IBM Security Guardium Data Protection Reviews

• Database access monitoring
• Vulnerability assessment
• PCI compliance
• SOX compliance
• GDPR compliance 

• It provides us regulatory compliance proof and evidence for audit. 
• It allows us to find bad actors. 
• It allows us to find people who are doing stupid things, and do it without the intervention and loss of data integrity of the people that we are monitoring manipulating the data.

We have integrate IBM Guardium with ArcSight and Splunk.

The ability to collect the data without database administrators being able to modify it.

• There are some GUI improvements that I have provided to development already.
• Performance and the ability to use resources could be improved. 
• The ability for Central Managers to talk to one another could be improved. I have 26 Central Managers and 26 silos which are independent.
• Some of the data handling or data recording could be improved. We are doing it with external software, components, etc. 

For the most part, it is stable. Depends on the year.

It has scaled. It was pulling teeth, but it does scale. 

We taught IBM about the limits of the product. They did not think there were limits to the product. There were, because we do very extensive testing of performance. We can tell you when a product is going to break. Their development thought this was valuable because they do not have the facilities to do this sort of extensive testing.

Technical support is very knowledgeable now. 

At one time, they were horrible since they were blue washed. After the blue wash and a couple of years on the honeymoon, then they have gotten considerably better. They have had problems understanding that they do not know as much about the company's environment as the employee does. This will result in them downgrading tickets, and they will just do it on the fly. This is not a good thing because they do not understand the issue. This may not look like a sub 1 ticket to IBM support, but it is.

We went in and tested it. We continually test everything that is in the industry. Guardium has significantly gone past the mark of acceptable every single time, as compared to their other competitors.

Overall, it is a very solid product. 

Database activity monitoring.

It performs its job quite well.

We use Guardium to support security initiatives and compliance policies such as  APCI, SOX, GDPR, pretty much everything.

We are in the process of integrating Guardium with a couple of systems including IDSM.

It does save us time and money. I can't quantify it in terms of money, but it has been very difficult to analyze all the network traffic somewhere else. Guardium provides that feature, it's heuristic. So we have rule-based algorithms in place to take care of that.

The ability to do its job properly, database activity monitoring for insider threat. That's primarily why we use it and it does a good job.

Among the advanced features, we use Vulnerability Assessments. We are in the process of using Discovery Classification as well.

We have made a list of RFIs. There are features like end-to-end and S-TAP mapping, and the ability to install policies for your configuration builder. They're not there, but we'd like to see them in the next version.

Stability has improved with the newer versions.

It scales well. The newer versions scale very well compared to the earlier versions.

They're brilliant. 

I was not involved in the initial setup, my manager was. But I have been involved with the latest versions. Initially, from 32-bit to 64-bit was a nightmare, but the latest 64-bit versions are pretty straightforward.

When selecting a vendor, what's important for us is 

• how quickly they can provide customer support
• scalability
• reliability
• dependency.

Overall, I'd rate it at eight out of 10. It could be a 10, however there are few features, like the ones I mentioned, that are still a work in progress.

Regarding advice to a colleague, determine what your business needs are. If your business needs are similar to the ones Guardium solves then you should go for it. The implementation is seamless, the requirements are straightforward, and it's easy to use the product.

Database activity monitoring.

Its performance is good, most of the time.

The benefit is that it's made database monitoring more visible to the business, creating more conversations about how we should do it better. So it's increased the visibility and discussion.

It also helps us with GDPR and SOX compliance and just looking at specific policies around; protecting sensitive data. 

We haven't integrated it with other systems we use.

In terms of saving us time and money, I'm not sure if Guardium does. I know we spend more time and money to cover monitoring, this is something we didn't do before, so I think it's more about the capabilities it's given us.

The architecture and the robustness of the data it produces.

Regarding advanced features, I'm using enforcement in the policies. In the future I would like to do more classification. 

More cloud support. 

For the most part, it's pretty stable. We've had some issues recently that we're working through, on the agent software that runs on the databases.

The scalability is good.

I would say tech support is about a seven out of 10.

It can be complex. The documentation is in so many different locations, and a lot of times we have to leverage support and higher level resources to figure out the right steps to take.

Our most important criteria when selecting a vendor are stability and architecture.

I rate this solution a nine out of 10 because there are a few things I'm working through that I would like to see improved, mostly around the stability on the agent software side, working with the database vendors.

Regarding advice, I would recommend you use it and that you try to leverage IBM's support and services as much as possible to help get through the initial installation and configuration.

