What needs improvement with IBM Security Guardium Data Protection?

One aspect that could be improved is the support for locating and discovering sensitive information in the databases. We also deal with updates manually on Sundays, and sometimes face bugs with the newer versions.

Guardium could be improved in the area of data encryption. We have encountered difficulties with encryption using IBM's platform, especially in comparison to alternative solutions.

Many clients inquire if the solution includes a database firewall, which it doesn’t. While it could be a valuable addition, the current tool focuses on database-level protection rather than network-level protection. For instance, it can prevent unauthorized changes to specific tables and send alerts if such changes are attempted. However, it doesn’t block data in transit or handle network-level security. The database firewall feature clients often request would address network-level security, which is different from our tool's database-level monitoring and protection.

We are currently facing a challenge because it does not offer data encryption by default, only data masking. When we decide to implement data encryption, we must purchase an additional add-on, which incurs extra costs. Data encryption and data masking often work together in organizations. Therefore, using different products for these functions, such as Oracle for data management and a plugin for data masking, creates a burden on our systems. We have to install and manage multiple agents, like Oracle's light agents and IBM's agents. IBM should include data encryption in its standard package. This would streamline operations and reduce the complexity and cost of managing separate data protection solutions. Currently, it supports cross-platform integration but does not support integration with flat file databases. IBM Guardium integrates well with international databases like MySQL and Oracle, making it easy to use with these systems. We need to develop a plugin to integrate flat file databases with Guardium.

The main issue I have with IBM Security Guardium Data Protection is the support. It's not good. They're slow, and they don't seem to resolve issues effectively. We have an ongoing problem that they haven't been able to fix. We had an issue with the setup that we've been trying to resolve. The reports are not coming out the way I want them to. I'm not enjoying the support. They don't always resolve issues, and sometimes logged cases seem to disappear. The support is not good for me. They should resolve issues as they're escalated.

The solution should allow the data to shift to a centralized repository with elastic servers and big data infrastructure. If a customer searches for old logs for retention purposes, there are limitations on appliances once they are set with specific hardware, so they can only be changed by uninstalling or reinstalling the hardware. The solution's aggregator feature allows data aggregation, but for instance, if a customer wants a project ready in two years, having an Elasticsearch in DB or the capacity to store huge amounts of data would be beneficial in data investigation or evaluation at an affordable cost. Some AI features should be added to IBM Security Guardium Data Protection. For example, the AI features implemented in the solution can be anomaly detection or suspicious activity identification.

Since we are resellers we do not have enough information about the technical aspects and the areas of improvement. However, one consistent report that we receive from our customers is that IBM does not offer timely support due to the size of the organisation. It would be great if they could improve their response time.

They could enable the out-of-the-box feature to track application user activity. It will help us observe the activities closely. Another area for potential improvement is implementing a feature for rate limiting the observed set returned to the client against security in a particular session.

The only issue is opening the remote connection to the client. IBM needs to focus more on improving remote connectivity. Microsoft and Cisco provide remote connectivity and have gained customer appreciation. The solution needs some functionality or features to be added. It might not cover Big Data.

The solution's pricing should be reduced because it is very high. The solution could be improved for NoSQL databases. From the functionality point of view, the solution has almost everything you need for your database. Overall, the product's functionalities align with the customer's needs.

The integration part of the present solution is very complex and tedious. Plus it gives a lot of false positives which need to be eradicated over time. While integrating it with my existing infrastructure, it was a pain area initially, because primarily it took me a lot of time to educate users. From the configuration part with the existing system, the agent installation and collecting logs from the system and then finally bringing it back to the Guardium is quite complex. In the next release, I would like these to be improved and implemented.

I would like to see AI and machine learning added in the future.

Unfortunately, we're unable to use this solution for a NoSQL database, which is limiting. The UI needs to be improved so that instead of everything coding in the backend, it's coded on the front end. Guardium has limitations so most companies using advanced technologies have stopped using this tool because it doesn't have the capability to identify the PII data in flat files. Most companies are moving towards big data.

The only downside is that the deployment is complex and requires special expertise to deploy.

Right now, we're in the development phase for IBM Guardium Data Protection, so I don't have any recommendations about additional features and room for improvement in the solution. We're very excited to work on IBM Guardium Data Protection because we are new to the solution, and we're still exploring product features. We're very excited about integrations and use case creation, and it's only after six to eight months that I'll be able to share my recommendations in terms of additional features the solution should have. We did find some difficulty in deploying IBM Guardium Data Protection here in Pakistan because of the lack of resources.

The documentation could be better.

An improvement would be to make the pricing relative in terms of regions. In the next release, IBM should incorporate more AI capabilities to better detect vulnerabilities.

I've found that the backup and recovery is very resource-hungry and requires a huge amount of available storage capacity along with other components, such as processing the RAM. We have a need for 200 GB of data to restore. Reporting needs to be improved as does integration capability with the other DBs. From a technical perspective, reporting is good but not from the management perspective. Due to the legacy application, there is sometimes another version of the DB that is not supported and requires a restart which is a very technical aspect of running applications.

IBM should add more database security features to Guardium. They could add user profiling, anomaly detection, and machine learning. IBM has user profiling, but they need to strengthen it. It should make sense for the users. It should remove most of the false positives. Anomaly detection would help. Let's say you had a thousand anomalies and 990 are false positives. Who will take care of this? People will simply ignore all 1,000. They need to improve a lot in this area. They're coming out with a new product called Guardium Insights. It will be able to store more data, and its algorithm will be stronger. That will probably fix all my concerns. They have yet to release the beta version.

