IBM Security Guardium Data Protection Reviews

We want to protect our data. That's the primary use case.

So far, performance has been okay.

We are able to identify who does what, when, and we are able to go back to them and say, "Is this an authorized activity? Is it not an authorized activity?" Why are they doing it? Is there an outlier? Go back and find out if that is normal, unusual? It has helped the overall perspective of making our operations more compliant with the regulatory requirements.

We use Guardium to support security initiatives and compliance policies in our organization. For example, we create reports that tell us how often is a password locked, how many exceptions we are getting, how many failed login items we are getting. We send those reports to the compliance and auditing folks. We do vulnerability assessments, detect vulnerabilities and send reports.

Currently we are not focused on GDPR because we are mainly a US-based company. I don't think I would say that Guardium has saved us time or money.

It does the monitoring of access very well, although we currently don't use any of the advanced features.

Get rid of the collectors. Stream the data directly from the agents to the Big Data link.

The solution is very stable, but it has its challenges. 

I would rate tech support about seven out of 10.

This was a management decision. I think when they found Anthem was getting breached they decided, "Hey, let's try something else."

When selecting a vendor, the most important criteria for me are the

• reliability of the vendor
• name recognition
• support model
• cost, of course.

If you know it, it's pretty straightforward. Otherwise, there is a little learning curve.

The biggest challenge is the cost associated with the product, and the cost of maintaining. Everything is not translated directly to the benefits we see. There are benefits, yes, but if I were writing the check, would I buy Guardium? No.

It's pretty good. We have the latest version, so we are able to scale.

I would rate this solution six out of 10. The benefit to the cost is not justified, in my opinion.

I would say Guardium is a good product. It's a very good product, but you want to weigh how much you want to implement. Do you want to focus on only certain applications? Certain databases? Don't do it across the enterprise. So think about that.

We are using this solution for a PoC.

IBM Guardium Data Protection is used to create policies, and rules for database access management.

IBM Guardium Data Protection is very good at keeping your database secure.

It would be helpful, and convenient to improve the Chat support.

I have been using IBM Guardium Data Protection for four months.

I have not had any issues with the stability.

IBM Guardium Data Protection is a scalable solution.

Currently, as we are conducting PoCs, I am the only user. We created an in-house environment at my office. It is not yet ready to be used at the commercial level.

They have good support when they are opening a case, but when on the Chat, the support is not good.

It would be helpful, and convenient to improve the Chat support.

We had IBM appliances, which made it very easy to add. 

We added it to the virtual machine.

The installation was complete in 20 minutes.

I was able to complete the installation myself.

We are working with the trial version.

Licensing fees are paid on a yearly basis.

I don't have all of the information regarding the pricing, but my understanding is that it is on the high side. 

IBM, in general, is the best. I would recommend this solution to others.

I am not familiar with other products. I only know IBM Guardium.

I would rate IBM Guardium Data Protection a nine out of ten.

The primary use case is for ensuring compliance with databases. It allows monitoring of what kind of statements and alterations are going on, as well as who is accessing what data.

IBM Guardium is useful for organizations that require compliance such as banks, insurance companies, and pension plans. Having it available allows us to focus on those clients.

The most valuable features are data loss prevention and data protection.

From the perspective of analysis and prevention, this product is pretty accurate.

Sometimes the connectors to the databases need to be manually updated and we have to configure them again, which is something that should be improved.

I have been working with this solution for one year.

This is a reliable product.

It is easy to scale. There are more than 5,000 users in total, although it does not run on all of the servers or user workstations.

The technical support from IBM for this solution is pretty good. Support via email is available and overall, it is reliable.

This is the first database security solution that I have worked with.

I found the initial setup to be complex. There are a lot of connections between different components and it is not straightforward. Our deployment took approximately three days.

We had the assistance of a system integrator.

From my experience, I find that IBM Guardium is pretty good and I would recommend it.

The monitoring and analytics capabilities make it a very good product, although we have had intermittent problems with our database connectors so it is not perfect.