We have implemented it on an industrial network to monitor the production of medicines. This is something that is very controlled by Brazilian regulations and we have to keep an audit trail for this data. Trying to enable it on SQL Server - that was our client's main server - the load would go so high that they couldn't use the application anymore. They are using Guardium now so they can produce that audit trail for audit compliance.

We have integrated IBM Guardium with IBM Watson Curator. They access Curator to identify and correlate other actions the user is doing to determine if this is a legitimate action or not.

In terms of advanced features, our clients are starting to implement it on an order basis so they can get to GDPR and the like; those Accelerators. They also use it a lot for PCI, to get access to credit cards.

Guardium has saved us time and money, mainly on the discovery process and senior management is aware of this, of course.

The Audit Trail.

They could improve the Data Masking a little.

Stability is quite good. We had some problems, but support is very effective so we were able to solve them very quickly.

We had instability with reports, they were giving some errors. I don't know exactly what had happened because I wasn't the one involved, but we couldn't access reports.

Tech support is very good.

We knew we needed to switch because of that problem with the audit trail, that SQL couldn't keep up with what we needed to do for auditing. That's why we had to search for a new solution.

It's very easy.

I would rate it an eight out of 10 because it is very stable; we had some problems but they were solved, and we can do what we need to do.

To provide cyber security for databases.

It has performed very well.

It has made us more responsive and more productive, more efficient.

We use Guardium to support security initiatives and compliance policies. We are in the healthcare world, so it helps us with HIPAA compliance. It has also helped us with PCI. We haven't gone with GDPR.

We have not yet integrated Guardium with other systems we use.

It has saved us time and money by definitely making us more productive. Senior management is aware of this.

It provides a comprehensive security for databases, both on-prem and on the cloud.

Among the advanced features we use automatic backups, DR. We'd like to implement more predictive, using Watson.

More predictive, using Watson AI would be good.

It's very stable.

It's scalable.

We sometimes use technical support from IBM. It has been good, very good.

We were using traditional cyber security stuff. But this is a pretty good product. We became an IBM business partner, we are a cyber security business partner for IBM. We have other products besides Guardium that we are marketing.

The most important criteria when selecting a vendor are their

• stability
• quality
• support.

It was straightforward.

Buy it.

It's a security product that works across multiple platforms, in our case it's the mainframe and the midrange. We use it to detect when somebody accesses restricted data and report on it.

So far it has performed quite well, we're happy with it.

We used to use cobbled-together scripts, different products and different pieces on different platforms. This is one consolidated tool so one report comes out for each director and it's clean and easy. There is some scripting involved to tell it what is important and what is not important - which is important to us.

In terms of security initiatives and compliance policies within our organization, that's basically what we use it for: the reporting of who touches what data. And that goes up to the directors and they approve or get mad at you and ask you why you did something.

IBM Guardium probably helps us comply with industry regulations like SOX, PCI, or GDPR, but the big driver was more internal and audit-related, rather than industry-related.

We haven't integrated Guardium with other systems we have.

It has saved us time and money. As I mentioned, we had a bunch of cobbled-together scripts that were manually maintained for different platforms. This solution automated all that and made it such that the security administrators can run it themselves and not involve us. So there is less "people effort." Senior management is aware of the savings.

It makes the auditors happy.

It does not require our involvement to run it. It runs in the background and the people that do the reporting do so. The reports go to the directors who are in charge of the various data areas. It's pretty clean. Clearly there is some setup, but after you get it set up it just goes.

I have no idea what the advanced features are, so we're probably not using them.

Lower pricing would always be good but apparently we're getting our money's worth or we wouldn't be using it.

I'm pretty impressed with the stability. There was medium-sized initial effort getting it configured and set up and doing what we wanted it to do, but it just runs and we don't have to deal with it.

We run it on the mainframe and on the midrange platforms and we haven't had any performance issues of any kind. We haven't really had to scale it. We pick and choose what's important to us, so we don't monitor everything. If we were going to monitor everything it would probably be an issue, something we would have to address.

I have not used tech support personally. We did have some support help at the beginning, learning it and getting it set up.

We were previously using homegrown scripts. We decided to switch primarily because this is a multi-platform solution that consolidates everything and centralizes support for it.

When selecting a vendor, we reviewed two other products, but the main reason was that this is a multi-platform solution and it worked well in our environment.

I was not directly involved but I was involved somewhat since I had worked with some of the systems in the past, so maybe some requirements gathering.

The setup seemed pretty straightforward to me.

We're very happy with it. It depends on what your needs are, but it meets our needs.

We want to protect our data. That's the primary use case.

