IBM Security Guardium Data Protection Reviews

For the mainframe, monitoring DB2 privileged access to our databases.

It has performed really well so far for the purpose, but we're not using the full capacity of it. There's also an open systems side that they're implementing now, that I'm not part of, but there's a lot more growth in that area.

It's more secure. The big issue is satisfying audit requirements, that is really big in our company right now.

We also use Guardium to support security initiatives and compliance policies within our organization. For what we do, we need to know who exactly is using our privileged IDs, because that's a security risk, if someone who is not authorized does that.

I don't know if Guardium has helped us comply with industry regulations like SOX, PCI, or GDPR. We also have not integrated it into other systems.

In the past we were doing a lot of manual checking, running our own reports, going through SMF data, but now Guardium does that reporting for us. That saves us time and money. Senior management is aware of the savings. They're the ones that really pushed for it.

Satisfies audit requests, to give us an idea if anybody is accessing our privileged user IDs without our knowledge.

We don't use any of the advanced features.

Regarding other features we would like to implement, I don't deal with the actual setup of the product. We have a specialist for Guardium to do that for us. We tell him our requirements and he builds the policies. So far it's very limited on our side, but I imagine on the open systems, side there would be a lot more complex policies.

Right now we're having some issues where it's using a high CPU, we don't know why. So, better testing before the product is ready would help.

So far, so good. We've been using it for about two or three years right now, and we have had no issues. Once it was set up properly, it has run as it should.

It appears to be very scalable, especially on the mainframe. On the open systems side there are a lot more servers out there, mainframe is more centralized. On the mainframe it's very scalable. We're only using one percent of it right now, what we're monitoring. But we feel that with the power of the mainframe, that can go up as much as we need.

We use tech support. If we have a problem, we open up a PMR with IBM on the mainframe side, and we also have someone that does the implementation of it on the server side. He works closely with IBM. Our experience with tech support is really good. They're responsive, and we get to the right person.

Our previous solution was manual.

Our most important criteria when selecting a vendor are reliability, the reputation, and the product itself has to deliver in an efficient manner. Our company is heavily involved with IBM products, so adding another product or taking a product away is not very hard.

We were somewhat new to it. When it first came out we had it brought in for testing. In the initial stage, the documentation was not very good on the mainframe side. But once we installed it... it was very easy to install in the mainframe side. On the open systems side, and the person supporting it, he has to be more skilled and more knowledgeable of the product, so I can't speak for him.

We did not actually PoC anybody else.

I give it a nine out of 10. It's not perfect: Issues like using a high CPU and, in the beginning, it was a little unclear on how to install it. This is only on the mainframe side.

In terms of advice, do a good PoC on it, because I believe it's a very expensive solution. And it has to satisfy the auditors, for sure. If it doesn't satisfy the auditors it won't go anywhere.

For compliance and risk assessment, monitoring the database traffic, as well as doing vulnerability assessments on the database to make sure that our security is up to par. We use it to keep us less vulnerable as a company as well as to keep the customers' data safe.

So far it has performed really well. Occasionally, we have issues here and there with new patches having bugs, but that's the case with any software.

It has really helped identify areas that we need to fix. It also identifies, from a compliance standpoint, records we can provide. It shows us just how secure we are overall, as a company, rather than just trying to do things here and there. It helps automate what would take thousands of hours for DBAs to do manually.

Our main focus for IBM Guardium is to support security initiatives and compliance policies within our organization. We use the DPD product for monitoring, especially for GDPR, SOX regulations and, of course, the vulnerability assessment that we use to make sure we're keeping up with our patches, making sure things are configured, making sure we're following the best practices.

Accelerators is one of the big functions they have out there. It gives you canned reports that you don't have to make yourself, they're out there by being part of the patch. You just have to fill your information in to some of the already built groups, for your environment, and it automates a lot of that. That has definitely helped improve things.

We've integrated it with QRadar, our SIEM product from IBM. When you do that integration, you have to make sure you have the right configuration files from both products. There is some online documentation through the IBM support portal which will give you step-by-step instructions. A lot of is pretty easy to follow.

The most valuable is the GUI, the interface. It also interfaces well with REST API, if you want to automate some of the commands. 

Inside the GUI they've really done a lot, especially from version 9 to version 10, in how they lay it out and how user-friendly it is. I've been using it for a few years, but for someone newer it's now a lot easier to use and not as daunting.

