IBM Guardium: Database security tool overview

Expert Ed Tittel examines IBM Guardium, a security product that offers continuous, real-time, policy-based monitoring of database activities.

IBM acquired Guardium in 2009, rebranding its database security tools as IBM InfoSphere Guardium. IBM InfoSphere Guardium Data Activity Monitor continuously monitors databases and access in the enterprise; IBM InfoSphere Guardium Vulnerability Assessment scans databases and their infrastructures for vulnerabilities.

IBM Guardium products are available as hardware appliances or as software. Appliances contain all necessary software out of the box. The software version comes as an image that an administrator can deploy as a VMware virtual appliance or on customer-owned hardware. Guardium supports a wide range of databases, including IBM DB products, Oracle, Microsoft SQL Server, Microsoft SharePoint, PostgreSQL, Sybase, Teradata, Cloudera, MongoDB and more.

IBM InfoSphere Guardium Data Activity Monitor product features

IBM Guardium Data Activity Monitor offers continuous, real-time, policy-based monitoring of database activities, including privileged user actions. Operating system-based agents discover databases and collect data transactions and activity across the network for in-house personnel and contractors. Predefined security policies let administrators easily enforce policies to trigger alerts when sensitive data is accessed, and block access if necessary.

Guardium Database Activity Monitor comes with many different preconfigured reports for Sarbanes-Oxley, PCI DSS and data privacy. Compliance audit trails cannot be changed and enable separation of duties. A feature called Integrated Compliance Workflow Automation lets administrators automatically distribute reports to an auditing team and get sign-offs.

The product also includes database traffic filtering, data classification, change control and group management with whitelists and blacklists.

IBM Guardium Database Activity Monitor also extends to big data environments and data warehouses, as well as file shares.

IBM InfoSphere Guardium Vulnerability product features

IBM InfoSphere Guardium Vulnerability Assessment (VA) comes with hundreds of vulnerability scans (or tests) that are preconfigured to work with the Center for Internet Security (CIS), the Defense Information Systems Agency's Security Technical Implementation Guide (STIG) and Common Vulnerability and Exposures standards. IBM claims that a VA test wraps up within minutes without impacting the performance of production databases. The product also includes built-in support for best practices such as those for CIS, STIG and Security Content Automation Protocol (SCAP). The Compliance Workflow Automation feature enables scans to be scheduled and run automatically.

Administrators can run either platform-specific static tests or dynamic tests. Static tests are run on a specific database and find insecure configurations; dynamic tests look for "behavioral" vulnerabilities like account sharing and excessive administrative logins.

Note: You can download a 30-day demo of Guardium Vulnerability Assessment to run in your own environment.

Pricing and licensing

IBM bases Guardium pricing on the number of processor cores (called capacity-based licensing), which can be complicated to sort through. IBM uses the term processor value unit (PVU) as a unit of measure for licensing purposes; the number of required PVU "entitlements" depends on the type of processor technology in use and the number of processors to be licensed. Per IBM, a processor refers to each processor core on a chip, so a dual-core processor has two processor cores.

Prospective customers must contact an IBM sales representative for pricing information specific to their environments.

Support

IBM offers a well-developed online knowledge base and forums, but documentation for Guardium products can be difficult to find if not impossible without purchasing the product. Software subscriptions and support are included in the product price for the first year.

Next Steps

Part one of this series examines the basics of database security in the enterprise

Part two of this series looks at enterprise deployment scenarios for database security tools

Part three of this series offers nine steps for purchasing database security software

Part four of this series compares the top database security tools in the industry

Dig Deeper on Data security and privacy

Networking
CIO
Enterprise Desktop
Cloud Computing
ComputerWeekly.com
Close