IBM Security Guardium Data Protection Reviews

We are using IBM Guardium Data Protection for activity monitoring, blocking users,  entitlement for knowing the privilege for users, and Guardium data features.

The solution supports a lot of databases.

I have been using IBM Guardium Data Protection for approximately three years.

IBM Guardium Data Protection is stable.

The solution is scalable.

We have approximately six people using the solution.

The technical support has been very good.

IBM Guardium Data Protection's installation is straightforward and takes a few hours.

We have five people that do the implementation and maintenance of the solution.

The price of the solution could be better.

I would recommend this solution to others.

I rate IBM Guardium Data Protection a nine out of ten.

Guardium is used based on our Manual of Internal Procedures (MPI), and its uses range from creating a rule to generating customized reports. The main use case is the procedure "Investigate Incidents Recorded by Unauthorized Access," with action "notify by electronic message the manager and/or leader of the area."

Improved security through the visibility and control of all access to the databases.

The most valuable feature is using the capture operation mode “S-TAP/K-TAP agent”, because all activities in the database are captured, including direct access to the database server by privileged users. This is useful because, even if the database server logs were deleted, the Guardium Collector has already stored such data to enable traceability of access.

I have already mentioned to IBM that a primary need is to improve the number of records in the reports above 65,535.

Depending on the policy and rules applied, there is a need to increase the minimum requirements (RAM and storage - HD) for better operation and not to experience hardware slowdowns due to the high flow of traffic. IBM brings the "minimums" and "recommendation." From experience in versions 9x and 10x, when installing Guardium, it's important to verify the "recommendation" requirements of IBM for stability. It is worth mentioning that the requirements (minimums or recommendation) are different for Collector and aggregator.

The two major Database Audit and Protection (DAP) solutions are IBM Guardium and Imperva SecureSphere. There are two modes of operation of these solutions: remote agent and sniffer (out-of-band). I recommended using the remote agent to obtain direct access captures on servers. 

Note that in non-mainframe environments, both solutions are scalable. For the mainframe environment, Guardium has updated installation agents with the latest kernels and releases. This makes a big difference in companies with mainframes, so it is necessary to keep the technology pack updated.

Regardless of the mode of operation, when increasing the number of servers monitored it is important to re-evaluate or perform new sizing. The possible number of databases and database servers which can be monitored by Guardium is high. For me, this is a differentiator of IBM.

On a "bad, good, and excellent" scale, I rate it as good.

Initially, there were two solutions to be evaluated: Oracle and Imperva. Oracle DAP was not evaluated because it does not monitor Linux or Windows Server-only environments. 

I evaluated Imperva and got good results. However, there is a delay by Imperva in creating updated agents for Linux and Unix, including for mainframe. For me, this is a problem because it is necessary to always keep the environment up to date. If you update the kernel or release of mainframes and do not have the agent upgraded, the DAP will not monitor.

For those who do not have experience, it is complex. There are several configurations to be made, from the configuration of NTP, IP, Mask, registration of the Collectors in the Central Manager, integration with other tools like storage (backup), LDAP, SIEM, through to the application of the policies and customized rules. Note: There are some pre-set rules that can also be customized.

The price of Guardium is higher than the main competitor, Imperva. In addition, it's complex as the calculation of the licensing is done by Processor Value Unit (PVU).

However, before purchasing a DAP solution, it is important to analyze specific points to evaluate the cost-benefit of each tool. For example: Does the environment to be monitored have mainframes? If so, it's a point for Guardium. If not, a point for Imperva. Note: IBM is looking into a new licensing policy and reducing the price of Guardium.

1. Read important articles related to DAP such as the "2017 Planning Guide for Security and Risk Management."
2. Gather information from the servers (operating system with version and database types with the versions) of the environment to be monitored.
3. Check which DAP solutions can monitor the environment.
4. List the “mandatory requirements” and “non-mandatory requirements.” It is important to have in mind which points will be evaluated.
5. Request PoCs with the main DAP manufacturers (IBM, Imperva, and Oracle).
6. Do the sizing with the topology to get an idea of the requirements and cost of the project.

Database encryption.

• Encryption
• Data activity monitoring
• It has a set of modules.
• I compliment with Optum for a data masking solution.

An integration with Optum. Optum is another solution, but it is a segmenting software, portfolio not security. However, I am selling them together as one solution, Guardium and Optum.

I am dependent on my team for support of this product.

