IBM Security Guardium Data Protection Reviews

Our primary use case for IBM Guardium Data Protection is audit logging. We monitor transactions and access particular tables in the database with it. 

I would like to see improvements in scalability and easier installation.

I have been using IBM Guardium Data Protection for three years. 

Personally, I have not been very involved with IBM Guardium Data Protection for the last couple of years. However, I think we've had some problems scaling it, but I'm not the right person, really, to answer questions about scalability. My understanding is that there has been some frustration with scaling it, but those may be local issues.

I think IMB's technical support is good. 

The installations are complex. They take several days.

We had help from IBM with deployment.

We pay yearly.

We initially looked at Oracle's own products, but we had legacy databases so we didn't really have many options. We had old flavors of Oracle in place.

Personally, I would not recommend this product. 

Our primary use case of this product is for privileged database activity monitoring. We are customers of IBM and I'm the DBA.

We use the GBDI feature which is very helpful for our needs. The centralization of data is probably the most valuable feature because we span multiple database technologies. 

In general, I find the solution a little complicated to use. Another problem is that we have  encrypted traffic on Oracle and it requires a database outage. That's creates problems because you're monitoring critical systems and they don't like outages.

The solution has been pretty stable for us. 

Our environment is pretty small for scalability purposes, so scalability is not relevant. In terms of the collectors agency, you can always add them. From that perspective, it's scalable, but it introduces more complexity because the more collectors you have, the more management is required. We don't allow people to connect and use self-service. We produce reports for the application teams from the tool ourselves, which is why we only have around 15 users involved in deployment, maintenance and reporting.

The professional services we initially received were really good. Technical support has been okay; it's not outstanding, but it hasn't been too bad either.

The initial setup is quite complex so we used IBM professional services for implementation. We're still in the process of deploying, it's taking a while. That doesn't reflect on the solution; we're very lean with staff and I think that's probably the issue.

If I were choosing a solution now, I would probably look at Imperva and Insights, and go the agentless route, rather than deal with collectors. They still have them with the new system, but they're a little lighter weight. From a manageability perspective, from a scalability perspective, in terms of supporting model databases, they seem to be more viable solutions moving forward.

I rate this solution an eight out of 10. 

Database activity monitoring.

It performs its job quite well.

We use Guardium to support security initiatives and compliance policies such as  APCI, SOX, GDPR, pretty much everything.

We are in the process of integrating Guardium with a couple of systems including IDSM.

It does save us time and money. I can't quantify it in terms of money, but it has been very difficult to analyze all the network traffic somewhere else. Guardium provides that feature, it's heuristic. So we have rule-based algorithms in place to take care of that.

The ability to do its job properly, database activity monitoring for insider threat. That's primarily why we use it and it does a good job.

Among the advanced features, we use Vulnerability Assessments. We are in the process of using Discovery Classification as well.

We have made a list of RFIs. There are features like end-to-end and S-TAP mapping, and the ability to install policies for your configuration builder. They're not there, but we'd like to see them in the next version.

Stability has improved with the newer versions.

It scales well. The newer versions scale very well compared to the earlier versions.

They're brilliant. 

I was not involved in the initial setup, my manager was. But I have been involved with the latest versions. Initially, from 32-bit to 64-bit was a nightmare, but the latest 64-bit versions are pretty straightforward.

When selecting a vendor, what's important for us is 

• how quickly they can provide customer support
• scalability
• reliability
• dependency.

Overall, I'd rate it at eight out of 10. It could be a 10, however there are few features, like the ones I mentioned, that are still a work in progress.

Regarding advice to a colleague, determine what your business needs are. If your business needs are similar to the ones Guardium solves then you should go for it. The implementation is seamless, the requirements are straightforward, and it's easy to use the product.

Database activity monitoring (DAM)

It can provide the logs for the activities performed by the privileged users across the all databases (MSSQL, DB2, Teradata, Oracle Sybase and many more) which can avoid the internal frauds and keep data secured. It can also alert if any hackers tried to log-in to the databases from failed login alerts.

Some improvements were needed in version 9.6, those are covered in version 10 already. If we face any issues or bugs in the product IBM provides the patch on that.

