IBM Security Guardium Reviews

I work with IBM Security Guardium. It's a very good tool for protecting databases, regardless of the type, whether it's Oracle, Microsoft SQL, SAP HANA, or any other database. It's excellent for monitoring and has additional functionality such as vulnerability assessment for the databases.

I can utilize IBM Security Guardium for real-time alerts to monitor who's logging in, who's logging out, what scripts they're running on the database, and anything else related to monitoring.

It does compliance depending on your vertical, such as HIPAA for medical or PCI DSS for financial sectors, and it has a lot of built-in functionality for compliance.

It's very good for automation compliance reports.

Adding AI would really assist in improving IBM Security Guardium, but overall, it's a very mature tool, so there aren't many improvements needed.

I have experience with IBM Security Guardium for seven plus years.

It's not resource-intensive and can monitor a large number of databases.

I consider IBM Security Guardium to be a stable solution.

I find IBM Security Guardium to be very scalable.

I'd rate the technical support of IBM Security Guardium an eight to nine on a scale of 1 to 10.

Positive

We get the QRadar solution directly from IBM.

The Secret Server was sold off by IBM; it's no longer an IBM product and is now a product by Delinea.

I only worked with Delinea Secret Server for maybe two or three years when it was still an IBM product, so I've not used it and do not know how it is after it was sold off.

The initial setup of IBM Security Guardium is not complex, but you still need a professional to configure it properly.

I see a very good ROI because immediately after implementing it, I start seeing benefits. I gain more visibility into my environment and database, knowing what is being altered and where it's being altered from.

It does not take a lot of time to see the measurable benefits from IBM Security Guardium.

The pricing, setup cost, and licensing for IBM Security Guardium are okay; no IBM solution is cheap, but it's competitively priced in the market compared to similar products such as Imperva.

I have experience with IBM Identity. They call it IBM Verify, but it's IBM Identity and Access.

I'm mostly working with IBM Security, specifically the security products such as IBM Security Guardium, Identity and Access, MaaS360 for mobile device management, and QRadar, which is their SIEM.

I have experience with QRadar for seven plus years. Most of the time we do an on-premise deployment of QRadar.

On a scale of 1-10, I rate IBM Security Guardium an 8.

The primary use cases for IBM Security Guardium include onboarding and offboarding of the servers and working on alerts, such as troubleshooting if any S-TAP goes down. We also have Sonar, which means Imperva DSF. We evaluate the reports or logs, and we set up a justify workflow there. We have set up alerts on the basis of logs; if we get many failed logins, high failed logins, or high SQL errors, then we get the alerts. I'm working on those alerts as well.

For real-time alerts in the alerter, we set up multiple types of alerts such as high failed logins in IBM Security Guardium. We have set up one group, and in that group, we mention users of a particular DB. If any other user tries to access or run any command, then we get the alert on a real-time basis. We then reach out to the server-side or DB team to evaluate those alerts.

In IBM Security Guardium, we use data discovery to discover the complete detail of the databases, which helps us understand the database and all the required details. We use data classification jobs for sensitive information, which run on the basis of data sources. We run the data classification job on the basis of data sources, and we get all the table names and column names, after which we classify them as critical or not.

We use a PowerShell script for some parts of running the data mart jobs in IBM Security Guardium. We have added multiple functionalities in that PowerShell script. For example, four or five months ago, we needed to migrate our data source user into CyberArk. It was very hard to replace the data source setting and add the users one by one because we have a very large environment here in MetLife. So, we added an API in the same script, and through that script, we replaced all the data source users.

In IBM Security Guardium, Sniffer is the main feature, which makes it very special because Sniffer filters out the logs on the basis of policies. In policies, we define what we want to capture. Sniffer is the main and most important part of IBM Security Guardium.

IBM Security Guardium can be improved in terms of several aspects. One is for the inspection engine. They define in the documentation that the inspection engines are auto-discover, but when we try to discover them, they are not discovered fully. They skip some of the databases. In this scenario, they need to work on this so that we can capture the complete database logs from any server.

Policies are another area that needs improvement. We used some skip-logging policies for particular commands in IBM Security Guardium. We have applied the whitelisting in our environment. We have created one group and defined everything in that group, but when we check the logs, those logs are still present. We have worked multiple times with IBM on this issue.

To capture the logs from Azure servers and cloud servers, we require a secondary tool. If they combined something and built functionality to capture cloud server logs within IBM Security Guardium, that would be beneficial. The license cost would be different, but we could capture the logs in the same environment. They could also provide more policies or compliances for users. IBM is working on an AI tool to replace the complete IBM Security Guardium product. According to documentation, IBM Security Guardium might be replaced by an AI-based solution in the next five to ten years.

I have been using IBM Security Guardium for more than four years.