In terms of the advanced features, we do a lot of different regulations - some of the advanced ones, like GDPR, that's a big regulation in the EU. We do a lot of classifications and a lot more rules in our policy base around those regulations, that are advanced.

Looking to the near future, we're looking at some of the cloud features, especially some of the classification they're putting in the cloud, so it's not so much appliance-focused. It will help automate some of that process and make it run a lot more smoothly, because it won't be on Linux appliances in our environment.

Guardium has save us a lot of time, especially with the things it can automate. It has especially saved the DBA's time. We have a lot of other IBM products, so going with this one definitely gives us value, rather than going with another vendor. Senior management is absolutely aware that Guardium has been saving us time and money.

I'd like to see a smoother GUI interface for the CAS agent - CAS does configurations on the database - to interface better with the vulnerability assessments.

I'd also like to make sure that the data sources can be more easily managed, because some of them are tied to multiple things. You try to remove one and you have to go to all the different spots to remove the associations before you can get rid of it.

The user groups are really good for giving them feedback. I've seen, over the years, that they take a lot of that customer feedback and they actually implement some of those changes.

It's pretty stable. It's like any other software, it has its ups and downs: bugs, or configuration issues or things that weren't built exactly in the best way for customers to use. Obviously, they need that kind of feedback from when it's in the environment. But overall, I think it's pretty stable.

I think it scales pretty well. It can run on most of the database platforms currently out there. That is something we really like as a feature, because we try to hit everything in our environment to make sure we're meeting those regulations.

It's pretty good. Sometimes you have to fight through those first couple of walls to get somebody. But they're there for somebody who may not know how their using the tool, who may not be as advanced, so they don't want those kinds of issues to go to their higher-up staff. But for someone who has been using it for a long time, or knows a lot of the different sets and commands that you need to do for that issue, it's a little give-and-take scenario.

The company I work for now had the product when I came in.

In terms of important criteria when selecting a vendor, they include what support is like, how trustworthy the company is, and how they respect their clients.

I wasn't involved in the very initial setup, but it had only been configured for a little while and then I was brought on and helped expand the environment.

For my part, it was pretty complex with what we had in our environment. I made sure we were using the discovery, seeing what we had out there, making sure we're meeting all the regulations that we need to meet. There was also building the reports so the auditors can get the information they need.

I would rate it an eight out of 10. To make it a 10 they would need to do streamlining of some of the agent features, some of the patches, make it a little bit more user-friendly on the documentation.

In terms of advice, I would make sure you do a thorough PoC, that you join the virtual user group that meets once a month, as well as a customer user group that IBM is not involved in, where you can also get some candid questions and answers.

It's being used to identify who is using what data, what resources, what they're using them for, providing audit trails. We also use it to set baselines for usage patterns, to start building cases if there are any erroneous accesses happening, and to start allowing more intuitive alerts.

So far it's installed. It was a little rocky at the beginning but everything is working pretty well now. I think the baselines have been established and so far it's performing as expected.

Now that they have the base, they are going to start creating other use cases. I'm not sure what they are, but they are going to start expanding the usage and provide more education to the security staff.

It's another layer to help us identify, especially from audit perspectives. It's allowing us to be more proactive than reactive on alerts and access rights and types of resources that are being hit. Before, there were a lot of different solutions, but this expanded that out and made it a more holistic solution.

It provides centralization of monitoring, instead of multiple, disparate applications. It definitely allows more economies of scale, streamlining, less fragmented use.

We also use IBM Guardium to support security initiatives and compliance policies. For example, our audit area can verify if someone has access to information that they shouldn't have, for their regular job functions. For instance, a customer service rep is looking at his ex-wife's records. We can now see all those accesses and we can verify, and if it's true and it wasn't part of their job duties, they can actually be terminated - and a lot of that has happened since.

In terms of whether it has helped us comply with industry regulations like SOX, PCI, or GDPR, with workflow, reports, and accelerators, I know we're working on becoming high-trust certified, but I'm not part of that process any more. I would have to guess, though, that it has helped, as another tool in the tool box.

I also think we integrated it with our SIEM tool, and I don't think there were any issues.

I think the solution will save us time and money. We're still in that "ROI phase" where we're building towards that. I'd give us probably another year to year and a half until we achieve that all back. But every time an inquiry comes in, instead of it taking tens of hours, now it's taking minutes.

Senior management is definitely aware of the improvements.