Since last 4 years I am working on this project and organisation using this sine seven years

There are very less or minimal issues deployment those might be due to the human error , IBM documented the all steps in details for the deployment and they are available on internet.

Yes there was the issue on the high CPU utilisation by Guardium services ,on the database host but IBM has introduce the Guardium service monitoring service(watch dog process) which auto restart the Guardium services when CPU utilisation reach the defined threshold percentage.

If you follow the recommended configuration as per the IBM and correct capacity sizing done there is no issues.

8 out of 10

8 out of 10

NA

Initial setup is very easy to perform . this has only 4 level architecture (Central Manager-->Aggregator-->Collector-->Guardium STAP agent)

we are implementing In-house with help of documents

Little high as compare to other products available in the market but the service provided by vendor is great and there are many additional functionalities as compare to other tools

NA

vast product as there are many features of this product to full fill the customer requirements, and less expertise are the there worldwide.

* Quick search

* Ability to define reports based on SQL query, especially when you have complex report criteria.

* Stream audit data to 2 collectors simultaneously.

* GIM passive install. You can connect GIM from Colletor or CM when GIM is running in listening mode.

Can't tell as I did POC only.

* First of all. GUI and user experience needs to be reworked from scratch. Product management console look like from 90's.

* Deployment process is very complicated as you need to now all advanced parameters. Almost not possible to figure out for yourself.

* Central Manager (CM) needs rework to. Some configuration params still needs to be done on collectors locally.

* Agent statistics is not available by default. You have to make a report and still you will not see all information like data interface activity.

* Dynamic datasets is rocket science. To make it work you have to build several additional procedure, which make it extremely fragile.

* Audit data is a single block. if you have several policies you can't purge data for specific policy.

* Collectors requires enormous amounts of resources comparing to other products available on the market.

a month only to evaluate this product

Yes, during the deployment you get nothing out of the box. You have to manually configure everything. Tune parameters for agent, collectors. Agent deployment is very complicated.

Yes, scaling the product might be a tricky task as you have to configure parameters locally or collectors or agents.

Product looks easily scalable.

SMEs that were together with me during the POC were very technical and did understand their product.

n/a for POC

Yes we use Imperva SecureSphere, and still use it as Guardium has failed POC. We were not able to replicate our current deployment and some major issues, Guardium had, prevented us from selecting this product.

It was extremely complex. Without IBM support it would take years for you to setup infrastructure.

Throught the vendor team. These guys were very technical and helped me to understand each steps during the POC

n/a

We haven't talked much about pricing and licencing. But it is not cheap for sure

We haven't chosen this product.

If you have complicated report requirements which involves very specific filtering and/or aggregation. And you have lots of resources in your virtual platform. Then give it a try.

Also I suggest you take a look at other top grade product like Imperva SecureShere. the reduction in resource requirements is 3 times less and it have plenty of nice features out of the box.

We primarily use the solution for database access management where they are using DML commands. We use it for compliance and validation. If there's any change in the record, this solution will notify us.

It provide real time alerts and report for the review with senior management.  

The solution is very good at marking.

The initial setup is quite easy.

The solution offers trouble-free access.

The reporting on the solution is weak. It needs to be improved and enhanced. From a management point of view, it's really important to have reports. They should be offering easily extractable reports that we, as users, can benefit from.

The technical support is very poor.

Integrations are difficult to configure upon the initial setup.

The solution needs to offer data encryption.

We've been using the solution for the last three and a half years.

The solution is very stable. We don't seem to experience bugs or glitches. It doesn't crash or freeze.

The product's scalability is fine, however, the requirements for scalability make it somewhat limited, as you will need to add hardware resources in order to expand it. Other than that, yes, the scalability is there, and you can use it, but you need to keep in mind that there is hardware that you have to have in place.

We haven't been happy with the support. We're always facing issues with integration with one database and we don't get a detailed response. Their help just hasn't been adequate. Our team is now basically working with a local partner for support, however, it's an aspect of the product I'm very unhappy with.

Neutral

We didn't previously use a different solution.