IBM support is good. If you raise an issue, they will respond accordingly. This is also good compared to other products' support. These are some of the points that make IBM Security Guardium superior in the market right now.

Positive

The initial setup of IBM Security Guardium is not complex; it is easy.

Pricing for IBM Security Guardium is very high. When comparing it in the market, IBM Security Guardium is significantly higher than other tools such as Imperva DSF. Imperva SecureSphere is less expensive compared to IBM Security Guardium.

I am still working on IBM Security Guardium.

I have not worked with IBM Security Guardium dashboards because we have Imperva J Sonar. We have complete data of IBM Security Guardium. We send all the data in Imperva J Sonar data mart jobs and set up the dashboard there. In IBM Security Guardium, there is a limitation of storing data. In collectors, we store a minimum time of data, approximately 15 to 30 days, due to high login activities. That is why we send all the data to the data mart in Imperva J Sonar. We do analysis there, where the purge time is in months, so we can analyze the last year's complete data.

I use the feature for real-time alerts in IBM Security Guardium and work simultaneously with IBM Security Guardium and SonarQube. My SonarQube is on-premises. I work with IBM Security Guardium mainly and with other products as well.

I rate IBM Security Guardium 4.5 out of 5.

My use case for IBM Security Guardium is to monitor administrative work, such as activities on my SQL server, what users are doing in the server, what queries they have triggered, and when they have logged in.

The best features of IBM Security Guardium include the ability to download very high volumes of data, which is a good feature. When there is an audit from a regulated entity, such as a financial organization, they sometimes ask for an audit trail, making it very suitable for capturing high volumes of data on activities.

It has capabilities for monitoring user behavior, such as login times, and it is very much optimized. Another noteworthy aspect is that it is easy to use, but it has very limited code material to operate the application. While doing administrative tasks and providing L2, L1 support, I currently have some knowledge; however, in the beginning, I faced issues related to finding proper information about this tool. I had to go through all the documentation they provide, and sometimes it is not totally comfortable to run those commands. Therefore, I have to go to IBM for assistance, whereas with other tools, one can find many tutorials and administrative videos for help.

I do not find any other room for improvement for IBM Security Guardium; everything works except for one issue. It is a very good tool, though I encountered one problem when I needed to download a very large amount of data, approximately 1.4 million entries. During that time, it went down but came back up within an hour automatically, indicating that it is highly optimized.

I did not have to do anything to fix this issue. It is impressive that the problem occurred due to RAM consumption. When this query runs, it consumes the whole 32GB of RAM. However, it has the capability to restore itself, ending all processes and then returning to a normal state. This optimization is remarkable as many systems might crash, requiring creation of a ticket with the data center team, and they will restart your system, which is time-consuming due to the escalation and approval process. I do not have to face this type of issue with this particular tool.

I have been working with IBM Security Guardium for approximately 1.5 years.

The deployment of IBM Security Guardium was done through an external party, and I have deployed the total solution. The deployment process was not very challenging, but there was one problem regarding mail IDs; when implementing alerts, you need to have a dedicated mail server. I have both an external mail server and Outlook 365 mail.

I would rate my experience with the technical support of IBM Security Guardium as very good because whenever I create a ticket with IBM, they support and guide me. I would give them a rating of seven to eight.

I did not use a different solution before IBM Security Guardium; it was our first solution, and it is also integrated with our SIEM.

My experience with the initial setup of IBM Security Guardium is that it is not very complex and is very easy to implement.

The deployment of IBM Security Guardium was done through an external party, and I have deployed the total solution.

I am not a partner of IBM; I am a user, an end user. I am working as a Cyber Security Manager. I would rate IBM Security Guardium overall as a seven because it should integrate AI solutions to help users. Many solutions have this capability, where there is an AI chat option that can provide assistance with issues related to the DAM solution. It can feed all data to the DAM and be trained specifically for it. If they integrate this type of feature, I believe it will be much help for users. Overall rating: 7/10.

The primary use case for IBM Security Guardium is database security and DAM tool implementation.

IBM Security Guardium serves the financial industry, though we do have customers from non-BFSI sectors using this product.

QRadar has been a key part of our office experience for the past 10 years, and we have been a direct partner with the company for the past four years.

Currently, we are dealing with QRadar from IBM and have experience with IBM Security Guardium. We are not interested in pursuing other options.

It is straightforward because we have technical expertise and SMEs who have been working with this particular solution for the past decade.

While it is good and we are still working with it, it requires significant improvements to be competitive with other tools. There is considerable R&D required from IBM.

The features have been in the product for many days, and improvements could be made from the UX side.

We have three years of experience with IBM Security Guardium.

The cost is higher, but we felt there was no other alternative product to replace it.

It is not our interest but rather the customer's interest, so we implement it when they require it.

I am not a technical SME, so I cannot provide specific technical answers at the moment.

On a scale of 1-10, I rate this solution a 7.