I would rate this solution a nine out of ten.

• Database access monitoring
• Vulnerability assessment
• PCI compliance
• SOX compliance
• GDPR compliance 

• It provides us regulatory compliance proof and evidence for audit. 
• It allows us to find bad actors. 
• It allows us to find people who are doing stupid things, and do it without the intervention and loss of data integrity of the people that we are monitoring manipulating the data.

We have integrate IBM Guardium with ArcSight and Splunk.

The ability to collect the data without database administrators being able to modify it.

• There are some GUI improvements that I have provided to development already.
• Performance and the ability to use resources could be improved. 
• The ability for Central Managers to talk to one another could be improved. I have 26 Central Managers and 26 silos which are independent.
• Some of the data handling or data recording could be improved. We are doing it with external software, components, etc. 

For the most part, it is stable. Depends on the year.

It has scaled. It was pulling teeth, but it does scale. 

We taught IBM about the limits of the product. They did not think there were limits to the product. There were, because we do very extensive testing of performance. We can tell you when a product is going to break. Their development thought this was valuable because they do not have the facilities to do this sort of extensive testing.

Technical support is very knowledgeable now. 

At one time, they were horrible since they were blue washed. After the blue wash and a couple of years on the honeymoon, then they have gotten considerably better. They have had problems understanding that they do not know as much about the company's environment as the employee does. This will result in them downgrading tickets, and they will just do it on the fly. This is not a good thing because they do not understand the issue. This may not look like a sub 1 ticket to IBM support, but it is.

We went in and tested it. We continually test everything that is in the industry. Guardium has significantly gone past the mark of acceptable every single time, as compared to their other competitors.

Overall, it is a very solid product. 

Our primary use case is for managing and monitoring the database in real time.

The most valuable feature I have found is the performance of client monitoring. The other competitors are unable to do this.

I would like to see AI and machine learning added in the future.

I have been working with IBM Security Guardium Data Protection for two years. 

We have found the stability is very good.

All that is necessary for scaling IBM Security Guardium Data Protection is to purchase a license. We have a lot of customers since we are in the finance industry in Vietnam.

We have excellent technical support in-country and out of the country.

The initial setup is straightforward and takes a short time to install.

The price is good for the quality of the solution.

I would rate IBM Security Guardium Data Protection an eight out of ten.

Database activity management to ensure compliance audit regulations. It is also to manage risk. It is performing well, but we have a large journey to go.

Previously, we had no monitoring for our databases. Now, we have the ability to  begin to understand how people, applications, and service accounts are interacting with data to better protect it.

We use IBM Guardium to support security initiatives and compliance policies.

We have integrated IBM Guardium with QRadar.

Being able to go back to see what people are touching, and when they are touching it, then look at the risk of who is touching what and how they are touching the data. This will give us a better understanding of how people interact with our data. 

We do not use many of the advance features, but we will soon. We are looking at Sensitive Data and User Behavior Analytics.

It will not go as fast as you want. 

We are about 50 to 60 percent there. A lot of that has to do with us implementing it a little better, and redesigning what we thought would be their protection. We need to do a bit more efficient architecture, as some things are coming down the pipeline for the roadmap of the product.

The scalability is not an issue, though it is not the easiest thing to scale. However, I seen the coming roadmap, where the scalability will be easier.

I would rate technical support as fair. Unfortunately, it takes time to figure out an answer to our issues, because they are unique, not just a standard answer.

It is very complex.

Pushing agents and tabs seems pretty standard from a technical perspective. Once you start interacting with people's databases, they get very hesitant. Then, the amount of social tasks to socialize the solution ensuring people are comfortable with it became a much heavier lift.

There are a lot of things that could be better, but it is performing pretty well.

Take your time and learn each step. Make sure that you understand each step, because if you miss something, it will come back. Then, you have to circle back and figure it out anyway.

Most important criteria when selecting a vendor:

• Price
• Support
• Reliability in the marketplace
• Integration with other systems.

