IBM Security Guardium Data Protection Reviews

We are using this solution for a PoC.

IBM Guardium Data Protection is used to create policies, and rules for database access management.

IBM Guardium Data Protection is very good at keeping your database secure.

It would be helpful, and convenient to improve the Chat support.

I have been using IBM Guardium Data Protection for four months.

I have not had any issues with the stability.

IBM Guardium Data Protection is a scalable solution.

Currently, as we are conducting PoCs, I am the only user. We created an in-house environment at my office. It is not yet ready to be used at the commercial level.

They have good support when they are opening a case, but when on the Chat, the support is not good.

It would be helpful, and convenient to improve the Chat support.

We had IBM appliances, which made it very easy to add. 

We added it to the virtual machine.

The installation was complete in 20 minutes.

I was able to complete the installation myself.

We are working with the trial version.

Licensing fees are paid on a yearly basis.

I don't have all of the information regarding the pricing, but my understanding is that it is on the high side. 

IBM, in general, is the best. I would recommend this solution to others.

I am not familiar with other products. I only know IBM Guardium.

I would rate IBM Guardium Data Protection a nine out of ten.

The primary use case is for ensuring compliance with databases. It allows monitoring of what kind of statements and alterations are going on, as well as who is accessing what data.

IBM Guardium is useful for organizations that require compliance such as banks, insurance companies, and pension plans. Having it available allows us to focus on those clients.

The most valuable features are data loss prevention and data protection.

From the perspective of analysis and prevention, this product is pretty accurate.

Sometimes the connectors to the databases need to be manually updated and we have to configure them again, which is something that should be improved.

I have been working with this solution for one year.

This is a reliable product.

It is easy to scale. There are more than 5,000 users in total, although it does not run on all of the servers or user workstations.

The technical support from IBM for this solution is pretty good. Support via email is available and overall, it is reliable.

This is the first database security solution that I have worked with.

I found the initial setup to be complex. There are a lot of connections between different components and it is not straightforward. Our deployment took approximately three days.

We had the assistance of a system integrator.

From my experience, I find that IBM Guardium is pretty good and I would recommend it.

The monitoring and analytics capabilities make it a very good product, although we have had intermittent problems with our database connectors so it is not perfect.

I would rate this solution a nine out of ten.

• Database access monitoring
• Vulnerability assessment
• PCI compliance
• SOX compliance
• GDPR compliance 

• It provides us regulatory compliance proof and evidence for audit. 
• It allows us to find bad actors. 
• It allows us to find people who are doing stupid things, and do it without the intervention and loss of data integrity of the people that we are monitoring manipulating the data.

We have integrate IBM Guardium with ArcSight and Splunk.

The ability to collect the data without database administrators being able to modify it.

• There are some GUI improvements that I have provided to development already.
• Performance and the ability to use resources could be improved. 
• The ability for Central Managers to talk to one another could be improved. I have 26 Central Managers and 26 silos which are independent.
• Some of the data handling or data recording could be improved. We are doing it with external software, components, etc. 

For the most part, it is stable. Depends on the year.

It has scaled. It was pulling teeth, but it does scale. 

We taught IBM about the limits of the product. They did not think there were limits to the product. There were, because we do very extensive testing of performance. We can tell you when a product is going to break. Their development thought this was valuable because they do not have the facilities to do this sort of extensive testing.

Technical support is very knowledgeable now. 

At one time, they were horrible since they were blue washed. After the blue wash and a couple of years on the honeymoon, then they have gotten considerably better. They have had problems understanding that they do not know as much about the company's environment as the employee does. This will result in them downgrading tickets, and they will just do it on the fly. This is not a good thing because they do not understand the issue. This may not look like a sub 1 ticket to IBM support, but it is.

We went in and tested it. We continually test everything that is in the industry. Guardium has significantly gone past the mark of acceptable every single time, as compared to their other competitors.

Overall, it is a very solid product. 

Our primary use case is for managing and monitoring the database in real time.

The most valuable feature I have found is the performance of client monitoring. The other competitors are unable to do this.

I would like to see AI and machine learning added in the future.

I have been working with IBM Security Guardium Data Protection for two years. 

We have found the stability is very good.