The initial setup is quite easy. It's not an issue and is very straightforward. That said, teamwork becomes an issue due to the fact that the troubleshooting part is a little bit difficult. We need to have some more insights from IBM to help us along. 

If you are new to the product, you need to have a more qualified person to assist you with the process, and ultimately we have to engage with technical support. The response is not fast, however. The product is a critical part of our environment, so we need a rapid response from the site to sort out the issue, whatever it might be.

We have two people currently managing the product.

You only need one person to deploy the product.

We had one person from the vendor come and help us deploy the solution.

We definitely needed more assistance and have tried to get the help of technical support for some integration issues, however, the response hasn't been fast enough.

I'm not sure of the exact cost of the solution, however, I believe the features have separate costs. We have a data protection license and on top of that, we need to buy however many databases we need to monitor everything effectively.

In the current environment that I'm working in, I did not evaluate other products. However, in the past, I have had to utilize other products.  don't recall what it was exactly, though. The other solution was from McAfee.

In terms of the ease of access and ease of deployment, IBM Guardium was much easier to deploy. However, in terms of maturity, then definitely that the other product that I used in the past was more mature than the IBM Guardium Products. 

We're looking to upgrade the solution soon. I'm not sure which version we are currently using.

I would recommend others considering the solution to make sure they get local partners who can basically deploy the product. They need to have someone with sound experience. I have found a partner who applies the product often just simply deploys it and they don't have a use case available. They don't have the right experience. You need to choose your partner carefully or be ready to work hard yourself to deploy the product in the best possible way. 

I would rate the solution seven out of ten.

Database monitoring. At the moment, we are using it to do a lot of data discovery from a data classification for structured data.

Its ability to find data. Once I find data, I can leverage it to perform specific select statements against PII data and do smarter controls rather than monitoring the entire database. 

My only negative thing on Guardium would be it is too smart. I am struggling getting through to social. In an ideal world, I would be able to populate every US zip code and have Guardium find the number, then identify it as a zip code. Right now, I have to pull it down and compare it.

It is a stable product. We just finished upgrading to version 10, and had no issues with the upgrade. We are excited about working with the newest version.

It should meet our need going forward as it is a huge product. We have scanned 7000 SQL databases and 1500 Oracle Databases.

We have a strong partnership with IBM. Their tech support is very knowledgeable.

The initial setup was before me.

We are doing what we call a reboot of the product. We are calling it the Guardium reboot project. We are starting back with the classifications to understand what controls we are implementing, thus stepping back to step forward. We are doing this because in the beginning we moved forward by getting everything monitored without being smart about what data was monitored.

We implemented the most recent upgrade in-house.

Most important criteria when selecting a vendor: At the end of the day, it would have to be the support and relationship. There are a lot of smart people out there building products which do things. However, not everyone can use them, and without having someone to call, it is sort of its own disadvantage. 

It’s available as a hardware appliance as well as software. This provides flexibility as to how you want to deploy the tool.

It can automatically locate DBs, as well as discover and classify sensitive data.

Data Activity Monitor covers what appears to be every DB imaginable, even data warehouses and file shares.

It allows administrators to enforce trigger alerts built around predefined policies, so that any access to sensitive data can be tracked and blocked if necessary.

It helped control excessive administrator rights to databases and automated the compliance auditing process.

It located/discovered unknown databases and the sensitive data that existed in those databases.

There was a slight performance tax on the system and load balancing could be better. We would also like more robust reporting.

I have used Guardium for six months.

Once it was installed and implemented, it seemed to be a very stable product.

This is definitely a scalable product. You can build out a basic stand-alone architecture with one collector all the way to enterprise wide architecture that covers multiple datacenters and continents.

I never interacted with tech support.

No previous or different solution was used.

If I remember correctly, the setup was a bit complex; not so much the installation, but a lot of tweaking and tuning of policies, setting up traffic filters, whitelisting the traffic, and so on.

I was not privy to this information.

I wasn’t part of the evaluation for the tool.

Try to have a dedicated team. There are a lot of moving parts and you need take a hands-on approach. It doesn’t come configured out of the box.