For us, the most valuable features are the auditing capabilities and the Guardium inspection engine. The GIM (Guardium Installation Manager) makes it easy to manage the S-TAP agent. You can enable/disable, install and upgrade remotely with no need for the system administrator.

DB user profiling is something that should be part of Guardium auditing systems.

Also, reporting is not user friendly as compared to other tools. Moreover, for each report, you have to create an audit policy to create the report. It should be policy-based.

We have been using Guardium for 2 years.

We did experiences a few system crashes.

Technical support is very good.

The initial setup was complex.

We also looked at McAfee and Fortinet.

I would consider IBM brand value.

Guardium is used based on our Manual of Internal Procedures (MPI), and its uses range from creating a rule to generating customized reports. The main use case is the procedure "Investigate Incidents Recorded by Unauthorized Access," with action "notify by electronic message the manager and/or leader of the area."

Improved security through the visibility and control of all access to the databases.

The most valuable feature is using the capture operation mode “S-TAP/K-TAP agent”, because all activities in the database are captured, including direct access to the database server by privileged users. This is useful because, even if the database server logs were deleted, the Guardium Collector has already stored such data to enable traceability of access.

I have already mentioned to IBM that a primary need is to improve the number of records in the reports above 65,535.

Depending on the policy and rules applied, there is a need to increase the minimum requirements (RAM and storage - HD) for better operation and not to experience hardware slowdowns due to the high flow of traffic. IBM brings the "minimums" and "recommendation." From experience in versions 9x and 10x, when installing Guardium, it's important to verify the "recommendation" requirements of IBM for stability. It is worth mentioning that the requirements (minimums or recommendation) are different for Collector and aggregator.

The two major Database Audit and Protection (DAP) solutions are IBM Guardium and Imperva SecureSphere. There are two modes of operation of these solutions: remote agent and sniffer (out-of-band). I recommended using the remote agent to obtain direct access captures on servers. 

Note that in non-mainframe environments, both solutions are scalable. For the mainframe environment, Guardium has updated installation agents with the latest kernels and releases. This makes a big difference in companies with mainframes, so it is necessary to keep the technology pack updated.

Regardless of the mode of operation, when increasing the number of servers monitored it is important to re-evaluate or perform new sizing. The possible number of databases and database servers which can be monitored by Guardium is high. For me, this is a differentiator of IBM.

On a "bad, good, and excellent" scale, I rate it as good.

Initially, there were two solutions to be evaluated: Oracle and Imperva. Oracle DAP was not evaluated because it does not monitor Linux or Windows Server-only environments. 

I evaluated Imperva and got good results. However, there is a delay by Imperva in creating updated agents for Linux and Unix, including for mainframe. For me, this is a problem because it is necessary to always keep the environment up to date. If you update the kernel or release of mainframes and do not have the agent upgraded, the DAP will not monitor.

For those who do not have experience, it is complex. There are several configurations to be made, from the configuration of NTP, IP, Mask, registration of the Collectors in the Central Manager, integration with other tools like storage (backup), LDAP, SIEM, through to the application of the policies and customized rules. Note: There are some pre-set rules that can also be customized.

The price of Guardium is higher than the main competitor, Imperva. In addition, it's complex as the calculation of the licensing is done by Processor Value Unit (PVU).

However, before purchasing a DAP solution, it is important to analyze specific points to evaluate the cost-benefit of each tool. For example: Does the environment to be monitored have mainframes? If so, it's a point for Guardium. If not, a point for Imperva. Note: IBM is looking into a new licensing policy and reducing the price of Guardium.

1. Read important articles related to DAP such as the "2017 Planning Guide for Security and Risk Management."
2. Gather information from the servers (operating system with version and database types with the versions) of the environment to be monitored.
3. Check which DAP solutions can monitor the environment.
4. List the “mandatory requirements” and “non-mandatory requirements.” It is important to have in mind which points will be evaluated.
5. Request PoCs with the main DAP manufacturers (IBM, Imperva, and Oracle).
6. Do the sizing with the topology to get an idea of the requirements and cost of the project.