Feature spotlights

Automated discovery and classification

Automatically discover sensitive data from across your entire heterogeneous environment so that you can classify it and begin protecting it.

Automated analytics

Automatically analyze risks to sensitive data, from uncovering risky or suspicious user access patterns to uncovering malicious stored procedures or SQL injections, so that you can take action and safeguard sensitive data.

Vulnerability assessment

Scan data environments (databases, data warehouses, big data platforms) to detect vulnerabilities and suggest remedial actions. Identify exposures such as missing patches, weak passwords, unauthorized access and changes, misconfigured privileges, and other vulnerabilities, see full reports, and understand progress over time. Vulnerability assessment supports Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Database as a Service (DBaaS) environments.

Data activity monitoring

Continuous real-time monitoring, combined with cognitive analytics and proprietary algorythms, help discover unusual activity related to sensitive data, prevent unauthorized data access, provide alerts on suspicious activities, and protect against internal and external threats. Data is monitored and protected across the enterprise - from databases to big data platfroms and cloud environments.

File activity monitoring

Continuous real-time monitoring, combined with cognitive analytics and proprietary algorythms, help discover unusual activity related to sensitive data, prevent unauthorized data access, provide alerts on suspicious activities, and protect against internal and external threats. Data is monitored and protected across files and file systems.

Blocking, masking, redaction, alerting and quarantining

Protect sensitive data at rest and in motion in the manner that best meets the needs of your security policies. Apply static or dynamic data masking or redaction. Dynamically block user access to data, or quarantine suspicious user IDs. Send real time alerts to the security team for immediate follow-up on risky or unusual user behavior or access patterns.

Encryption and key management

Protects sensitive data from misuse, whether that data is in an on-premises environment or in a single cloud, multiple clouds, or hybrid cloud environments. Encrypts file and volume data while maintaining access control, and leverage key management for enhanced protection and centralized control of access keys.

Automated compliance and audit support

Aggregate and normalize audit data throughout the enterprise for compliance reporting, correlation, and forensics without requiring native database audit functions. Have audit-friendly data access audit trail supporting separation of duties, and benefit from customizable compliance workflow automation to generate and distribute reports for sign-off and escalation. Pre-packaged, regulation-specific 'accelerators' (such as the GDPR Accelerator) are also included.

Cloud-ready images for major cloud venders

Leverage fully tested and supported images for most major cloud venders. IBM can easily share these images to speed up deployment, so users may start protecting cloud data managed in Infrastructure as a Service (IaaS) environments.

How customers use it

  • Address Cloud Data Security Challenges

    Address Cloud Data Security Challenges

    Problem

    The amount of data being moved to the cloud continues to grow, but storing sensitive data in public clouds is a concern for most enterprises.

    Solution

    IBM Security Guardium Multi-Cloud Data Protection provides a holistic data security platform for data in IBM Cloud, AWS, Oracle, Azure and hybrid deployment models with a single, centralized view and robust security controls.

  • Analyze Data and Gain Visibility

    Analyze Data and Gain Visibility

    Problem

    Because data is constantly changing, moving, and being accessed by new users, it can be difficult to understand what data you have, how it is being used, and if either of these things put you at risk from a security or compliance perspective.

    Solution

    Guardium automatically discovers critical data and uncovers risk, providing visibility into all transactions and protocols across platforms and users.

  • Protect Critical Data

    Protect Critical Data

    Problem

    Insider threat and external attacks pose dangers to data; but traditional approaches can’t enforce separation of duties, recognize suspicious activity in real time, or help you act. Compliance mandates and potential audits increase complexity.

    Solution

    Guardium enables complete protection for sensitive data via real-time capabilities including monitoring, alerting, blocking and quarantining, along with compliance automation to streamline operations and reduce risk of audit failure.

  • Adapt to Changing Environments and Requirements

    Adapt to Changing Environments and Requirements

    Problem

    Constantly expanding environments, new platforms, evolving compliance requirements and dynamic users make data protection a complex challenge.

    Solution

    Guardium seamlessly handles changes within your IT environment, enabling you to secure new data sources, expand your deployment, or add new users. This flexible, tiered approach allows you to reduce costs while protecting your most critical assets.