IBM Security Guardium Data Protection Reviews

We are resellers of IBM. Most of the use cases of IBM Guardium are to monitor the database activity. The first is to identify any abnormal activities like trying to access the database or trying to create or delete any scheme on the tables. 

The purpose of EBM Guardium is to monitor database activity and who is accessing it. This is the most valuable feature.

We have privileged users, like the DBAs, who are most often the ones accessing the database. We also have web services and application services that talk to the database. With IBM Guardium Data Protection we can see who the previous users were and what web or server actually connected to the data business. 

Secondly, any changes done by the DBAs are recorded so we know that the DB has changed in the data structure, scheme, or creation of a table or drop of a table. 

IBM Guardium Data Protection is a mature product. There is a lot of encryption that is not owned by IBM and is done by a third party and is not an integral part of the solution.

This solution is stable, I don't believe there is another product that is more stable.

The solution is part of IP so you can scale it.

IBM Guardium Data Protection has one of the best supports out there.

The initial setup of IBM Guardium is straightforward. The deployment depends on the organization and types of servers. The only delay is when there are critical data servers that require a planned approach. 

You can deploy the solution by pushing it through a central aggregator or a collector.

We engage a consult to deploy the solution because it is not only installing the solution but also doing a report. 

The installation requires the involvement of a DBA, but it depends on the number of databases.

The licensing is much easier now. It's for IP, it is not part It's not part number of databases of schema, it's for the IP so it's much simpler now.

If you are considering IBM Guardian Data Protection you should be aware of your environment. For example, if you are in the banking sector you need to plan very well so it can be scaled accordingly.

It is important to hire a consultant when installing this solution. They can provide an analysis of what exactly needs to be done. Keep in mind that this is a data access management database, it's not only about data but also about files. 

I rate this solution a 9 out of 10.

We are monitoring about 1500 or more applications, we have 150 million customers and their PHI/PII data in the repository. We have to protect that data. That is a big challenge because it's a vast environment that we have to protect. That is one of the prime use cases which caused us to select this product.

Initially, we had some challenges, but as we talked with IBM and they provided some good support on it, now we are evolving pretty well. Certainly, everything is not perfect yet, but we are moving into that direction. We are far better than we were two years back.

We use Guardium to support security initiatives and compliance policies within the organization. For example, an audit comes in once every three months or six months. In that case they ask specific questions and they say, "Hey, just check the box if you are doing this stuff or not," and we are providing them all the evidence that we have collected through Guardium.

It helps comply with industry regulations. It's basically the same thing. If somebody wants to know if we are protecting their data or not and, if yes, how? And they ask us to present the definitions of what we are doing, we just go and get the reports that are required. Let's say for a particular application, it says "This database was down last night, who did it, and how?" we provide all that kind of information.

The solution has definitely saved us time, because if you want to monitor this kind of vast environment of different products, it's going to take a lot of time. Let's say one database server has 100 database instances running on it; I don't need to install 100 data instances, I just need to install on the one database server and that will cover all of my instances on that particular database. 

In terms of saving money, today, if you want to monitor and protect your environment, you have to spend money. So, that's not a question.

In terms of advanced features, we are using the Database Activity Monitoring and the Vulnerability Assessment as well. Now we are thinking of using the GDPR because that's going to be a compliance as well. So some but not all of them.

Initially it did not have support external applications like, say, Tableau, ServiceNow, Remedy, and the like. They have started growing into it, but I would like to have more and more integration with outside applications. So that, let's say my one of my application owners has Tableau and wants to directly report on that; if I can just pick and see that report with one click, that would help.

It's stable. When I used this product back in 2007 it was challenging, but now it's it's stable.

The scalability is not that easy to use because, you need a lot of knowledge about it, on data security; basically you need to know where your sensitive data is. We tried to use Guardium for that, to find out with the Discovery feature, but it didn't work, because we had a lot of irregular data. We found it ourselves, but Guardium is protecting it; so that's good for us.

I would say eight and a half out of 10. I've been in this Guardium stuff for the last 10 to 11 years. I have worked with IBM throughout that time. It has improved, but still it is eight and a half out of 10.

It was pretty straightforward.

I would definitely recommend it. It's easy to use and it can save a lot of headaches, by just implementing it and being able to ask at the time of audit. When it comes to audits, every company wants to be safe.

Our primary use case of this product is for privileged database activity monitoring. We are customers of IBM and I'm the DBA.