All that is necessary for scaling IBM Security Guardium Data Protection is to purchase a license. We have a lot of customers since we are in the finance industry in Vietnam.

We have excellent technical support in-country and out of the country.

The initial setup is straightforward and takes a short time to install.

The price is good for the quality of the solution.

I would rate IBM Security Guardium Data Protection an eight out of ten.

Database activity management to ensure compliance audit regulations. It is also to manage risk. It is performing well, but we have a large journey to go.

Previously, we had no monitoring for our databases. Now, we have the ability to  begin to understand how people, applications, and service accounts are interacting with data to better protect it.

We use IBM Guardium to support security initiatives and compliance policies.

We have integrated IBM Guardium with QRadar.

Being able to go back to see what people are touching, and when they are touching it, then look at the risk of who is touching what and how they are touching the data. This will give us a better understanding of how people interact with our data. 

We do not use many of the advance features, but we will soon. We are looking at Sensitive Data and User Behavior Analytics.

It will not go as fast as you want. 

We are about 50 to 60 percent there. A lot of that has to do with us implementing it a little better, and redesigning what we thought would be their protection. We need to do a bit more efficient architecture, as some things are coming down the pipeline for the roadmap of the product.

The scalability is not an issue, though it is not the easiest thing to scale. However, I seen the coming roadmap, where the scalability will be easier.

I would rate technical support as fair. Unfortunately, it takes time to figure out an answer to our issues, because they are unique, not just a standard answer.

It is very complex.

Pushing agents and tabs seems pretty standard from a technical perspective. Once you start interacting with people's databases, they get very hesitant. Then, the amount of social tasks to socialize the solution ensuring people are comfortable with it became a much heavier lift.

There are a lot of things that could be better, but it is performing pretty well.

Take your time and learn each step. Make sure that you understand each step, because if you miss something, it will come back. Then, you have to circle back and figure it out anyway.

Most important criteria when selecting a vendor:

• Price
• Support
• Reliability in the marketplace
• Integration with other systems.

For us, the most valuable features are the auditing capabilities and the Guardium inspection engine. The GIM (Guardium Installation Manager) makes it easy to manage the S-TAP agent. You can enable/disable, install and upgrade remotely with no need for the system administrator.

DB user profiling is something that should be part of Guardium auditing systems.

Also, reporting is not user friendly as compared to other tools. Moreover, for each report, you have to create an audit policy to create the report. It should be policy-based.

We have been using Guardium for 2 years.

We did experiences a few system crashes.

Technical support is very good.

The initial setup was complex.

We also looked at McAfee and Fortinet.

I would consider IBM brand value.

Guardium is used based on our Manual of Internal Procedures (MPI), and its uses range from creating a rule to generating customized reports. The main use case is the procedure "Investigate Incidents Recorded by Unauthorized Access," with action "notify by electronic message the manager and/or leader of the area."

Improved security through the visibility and control of all access to the databases.

The most valuable feature is using the capture operation mode “S-TAP/K-TAP agent”, because all activities in the database are captured, including direct access to the database server by privileged users. This is useful because, even if the database server logs were deleted, the Guardium Collector has already stored such data to enable traceability of access.

I have already mentioned to IBM that a primary need is to improve the number of records in the reports above 65,535.

Depending on the policy and rules applied, there is a need to increase the minimum requirements (RAM and storage - HD) for better operation and not to experience hardware slowdowns due to the high flow of traffic. IBM brings the "minimums" and "recommendation." From experience in versions 9x and 10x, when installing Guardium, it's important to verify the "recommendation" requirements of IBM for stability. It is worth mentioning that the requirements (minimums or recommendation) are different for Collector and aggregator.

The two major Database Audit and Protection (DAP) solutions are IBM Guardium and Imperva SecureSphere. There are two modes of operation of these solutions: remote agent and sniffer (out-of-band). I recommended using the remote agent to obtain direct access captures on servers. 

Note that in non-mainframe environments, both solutions are scalable. For the mainframe environment, Guardium has updated installation agents with the latest kernels and releases. This makes a big difference in companies with mainframes, so it is necessary to keep the technology pack updated.

Regardless of the mode of operation, when increasing the number of servers monitored it is important to re-evaluate or perform new sizing. The possible number of databases and database servers which can be monitored by Guardium is high. For me, this is a differentiator of IBM.

