Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

IBM Guardium: Database security tool overview

Expert Ed Tittel examines IBM Guardium, a security product that offers continuous, real-time, policy-based monitoring of database activities.

IBM acquired Guardium in 2009, rebranding its database security tools as IBM InfoSphere Guardium. IBM InfoSphere Guardium Data Activity Monitor continuously monitors databases and access in the enterprise; IBM InfoSphere Guardium Vulnerability Assessment scans databases and their infrastructures for vulnerabilities.

IBM Guardium products are available as hardware appliances or as software. Appliances contain all necessary software out of the box. The software version comes as an image that an administrator can deploy as a VMware virtual appliance or on customer-owned hardware. Guardium supports a wide range of databases, including IBM DB products, Oracle, Microsoft SQL Server, Microsoft SharePoint, PostgreSQL, Sybase, Teradata, Cloudera, MongoDB and more.

IBM InfoSphere Guardium Data Activity Monitor product features

IBM Guardium Data Activity Monitor offers continuous, real-time, policy-based monitoring of database activities, including privileged user actions. Operating system-based agents discover databases and collect data transactions and activity across the network for in-house personnel and contractors. Predefined security policies let administrators easily enforce policies to trigger alerts when sensitive data is accessed, and block access if necessary.

Guardium Database Activity Monitor comes with many different preconfigured reports for Sarbanes-Oxley, PCI DSS and data privacy. Compliance audit trails cannot be changed and enable separation of duties. A feature called Integrated Compliance Workflow Automation lets administrators automatically distribute reports to an auditing team and get sign-offs.

The product also includes database traffic filtering, data classification, change control and group management with whitelists and blacklists.

IBM Guardium Database Activity Monitor also extends to big data environments and data warehouses, as well as file shares.

IBM InfoSphere Guardium Vulnerability product features

IBM InfoSphere Guardium Vulnerability Assessment (VA) comes with hundreds of vulnerability scans (or tests) that are preconfigured to work with the Center for Internet Security (CIS), the Defense Information Systems Agency's Security Technical Implementation Guide (STIG) and Common Vulnerability and Exposures standards. IBM claims that a VA test wraps up within minutes without impacting the performance of production databases. The product also includes built-in support for best practices such as those for CIS, STIG and Security Content Automation Protocol (SCAP). The Compliance Workflow Automation feature enables scans to be scheduled and run automatically.

Administrators can run either platform-specific static tests or dynamic tests. Static tests are run on a specific database and find insecure configurations; dynamic tests look for "behavioral" vulnerabilities like account sharing and excessive administrative logins.

Note: You can download a 30-day demo of Guardium Vulnerability Assessment to run in your own environment.

Pricing and licensing

IBM bases Guardium pricing on the number of processor cores (called capacity-based licensing), which can be complicated to sort through. IBM uses the term processor value unit (PVU) as a unit of measure for licensing purposes; the number of required PVU "entitlements" depends on the type of processor technology in use and the number of processors to be licensed. Per IBM, a processor refers to each processor core on a chip, so a dual-core processor has two processor cores.

Prospective customers must contact an IBM sales representative for pricing information specific to their environments.

Support

IBM offers a well-developed online knowledge base and forums, but documentation for Guardium products can be difficult to find if not impossible without purchasing the product. Software subscriptions and support are included in the product price for the first year.

Next Steps

Part one of this series examines the basics of database security in the enterprise

Part two of this series looks at enterprise deployment scenarios for database security tools

Part three of this series offers nine steps for purchasing database security software

Part four of this series compares the top database security tools in the industry

This was last published in October 2015

PRO+

Content

Find more PRO+ content and other member only offers, here.

Buyer's Guide

Database security products: A buyer's guide

Join the conversation

5 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Has your company ever used or explored IBM Guardium for database security?
Cancel

Ed, can you also do a similar review of ChakraMax, which has competed favorably with Guardium et al on speed and price in Asia (and is now in the US via IRI)?

Cancel
HI, Ed
The documentation for IBM Security Guardium (it has been rebranded) is pretty easy to find for anyone. http://www-01.ibm.com/support/knowledgecenter/SSMPHH/SSMPHH_welcome.html
Cancel
Hi I am thinking to shift into IBM Guardium Tool, so do i get any online material to study about these tool.And if possible any trial version of Guardium tool to install and study.
Cancel
Does Guardium support SAS database (datasets)?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close