We use the GBDI feature which is very helpful for our needs. The centralization of data is probably the most valuable feature because we span multiple database technologies. 

In general, I find the solution a little complicated to use. Another problem is that we have  encrypted traffic on Oracle and it requires a database outage. That's creates problems because you're monitoring critical systems and they don't like outages.

The solution has been pretty stable for us. 

Our environment is pretty small for scalability purposes, so scalability is not relevant. In terms of the collectors agency, you can always add them. From that perspective, it's scalable, but it introduces more complexity because the more collectors you have, the more management is required. We don't allow people to connect and use self-service. We produce reports for the application teams from the tool ourselves, which is why we only have around 15 users involved in deployment, maintenance and reporting.

The professional services we initially received were really good. Technical support has been okay; it's not outstanding, but it hasn't been too bad either.

The initial setup is quite complex so we used IBM professional services for implementation. We're still in the process of deploying, it's taking a while. That doesn't reflect on the solution; we're very lean with staff and I think that's probably the issue.

If I were choosing a solution now, I would probably look at Imperva and Insights, and go the agentless route, rather than deal with collectors. They still have them with the new system, but they're a little lighter weight. From a manageability perspective, from a scalability perspective, in terms of supporting model databases, they seem to be more viable solutions moving forward.

I rate this solution an eight out of 10. 

Our primary use case would be for compliance reporting: DBA activity monitoring for SOX regulations.

It has performed fairly well. There are issues here and there, but it is the only product on the market that can do this job. It is the industry leader in database security.

It has improved the way our organization functions. It has automated a bunch of manual tasks, giving us insights into activities that we would not otherwise be able to capture.

We use it to support our top two security initiatives. We have one large project that is focused around locating our sensitive data elements and we have used the discovery agent to do just that. Then, we also have another stream in that project towards monitoring these sensitive data stores, so we use some of the Guardium monitoring features and alerting features to monitor these sensitive databases.

We use it for our SOX compliance reporting. We have it integrated with LDAP and Active Directory. We are looking to integrate it further with Splunk and a change management system. 

The integration process is challenging: 

• Pulling from the Active Directory and LDAP is not bad once you figure it out. Typically, customers need to work with IBM support to do this. 
• For the Splunk integration, we are in process of doing this. We have been working with Splunk to pull the data out. 
• For the change management piece, we have not really started this yet.

Some of its reporting capabilities. Guardium does a great job of capturing data and having the ability of trying to pull it out and make sense of it. Using it for business applications is its biggest capability. 

We use many of the advanced features. We are one of the more advanced Guardium clients, thus we use features, such as custom tables and the ability to import custom data. We have used some of the data discovery pieces before, along with the classification builder. Therefore, we are pretty strong power users in the product.

We have been looking into Guardium Big Data Intelligence and seeing if it makes sense for our organization.

Overall testing and quality need improvement. It is fairly buggy at times, so it feels like it could use additional staff on the product, testing and trying it out.

I would like to see a lot of additional reporting and analytics features. They have basic outlier detection, but I would love to see that go further, and model it after analytics tools like Splunk. If the product could integrate with Splunk, or mimic it, it would provide a lot of value. 

Stability is average. There are frequently new issues with releases. As long as you stay a version or two behind, you are pretty stable. However, we have had some issues with patches breaking things unexpectedly in our environments.

Scalability is very good. You could easily throw it onto a VM or add additional hardware. One central manager supports about a hundred managed units, so scalability is excellent.

We frequently use technical support. We have some arrangements made with them, but our support is generally pretty good for smaller issues. For larger issues, we would like a bit more communication from them. Therefore, when there is a known product bugs, known fixes, or known issues, it would be great if they made those a little easier to find or published them at all. That would save us a lot of time and effort.

We invested in Guardium because of regulatory compliance issues. Guardium is the only product in the market that could meet these needs. 

I was not involved in the initial setup.

Guardium has not saved us time or money. Senior management is aware of this.

If you are researching this type of solution, work with IBM.

Only Guardium.

Most important criteria when selecting a vendor: 

1. The ability to meet requirements.
2. Costing
3. Scalability and market share.

The primary use case for most of our customers is for monitoring and compliance. It's mostly deployed on-premises and it's a database activity monitoring solution. 

The most valuable features have been how easy it is to deploy and use, as well as the comprehensive monitoring options. These are a few things that customers like most about this product. 

