resolve. The reports are not coming out the way I want them to.

I'm not enjoying the support. They don't always resolve issues, and sometimes logged cases seem to disappear. The support is not good for me. They should resolve issues as they're escalated.

It's stable. However, it does require a lot of resources. 

I would rate the stability a six out of ten. 

The solution itself is straightforward. The implementation was fine.

We set up the central manager, the archive, agents on the database servers, and S-TAPs on the collectors. Then, we configured policies and reports.

I would recommend using it. It is good for database protection. 

The product itself is good, but the support is lacking. I'd rate it a seven out of ten.