An area for improvement in IBM Guardium Data Protection is automation. I would want it to be more automated, as it runs too much on manual processes. More processes should be automated on the application. For example: I want a learning environment where IBM Guardium Data Protection can learn the behavior of an environment, e.g. it should be more intelligent, because there is no intelligence yet on the application. It should be able to learn, e.g. you cannot try to block IBM Guardium Data Protection, in general. This is what I want to see: I want to be able to block it, in general. I want the application to be able to learn, and learn from the environment. IBM should try to bring in more of e-learning to the application. That's another thing that's missing. What I'd like to see in the next release of IBM Guardium Data Protection is for them to make resources available for the end users to be able to do a self-study, to understand more deeply how the environment works. Having user guides so people can learn more on what the application can do, about its operations, etc. I would like them to occasionally give users tips, e.g. how to do something, how to make your work easy, etc. This is how they can add value, in particular give more value for money, as they give valuable tips, just like how Microsoft does it, for example: "You can use IBM Guardium Data Protection to do this", then they should explain how to do it.

If IBM Guardium Data Protection could find a way to not have a lot of coding and development required to get the solution up and running it would be an advantage. The information of the agent could improve, which is necessary for us to monitor the databases would be a great benefit.

IBM Guardium Data Protection is a mature product. There is a lot of encryption that is not owned by IBM and is done by a third party and is not an integral part of the solution.

An area for improvement would be the user interface - currently, it takes around two to three months to become comfortable using it. In the next release, I would like to see more integration with other vault vendors.

I would like to see improvements in scalability and easier installation.

The analysis part of this product could be improved. It's a very comprehensive product, so the features it has complement customer requirements. But I would like to see more emphasis on analytics, and it would be great if they added machine learning. They already have analysis insights, but a comprehensive analytical feature that's already incorporated into the solution would be very helpful.

Guardium's storage capabilities could use some improvement. I'd also like to have some better integration using digital technology or a connector.

It would be helpful, and convenient to improve the Chat support.

In general, I find the solution a little complicated to use. Another problem is that we have encrypted traffic on Oracle and it requires a database outage. That's creates problems because you're monitoring critical systems and they don't like outages.

The installation should be a bit easier. It's pretty hard to implement right now. The solution is very expensive. It's expected, as IBM is known to be pricey. It would be nice if they could make it cheaper. As we are still in the process of implementing the product, it's hard to discuss the features and what might be missing, or could be added. We need more time with the solution to see how it works or what's missing.

One thing I'm always thinking with regard to Guardium Data Protection is that, when compared to Oracle AVDF, Oracle's often got the upper hand when it comes to the standard features. So I believe that needs to be addressed by IBM. Guardium Data Protection is far better in terms of external integration. But in terms of firewall features, like when you're blocking activities, it's as if Oracle AVDF simply has superior features. This is just from third-party observations, but the users of Oracle AVDF are saying that when it comes to the firewall and protection functionality, they're much more inclined to AVDF. Considering the competitive benefits that AVDF is providing compared to Data Protection, I can see that some improvement is required in terms of the firewall-related features. Another observation I have is that industry resources are not available to handle this product, and I believe that deployment should be much easier than what we have right now. I'm thinking along the lines of some kind of wizard that makes it easier for users to get started right away. For example, to make it so they can do the deployment easier with drag and drop, etc. It has to be more user-friendly so that anybody can deploy it, anybody can adopt it, and anybody can do the configuration. It has to be built in such a way that even if you are not a product expert, whether from IBM or otherwise, or that if you know only Word, then you can still configure it. So they have to offer that flexibility in the product. They can hide the complexity by bringing in more GUI elements so that people can more easily get on board. And also they can introduce the knowledge base side by side so that whenever they are using the product, they can quickly check what exactly needs to be configured. You have Redbooks, and Redbooks can help but maybe they can include something extra. While users are installing maybe IBM can put in some guidance, "Okay, if you do this then you configure this and that." At the same time, the market has lots of Oracle expertise here. But for IBM, there are no local resources available, and we are highly reliant on external resources. So, I would highly recommend that IBM initiates something like a certification campaign for the end user, as well as for the partner. As a partner, we are trying to do our level best, but I believe it would really benefit users for IBM to come up with some pre-certification campaigns like AWS and Azure do, especially in terms of how they promote their products through learning. What I believe is that, in order to establish the product in the market, IBM has to invest in developing resources. IBM need to strategize in such a way that it's not just selling. IBM has to develop the resources within the industry, so that there's more word of mouth; people are now talking about AVDF, because they only know about AVDF.

The most important requirements for us are integration with new database solutions and the ability to manage things like Jailbreak or something like that. Its reduction feature can also be improved. It has a functionality called reduction, which is like masking data, but it is just a replacement of characters. Sometimes the customer needs more than this. It would be good if it was more advanced or complete. We also have a problem with this solution because the IBM aggregator isn't working very well. IBM has created big data intelligence for Guardium, and occasionally, customers need three or four months of data, but they can't run it from the collectors. It can have a better dashboard and more pre-defined use cases for those customers who don't have any idea about data protection or don't have expert personnel in this area. For example, they can include five use cases for banks and five use cases for retail.

The reporting on the solution is weak. It needs to be improved and enhanced. From a management point of view, it's really important to have reports. They should be offering easily extractable reports that we, as users, can benefit from. The technical support is very poor. Integrations are difficult to configure upon the initial setup. The solution needs to offer data encryption.