I'm not aware of our using any of the existing advanced features. I was only in on  the initial implementation, so if they have added new things since then, I'm not aware of it.

If I used it every day I'd probably be able to give you a really good answer. But I don't.

I haven't heard of any issues. I think it's been pretty stable, once they got over the initial bumps. The bumps were just our staff knowing how much information needed to be monitored, and at what level. I think they were fluctuating between levels of granularity as well.

We started out with as much as we could from the beginning. I don't think there have been any issues. It's our internal skill set and maturity with the tool that have been growing. I think it has TAPs in every piece of our data in our datacenter, so it's already been able to scale to what we need.

I personally haven't used tech support, but I know that during implementation, when they were reaching out, IBM was always really responsive.

We have a really good relationship with IBM, regarding PMRs being taken care of. We actually have monthly meetings with the sales and technical support staff to make sure everything is being addressed, and they do a good job.

We knew there was a gap that needed to be filled, I believe, when they engaged IBM. We had some pretty specific, and general, requirements around auditing and security. I don't recall who else they looked at in that space, but IBM seemed to fulfill every requirement we had on our list. And some issues we didn't even know about, because of our level of maturity; you don't know what you don't know, until you find out, "Oh, we can do that?"

A lot of it was just knowing where to put all the S-TAPs. There was a lack of skill set on our implementation team, so IBM had a partner come in and help. There was that gap of knowledge that had to be crossed, and once the skill set was built it performed a lot cleaner.

I don't know. They went through the RFP process and selected the tool, and then I got involved, and then I hopped back out.

If it's the vendor or a third-party telling you how things should be set up out of the gate, go with that and don't argue with them. That saves a lot of time.

I would rate it a nine out of 10. It has done a really good job for us.

To keep track of client information, index security risks, and other information needed at a moments notice. IBM Guardium performs transparent encryption and decryption provides on the fly encryption without needing to be indoctrinated into lengthy training to use it. 

Efficiency is key and IBM Guardium provides information in a heartbeat, but protects the data with military grade encryption. IBM Guardium is used for file and database security for protecting structured and unstructured data. Security policy enforcement of policy-based encryption and centralized encryption key management allows us to maintain data in a secure environment.

IBM Guardium provides a unified key management system to help simplify encryption key management. In a large organization, this is a critical feature and IBM went above and beyond while developing the software. 

Personally, I would like to see IBM Guardium have other encryption algorithms employed, such as DES/3DES or TripleDES, Twofish, Blowfish, or IDEA. I especially would like to see Twofish used, since it is a block cipher designed by Counterpane Labs. It was one of the five Advanced Encryption Standard (AES) finalists and is unpatented and open source.

No, IBM Guardium is well designed and compatible with Windows-based computers.  

I have not had nor do I know of any such issues. I believe the design of IBM Guardium is perfect for small to large scale settings, and does not reduce accessibility to content with on the fly encryption.

No, IBM Guardium was already in use. 

Unknown, since I was not involved with the purchase. 

I would suggest to review the type of data, need for security, and if the organizational structure needs the options IBM Guardium provides. 

No, there was no need to. 

Put simply, human error is often the downfall of computer security. When using IBM Guardium, or any encryption software for that matter, use common sense: Encrypt data when not in use, watch where you enter in passwords (not at Starbucks in view of security cameras that can be retrieved by an adversary, or the person next to you), and watch out not to inadvertently install spyware while clicking on a random link. 

* Quick search

* Ability to define reports based on SQL query, especially when you have complex report criteria.

* Stream audit data to 2 collectors simultaneously.

* GIM passive install. You can connect GIM from Colletor or CM when GIM is running in listening mode.

Can't tell as I did POC only.

* First of all. GUI and user experience needs to be reworked from scratch. Product management console look like from 90's.

* Deployment process is very complicated as you need to now all advanced parameters. Almost not possible to figure out for yourself.

* Central Manager (CM) needs rework to. Some configuration params still needs to be done on collectors locally.

* Agent statistics is not available by default. You have to make a report and still you will not see all information like data interface activity.

* Dynamic datasets is rocket science. To make it work you have to build several additional procedure, which make it extremely fragile.

* Audit data is a single block. if you have several policies you can't purge data for specific policy.

* Collectors requires enormous amounts of resources comparing to other products available on the market.

a month only to evaluate this product

Yes, during the deployment you get nothing out of the box. You have to manually configure everything. Tune parameters for agent, collectors. Agent deployment is very complicated.