My main solution was Micro Focus voltage data encryption solution, but it was too complicated. 

Encryption is not straightforward, but Guardium made the setup easy for us.

Most important criteria when choosing to partner with a company: I started working with IBM only one year back. When I started a partnership with them, IBM had the security portfolio which covered most of the region where my customers were. IBM has a name with the support along the quality of its products.

The primary use case is security of our data in the bank.

Performance is very good.

Security. This is the main capability that you have in this solution.

In terms of compliance, we need to track users, database logins, and run inquiries. Guardium stores this log information very well. We don't use it for compliance with industry regulations like SOX, PCI or GDPR.

We have integrated Guardium with our database, SQL server, Hadoop, and Oracle Database. The integration is very simple. We just installed the solution and the rest was very simple.

I believe Guardium save us time and money. Upper management is aware of these savings.

It's simple to use and managing the solution. It's very, very good for security and tracking users and databases in the organization.

Stability is very good. I don’t have downtime with this solution.

We used support to configure Guardium with Hadoop only. The support was good. I did not need to escalate this ticket.

The pricing was for a big package, including all IBM products. As such, it was good value.

I don’t know because I am new in this company. I don’t know the history.

When selecting a vendor, I look at the price and the scope of solution.

My advice is to use this solution. For security and compliance it is very, very good.

• Database Activity Monitoring: Fulfills the international standard security requirements, such as PCI DSS
• It is very transparent on all of the query access controls of the monitored databases

According to my client, it fulfills the PCI DSS standard requirements that are implemented in his bank.

The graphics are so lame. I am sure that the latest version of Guardium, Version 10, would have improved it perfectly.

I see that they have improved the chart and diagram in the latest version of Guardium. However, there are some limitations on how the chart displays the data for analytic needs.

I am not sure if Guardium has the dashboard design to see the information much better.

I have used it for three years.

We did encounter stability issues. Do not upgrade directly to the latest fix pack unless people have confirmed that it is stable.

There were no scalability issues.

Technical support is always available for you. I suggest the following:

• Call IBM and make a Severity 2 request instead of Severity 3 request.
• Ask them to provide remote access to your system right away.
• Prepare the log files that they usually request.

They have changed the way of licensing. It is no longer according to your core. It is now based on how many servers you use. The price should be way less expensive.

I mainly use this solution to monitor the activity happening in the database.

The most valuable features are the modules, discovery classification, and vulnerability assessment. The reporting side is also very, very good, especially its flexibility which allows you to tailor the reports to whatever information you want. It also has the advantage of architectural data collection from the database.

An improvement would be to make the pricing relative in terms of regions. In the next release, IBM should incorporate more AI capabilities to better detect vulnerabilities.

I've been using Guardium for four years.

Guardium is a stable system.

You can scale Guardium up and down according to your needs.

IBM's technical support is very good.

Positive

The initial setup will be straightforward for those with technical experience but may be more challenging for less experienced users.

Guardium's pricing is quite high, but it gives good value for money for all sizes of enterprises, especially for partners.

I would give Guardium a rating of eight out of ten.

As a registered IBM Business Partner, our main interaction is to deploy Guardium at client sites.

• Audit Process Builder – Workflow generator to enhance audit tasks and compliance workflows.
• Compliance Quick Start – Quick, GUI, step-by-step guide to automate compliance and give the customer a quick ROI.

Needs easier integration with custom applications.

I would give the product a score of eight out of 10. This is due to its deep level of granularity and guided process/audit workflow generation.

To provide cyber security for databases.

It has performed very well.

It has made us more responsive and more productive, more efficient.

We use Guardium to support security initiatives and compliance policies. We are in the healthcare world, so it helps us with HIPAA compliance. It has also helped us with PCI. We haven't gone with GDPR.

We have not yet integrated Guardium with other systems we use.

It has saved us time and money by definitely making us more productive. Senior management is aware of this.

It provides a comprehensive security for databases, both on-prem and on the cloud.

Among the advanced features we use automatic backups, DR. We'd like to implement more predictive, using Watson.

More predictive, using Watson AI would be good.

It's very stable.

It's scalable.

We sometimes use technical support from IBM. It has been good, very good.

We were using traditional cyber security stuff. But this is a pretty good product. We became an IBM business partner, we are a cyber security business partner for IBM. We have other products besides Guardium that we are marketing.

The most important criteria when selecting a vendor are their

• stability
• quality
• support.

It was straightforward.

Buy it.