The analysis part of this product could be improved. It's a very comprehensive product, so the features it has complement customer requirements. But I would like to see more emphasis on analytics, and it would be great if they added machine learning. They already have analysis insights, but a comprehensive analytical feature that's already incorporated into the solution would be very helpful. 

I have been working with IBM Guardium for the past 10 years. 

This solution is stable and reliable. 

This solution is scalable. That's one of the missions of this product—it can scale. 

I think technical support is generally helpful, but it depends on the situation and the complexity of the problem. Most of the time, we resolve customers' issues ourselves, but technical support is helpful whenever I do require their help. 

Most of the time, the deployment process is straightforward. There is a specific process which isn't too complicated or difficult. The amount of maintenance that will be required depends on the deployment. When we set up the solution, we usually try to optimize it so that it requires little maintenance. 

My company provides implementation services to customers. 

Guardium is most suitable for large scale enterprises because the pricing model is better if you are implementing a large number of databases. It may be suited to medium enterprises, but to a lesser extent. It depends on customer requirements, but it's best suited to large companies because of affordability. 

I have experience with Oracle Audit Vault and Imperva SecureSphere Database Security, which are the two main competitors. If you compare Guardium with Audit Vault, the main differences are in the deployment model, how they work, and the focus of each product with regard to monitoring. Audit Vault has a different deployment method. Imperva is more similar to Guardium. 

If you are looking to implement Guardium, you first need to understand your requirements. The objective of these database and security monitoring solutions is for compliance and auditing. You want a solution that will monitor everything, but the main objective is to monitor the right areas or the key parts of the area that should be monitored. This is the one thing customers should consider before choosing any database or similar solution. 

We have good relationships with our customers, so whenever they're looking for a solution, we try to partner with them and align them with a product that will meet their needs. Usually when we go with this product, we go with SQL first, then go for integration deployment. Our recommendations are based on customer requirements. Even if it's a good product, it may not be a good fit for the customer. 

I would rate this product an eight out of ten, just because there's always room for improvement. 

We primarily use the solution for database access management where they are using DML commands. We use it for compliance and validation. If there's any change in the record, this solution will notify us.

It provide real time alerts and report for the review with senior management.  

The solution is very good at marking.

The initial setup is quite easy.

The solution offers trouble-free access.

The reporting on the solution is weak. It needs to be improved and enhanced. From a management point of view, it's really important to have reports. They should be offering easily extractable reports that we, as users, can benefit from.

The technical support is very poor.

Integrations are difficult to configure upon the initial setup.

The solution needs to offer data encryption.

We've been using the solution for the last three and a half years.

The solution is very stable. We don't seem to experience bugs or glitches. It doesn't crash or freeze.

The product's scalability is fine, however, the requirements for scalability make it somewhat limited, as you will need to add hardware resources in order to expand it. Other than that, yes, the scalability is there, and you can use it, but you need to keep in mind that there is hardware that you have to have in place.

We haven't been happy with the support. We're always facing issues with integration with one database and we don't get a detailed response. Their help just hasn't been adequate. Our team is now basically working with a local partner for support, however, it's an aspect of the product I'm very unhappy with.

Neutral

We didn't previously use a different solution.

The initial setup is quite easy. It's not an issue and is very straightforward. That said, teamwork becomes an issue due to the fact that the troubleshooting part is a little bit difficult. We need to have some more insights from IBM to help us along. 

If you are new to the product, you need to have a more qualified person to assist you with the process, and ultimately we have to engage with technical support. The response is not fast, however. The product is a critical part of our environment, so we need a rapid response from the site to sort out the issue, whatever it might be.

We have two people currently managing the product.

You only need one person to deploy the product.

We had one person from the vendor come and help us deploy the solution.

We definitely needed more assistance and have tried to get the help of technical support for some integration issues, however, the response hasn't been fast enough.

I'm not sure of the exact cost of the solution, however, I believe the features have separate costs. We have a data protection license and on top of that, we need to buy however many databases we need to monitor everything effectively.

In the current environment that I'm working in, I did not evaluate other products. However, in the past, I have had to utilize other products.  don't recall what it was exactly, though. The other solution was from McAfee.

In terms of the ease of access and ease of deployment, IBM Guardium was much easier to deploy. However, in terms of maturity, then definitely that the other product that I used in the past was more mature than the IBM Guardium Products. 

We're looking to upgrade the solution soon. I'm not sure which version we are currently using.

I would recommend others considering the solution to make sure they get local partners who can basically deploy the product. They need to have someone with sound experience. I have found a partner who applies the product often just simply deploys it and they don't have a use case available. They don't have the right experience. You need to choose your partner carefully or be ready to work hard yourself to deploy the product in the best possible way. 