So far, performance has been okay.

We are able to identify who does what, when, and we are able to go back to them and say, "Is this an authorized activity? Is it not an authorized activity?" Why are they doing it? Is there an outlier? Go back and find out if that is normal, unusual? It has helped the overall perspective of making our operations more compliant with the regulatory requirements.

We use Guardium to support security initiatives and compliance policies in our organization. For example, we create reports that tell us how often is a password locked, how many exceptions we are getting, how many failed login items we are getting. We send those reports to the compliance and auditing folks. We do vulnerability assessments, detect vulnerabilities and send reports.

Currently we are not focused on GDPR because we are mainly a US-based company. I don't think I would say that Guardium has saved us time or money.

It does the monitoring of access very well, although we currently don't use any of the advanced features.

Get rid of the collectors. Stream the data directly from the agents to the Big Data link.

The solution is very stable, but it has its challenges. 

I would rate tech support about seven out of 10.

This was a management decision. I think when they found Anthem was getting breached they decided, "Hey, let's try something else."

When selecting a vendor, the most important criteria for me are the

• reliability of the vendor
• name recognition
• support model
• cost, of course.

If you know it, it's pretty straightforward. Otherwise, there is a little learning curve.

The biggest challenge is the cost associated with the product, and the cost of maintaining. Everything is not translated directly to the benefits we see. There are benefits, yes, but if I were writing the check, would I buy Guardium? No.

It's pretty good. We have the latest version, so we are able to scale.

I would rate this solution six out of 10. The benefit to the cost is not justified, in my opinion.

I would say Guardium is a good product. It's a very good product, but you want to weigh how much you want to implement. Do you want to focus on only certain applications? Certain databases? Don't do it across the enterprise. So think about that.

Primarily re-monitoring sensitive data and privilege user access. 

One of the greatest benefits for using Guardium is our ability to monitor sensitive data. With current policy and GDPR for international, then audited compliance for monitoring access to sensitive data, it is very critical for our industry in healthcare. 

We use IBM Guardium to support security initiatives and combine policies within the organization. We have many initiatives that come up and we have what are called action plans. Guardium comes up in quite a few of them when it gets related to database monitoring and controlling sensitive data. 

IBM Guardium helps us comply with industry regulations, such as GDPR, local US standards, and then the current New York cyber laws, which are very specific about controlling access to data.  

Guardium is integrated for data. It is integrated across our big data, then for cyber security. It is integrated in our security stack. 

• Our ability to see when users are accessing sensitive data. 
• The front-end works very well. 
• Gathering the data works very well. 

We are using quite a few of the advanced features. Some of those include some scripting for integration with our other security tools in the environment along with data collection, and the ability to use large data formats for monitoring and information. 

One of the limitations that everyone who uses Guardium knows is its ability for back-end reporting. Guardium in and of itself is a big data platform. It creates big data all by itself. The ability to collect it sometimes is easier than the ability to retrieve it, use it, or give a good representation of it for incidence response or questions which come from the different people who want to use the data. 

Then, it goes back to the use of the data. Using the data in native Guardium is difficult, at best. I know there are current advancements. I know they are integrated with jSonar, which used to be a partnership. However, it is now integrated into the company, which is nice, but we are far beyond that. We have already purchased and implemented other solutions, so now we have to go back and retroactively add that, which would be a good addition, but we are just not there today. 

Guardium is very stable. The only outages that we have had have been self-induced, which is hard to admit. As a platform, it provides great stability.

Guardium should meet our needs going forward. 

We have only been using Guardium for a short period of time, so we had some growth problems. It is just like growing into your body. Your knees start to hurt after a little while, but once you get through that growth spurt, you get your win and you keep going and you are able to grow and expand. I think the way we have it implemented, we will be able to grow and scale as the organization grows. 

We use technical support very frequently. We actually have a weekly call with our sponsor where we go through all of our different support questions. We are on a week-to-week basis where we follow-up with all our questions. We are on the leading edge for Guardium implementations. The version that we are on, it makes us a Fortune Six organization with the current version for all of our data. It requires a lot of support as we grow and mature with the product and with our organization's growth. 

Our initial setup was pretty straightforward because we were just figuring out how it worked. Over the last two years, we have introduced our own complexities to accommodate our requirements. Would I say that it is complex to us today? No. To the average Guardium user? Yes, it would be complex.

We did evaluate other vendors. Guardium was a large purchase. We did our due diligence as we were responsible for the purchase process. Guardium won mostly because of our scope and scale. It was able to perform at the scale that we wanted to use it.