Yes, scaling the product might be a tricky task as you have to configure parameters locally or collectors or agents.

Product looks easily scalable.

SMEs that were together with me during the POC were very technical and did understand their product.

n/a for POC

Yes we use Imperva SecureSphere, and still use it as Guardium has failed POC. We were not able to replicate our current deployment and some major issues, Guardium had, prevented us from selecting this product.

It was extremely complex. Without IBM support it would take years for you to setup infrastructure.

Throught the vendor team. These guys were very technical and helped me to understand each steps during the POC

n/a

We haven't talked much about pricing and licencing. But it is not cheap for sure

We haven't chosen this product.

If you have complicated report requirements which involves very specific filtering and/or aggregation. And you have lots of resources in your virtual platform. Then give it a try.

Also I suggest you take a look at other top grade product like Imperva SecureShere. the reduction in resource requirements is 3 times less and it have plenty of nice features out of the box.

Database activity monitoring (DAM)

It can provide the logs for the activities performed by the privileged users across the all databases (MSSQL, DB2, Teradata, Oracle Sybase and many more) which can avoid the internal frauds and keep data secured. It can also alert if any hackers tried to log-in to the databases from failed login alerts.

Some improvements were needed in version 9.6, those are covered in version 10 already. If we face any issues or bugs in the product IBM provides the patch on that.

Since last 4 years I am working on this project and organisation using this sine seven years

There are very less or minimal issues deployment those might be due to the human error , IBM documented the all steps in details for the deployment and they are available on internet.

Yes there was the issue on the high CPU utilisation by Guardium services ,on the database host but IBM has introduce the Guardium service monitoring service(watch dog process) which auto restart the Guardium services when CPU utilisation reach the defined threshold percentage.

If you follow the recommended configuration as per the IBM and correct capacity sizing done there is no issues.

8 out of 10

8 out of 10

NA

Initial setup is very easy to perform . this has only 4 level architecture (Central Manager-->Aggregator-->Collector-->Guardium STAP agent)

we are implementing In-house with help of documents

Little high as compare to other products available in the market but the service provided by vendor is great and there are many additional functionalities as compare to other tools

NA

vast product as there are many features of this product to full fill the customer requirements, and less expertise are the there worldwide.

Database logging and audit functions are the most valuable features. In some fields like banking, it's very important to be aware of the actions of database users, and ensure that those without the permission to access information do not access it.

We succeeded at hardening our customer databases by defining policies for alerting and blocking access to prohibited and restricted data.

I would like to be able to upgrade appliances within major versions without needing to rebuild the appliance. Once, I tried to upgrade a Guardium Appliance from v9.5 to v10 and there was no available patch for that. Therefore, the solution was to back up the appliance data, rebuild the appliance with the v10 image and then restore the data. This procedure is highly risky, because you can lose all the data if the restoration does not succeed. Installing a patch is much easier and there is no data loss risk!

I have used it for 2 years.

I have not encountered any stability issues.

I have not encountered any scalability issues.

Technical support is unsatisfactory. IBM Support failed to provide me with the v9-v10 upgrade patch as it is suggested on a upgrade roadmap technote.

Back when I was a developer, I developed an audit trail module in Java/JEE. Obviously, it was not as sophisticated as Guardium.

Initial setup was straightforward.

Before choosing this product, I did not evaluate other options. We implement exclusively IBM products.

At first, IBM Guardium may seem complicated, but once you learn the basics, it becomes simple to use.

• Database Activity Monitoring: Fulfills the international standard security requirements, such as PCI DSS
• It is very transparent on all of the query access controls of the monitored databases

According to my client, it fulfills the PCI DSS standard requirements that are implemented in his bank.

The graphics are so lame. I am sure that the latest version of Guardium, Version 10, would have improved it perfectly.

I see that they have improved the chart and diagram in the latest version of Guardium. However, there are some limitations on how the chart displays the data for analytic needs.

I am not sure if Guardium has the dashboard design to see the information much better.

I have used it for three years.

We did encounter stability issues. Do not upgrade directly to the latest fix pack unless people have confirmed that it is stable.

There were no scalability issues.

Technical support is always available for you. I suggest the following:

• Call IBM and make a Severity 2 request instead of Severity 3 request.
• Ask them to provide remote access to your system right away.
• Prepare the log files that they usually request.

They have changed the way of licensing. It is no longer according to your core. It is now based on how many servers you use. The price should be way less expensive.