Frequently asked questions

Get answers to the most commonly asked questions about this product.

Guardium Analyzer is a software-as-a-service offering that helps users efficiently discover regulated data (such as PII, personal and sensitive personal data, and more), understand data and database exposures, assess risk, and act to address issues and minimize risk.

It applies next-gen data classification, as well as vulnerability scanning, to uncover risks associated with data in cloud-based and on-prem DBs. It then applies risk scoring to these results to identify and prioritize DBs that may be most likely to fail an audit, so you can act to minimize risk.

Guardium Analyzer currently supports the following data sources both on-premises and on cloud: IBM Db2, IBM Db2 for i, IBM Db2 for zLinux, Informix, Microsoft SQL Server, MySQL & MySQL Community Edition, Oracle, AWS RDS for Oracle, and IBM Integrated Analytics System (IIAS).

The scan creates a risk assessment based on the amount of regulated and/or sensitive data discovered in the environment combined with the vulnerabilities found in each database. Because of this, the data classification and vulnerability results are tied together and may not be separated.

There is no option to add drivers or connections for unsupported DBs - we will be adding support for more DBs as we go. For a full list of supported platforms, refer to: the IBM Security Guardium Analyzer Knowledge Center.

Find out more

If customers connect to non-supported DBs, the scan results likely will not be accurate because the database may not be getting the latest security patches and updates, and IBM cannot provide support or product updates specific to those databases.

It can scan DBs installed on an IaaS solution, such as a cloud vm. We also support AWS RDS Oracle. Guardium Analyzer may work with other databases hosted by a cloud provider, but they are not officially supported today. For a full list of supported platforms, refer to the knowledge center.

Find out more

Guardium Analyzer's data classification method provides next generation data classification with higher levels of accuracy than catalog-based searches and regular expressions, because its rules can be more expressive and it validates matches using a checksum algorithm.

No, these offerings are not the same. Guardium Analyzer is not a substitute for data activity monitoring, file activity monitoring, or masking, blocking, or alerting data protection capabilities.

You need to have access to a Windows-based server to run the downloaded IBM Security Guardium Data Connector, which will connect to your databases and to Guardium Analyzer. You also must have user-level access to the databases you wish to connect.

You can find product documentation and more at the IBM Security Guardium Analyzer Knowledge Center.

Find out more

To successfully set up the trial, you need to have: database access privileges to scan the desired database(s) AND access to a Windows machine, to download and run the IBM Security Guardium Data Connector.

We recommend using Google Chrome for accessing Guardium Analyzer. As mentioned above, users also must have access to a Windows machine to download and run the Data Connector, as well as user entitlement to connect to and scan their databases.

Yes – today, we offer a “freemium” version of Guardium Analyzer that supports unlimited scans for up to three databases for as long as you want. Please go to the IBM Security Guardium Analyzer Marketplace page to register and get access.

Find out more

For pricing and packaging information, please visit the IBM Security Guardium Analyzer Marketplace page and click on the Purchase tab. As of October 2018, clients also have the option of purchasing Guardium Analyzer directly from the Marketplace page.

Find out more

Today, the Guardium Analyzer data classification dictionary supports English, French, German, Spanish, Italian, Japanese (Kanji and Hiragana), Dutch, Danish, Australian PII, Brazilian Portuguese and more. Additional languages will be added over time.

Guardium Analyzer went live in English, and it has been globalized and translated for French, Spanish, German, Japanese, Italian, Polish and Korean. Additional languages will be added over time.

To add or remove custom data classification patterns, you must first be subscribed to either the Guardium Analyzer Professional Plan or the Guardium Analyzer Trial.

You can add either a regex- or dictionary-based custom pattern to your classification library by going to Settings --> Manage Patterns --> Add Pattern, and then follow the prompts.

To remove a custom data classification pattern, go to Settings --> Manage Patterns, and click on the pattern you want to remove. Then, select either 'Delete' (the Trashcan icon) or 'Disable' from the blue bar at the bottom of the screen.

No. Guardium Analyzer does not move any regulated data to the cloud. Guardium Analyzer scans for regulated data and vulnerabilities in your databases, but only the results and insights gains are sent to the cloud-based Guardium Analyzer dashboard.

All communication is over HTTPS/TLS only. The data returned is only metadata: table name, column name, name of pattern found (e.g. tb_employees.emp_name: "First Name"), and any VA test that failed (ID only).

The connector stores only the connection data (db type, port/ip user/password) in a local encrypted database. No scan data is saved.

The new data classification engine is based on System T, part of the IBM Watson offerings. System T does not involve or include machine learning or artificial intelligence.

It can take a few minutes to download the Data Connector. In some regions of the world, it may take up to 10 minutes to download the Data Connector (depending on internet connectivity and speeds).

Install the connector on a Windows-based server within your local data center. After it is installed it will be able to connect to your databases and to Guardium Analyzer. DO NOT install the Data Connector on the database server(s). Think of it as a secure gateway to the service.

Do not install the Data Connector on database servers. Use a windows server with at least 8GB of RAM and 4 cores. On 1 windows server, you should only have 1 connector installed. You may have multiple data connectors installed throughout your environment, each on its own server

Please refer to the Getting Started Guide

Find out more

Please refer to the Getting Started Guide

Find out more

We recommend connecting no more than 100 DBs to a single Data Connector. You should install additional connectors after that point.

Data discovery is the process of identifying and extracting data patterns or meaningful business information from data stored in various databases and datastores, in order to obtain business insights and/or compliance objectives.

Data classification is the process of classifying data by various categories specifically for efficient business use, risk management and regulatory compliance. Data classification helps determine appropriate security controls protecting that data.

See how it works