I would rate the solution seven out of ten.

Database activity monitoring.

It performs its job quite well.

We use Guardium to support security initiatives and compliance policies such as  APCI, SOX, GDPR, pretty much everything.

We are in the process of integrating Guardium with a couple of systems including IDSM.

It does save us time and money. I can't quantify it in terms of money, but it has been very difficult to analyze all the network traffic somewhere else. Guardium provides that feature, it's heuristic. So we have rule-based algorithms in place to take care of that.

The ability to do its job properly, database activity monitoring for insider threat. That's primarily why we use it and it does a good job.

Among the advanced features, we use Vulnerability Assessments. We are in the process of using Discovery Classification as well.

We have made a list of RFIs. There are features like end-to-end and S-TAP mapping, and the ability to install policies for your configuration builder. They're not there, but we'd like to see them in the next version.

Stability has improved with the newer versions.

It scales well. The newer versions scale very well compared to the earlier versions.

They're brilliant. 

I was not involved in the initial setup, my manager was. But I have been involved with the latest versions. Initially, from 32-bit to 64-bit was a nightmare, but the latest 64-bit versions are pretty straightforward.

When selecting a vendor, what's important for us is 

• how quickly they can provide customer support
• scalability
• reliability
• dependency.

Overall, I'd rate it at eight out of 10. It could be a 10, however there are few features, like the ones I mentioned, that are still a work in progress.

Regarding advice to a colleague, determine what your business needs are. If your business needs are similar to the ones Guardium solves then you should go for it. The implementation is seamless, the requirements are straightforward, and it's easy to use the product.

For the mainframe, monitoring DB2 privileged access to our databases.

It has performed really well so far for the purpose, but we're not using the full capacity of it. There's also an open systems side that they're implementing now, that I'm not part of, but there's a lot more growth in that area.

It's more secure. The big issue is satisfying audit requirements, that is really big in our company right now.

We also use Guardium to support security initiatives and compliance policies within our organization. For what we do, we need to know who exactly is using our privileged IDs, because that's a security risk, if someone who is not authorized does that.

I don't know if Guardium has helped us comply with industry regulations like SOX, PCI, or GDPR. We also have not integrated it into other systems.

In the past we were doing a lot of manual checking, running our own reports, going through SMF data, but now Guardium does that reporting for us. That saves us time and money. Senior management is aware of the savings. They're the ones that really pushed for it.

Satisfies audit requests, to give us an idea if anybody is accessing our privileged user IDs without our knowledge.

We don't use any of the advanced features.

Regarding other features we would like to implement, I don't deal with the actual setup of the product. We have a specialist for Guardium to do that for us. We tell him our requirements and he builds the policies. So far it's very limited on our side, but I imagine on the open systems, side there would be a lot more complex policies.

Right now we're having some issues where it's using a high CPU, we don't know why. So, better testing before the product is ready would help.

So far, so good. We've been using it for about two or three years right now, and we have had no issues. Once it was set up properly, it has run as it should.

It appears to be very scalable, especially on the mainframe. On the open systems side there are a lot more servers out there, mainframe is more centralized. On the mainframe it's very scalable. We're only using one percent of it right now, what we're monitoring. But we feel that with the power of the mainframe, that can go up as much as we need.

We use tech support. If we have a problem, we open up a PMR with IBM on the mainframe side, and we also have someone that does the implementation of it on the server side. He works closely with IBM. Our experience with tech support is really good. They're responsive, and we get to the right person.

Our previous solution was manual.

Our most important criteria when selecting a vendor are reliability, the reputation, and the product itself has to deliver in an efficient manner. Our company is heavily involved with IBM products, so adding another product or taking a product away is not very hard.

We were somewhat new to it. When it first came out we had it brought in for testing. In the initial stage, the documentation was not very good on the mainframe side. But once we installed it... it was very easy to install in the mainframe side. On the open systems side, and the person supporting it, he has to be more skilled and more knowledgeable of the product, so I can't speak for him.

We did not actually PoC anybody else.

I give it a nine out of 10. It's not perfect: Issues like using a high CPU and, in the beginning, it was a little unclear on how to install it. This is only on the mainframe side.

In terms of advice, do a good PoC on it, because I believe it's a very expensive solution. And it has to satisfy the auditors, for sure. If it doesn't satisfy the auditors it won't go anywhere.