On a "bad, good, and excellent" scale, I rate it as good.

Initially, there were two solutions to be evaluated: Oracle and Imperva. Oracle DAP was not evaluated because it does not monitor Linux or Windows Server-only environments. 

I evaluated Imperva and got good results. However, there is a delay by Imperva in creating updated agents for Linux and Unix, including for mainframe. For me, this is a problem because it is necessary to always keep the environment up to date. If you update the kernel or release of mainframes and do not have the agent upgraded, the DAP will not monitor.

For those who do not have experience, it is complex. There are several configurations to be made, from the configuration of NTP, IP, Mask, registration of the Collectors in the Central Manager, integration with other tools like storage (backup), LDAP, SIEM, through to the application of the policies and customized rules. Note: There are some pre-set rules that can also be customized.

The price of Guardium is higher than the main competitor, Imperva. In addition, it's complex as the calculation of the licensing is done by Processor Value Unit (PVU).

However, before purchasing a DAP solution, it is important to analyze specific points to evaluate the cost-benefit of each tool. For example: Does the environment to be monitored have mainframes? If so, it's a point for Guardium. If not, a point for Imperva. Note: IBM is looking into a new licensing policy and reducing the price of Guardium.

1. Read important articles related to DAP such as the "2017 Planning Guide for Security and Risk Management."
2. Gather information from the servers (operating system with version and database types with the versions) of the environment to be monitored.
3. Check which DAP solutions can monitor the environment.
4. List the “mandatory requirements” and “non-mandatory requirements.” It is important to have in mind which points will be evaluated.
5. Request PoCs with the main DAP manufacturers (IBM, Imperva, and Oracle).
6. Do the sizing with the topology to get an idea of the requirements and cost of the project.

To protect the data. We're trying to monitor privileged users, get an idea of what's normal access, and to make sure that service account usage is only coming from the appropriate places, not being used by people from their own work stations.

How I would describe how well it's performing is that we are taking a slow and steady approach to it. Right now, I would say we're going from crawl to walk as far as usage goes; not using any of the sophisticated features, more getting the base implementation in place.

I think we have a better handle on who is accessing our data.

We use Guardium to support security initiatives and compliance policies within our organization. Our internal audit is keeping an eye out, and making sure that we're in compliance. Having the Guardium solution and its reporting helps us get through that process a lot more quickly and efficiently.

We're not using any of the workflow yet, but I would say yes, it is helping with compliance reporting. We're making sure that we're monitoring the usage of privilege accounts, managing the use of the service accounts.

We have not integrated Guardium with any other systems.

It has made us more efficient in demonstrating that we are in compliance, and enables to get through audit processes more quickly, which saves time and money.

Probably the most valuable feature for me, in my role as systems DBA, is the expediting of internal and external audits.

The one thing that I would like to see improved, but I don't think it's going to be in the next release, is its reporting capabilities. I think that's been offloaded to another third-party product that I think IBM actually endorses for that. It was built by the guy who helped develop Guardium but left IBM and spun up his own company. They found a need and they filled it. I think they filled it better than at least IBM thinks they can do for now.

I'm not the administrator of the product so I don't know that I would be the best one to answer this. But from more of a consumer's perspective, the fact that the S-TAPs and such run on my systems, it has not caused us any problems; a little bit in the SQL Server space, but overall it has been good.

I think that it's very scalable. You can spin up new Collectors and Aggregators as needed so, I'd say it's sufficient.

I do not have experience with technical support. I know that our main Guardium guy is the head of the user group, so, he has used it. He has connections. He usually gets quick feedback because they know he is very visible.

We had rolled our own stuff to do some of what Guardium does, but I think it was organizational recognition that switching was something that needed to be done. The monitoring and reporting was lacking in our organization. We had pockets where we had built our own, but now we're able to use one platform to do that monitoring for all of our database environments.

We went with IBM because it was a combination of functionality and familiarity, in that we have a lot of IBM products in-house, and it fit the criteria.

It was straightforward.

We did evaluate others, but I couldn't tell you what they were because that was a couple of years ago.

It does a good job for what it's designed to do. You may want to look into the enhanced reporting that's available by the third party, because some of the report-building features are not as nice as some of the third party's.