Frequently asked questions

Get answers to the most commonly asked questions about this product.

Guardium Analyzer is a software-as-a-service offering that helps users efficiently find regulated data (such as PII, personal and sensitive personal data, and more), understand data and database exposures, assess risk, and act to address issues and minimize risk.

It applies next-gen classification, as well as vulnerability scanning, to uncover risks associated with data in cloud-based and on-prem DBs. It then applies risk scoring to these results to identify and prioritize DBs that may be most likely to fail an audit, so you can act to minimize risk.

Today, Guardium Analyzer supports the following on-premises and cloud databases: IBM db2, Oracle, Microsoft SQL Server, and MySQL. More platforms will be added over time

The goal of a scan is to create a risk assessment based on the amount of regulated and/or sensitive data in the environment combined with the vulnerabilities found in each DB. Because of this, the classification and vulnerability results are tied together and may not be separated.

There is no option to add drivers or connections for unsupported DBs - we will be adding support for more DBs as we go. For a full list of supported platforms, refer to: the IBM Security Guardium Analyzer Knowledge Center.

Find out more

If customers connect to non-supported DBs, the scan results likely will not be accurate because the database may not be getting the latest security patches and updates, and IBM cannot provide support or product updates specific to those databases.

It can scan DBs installed on an IaaS solution, such as a cloud vm. We also support AWS RDS Oracle. Guardium Analyzer may work with other databases hosted by a cloud provider, but they are not officially supported today. For a full list of supported platforms, refer to the knowledge center.

Find out more

Guardium Analyzer's classification method provides next generation classification with higher levels of accuracy than catalog-based search and regular expression, because its rules can be more expressive and it validates matches using a checksum algorithm.

No, these offerings are not the same. Guardium Analyze is not a substitute for data activity monitoring, file activity monitoring, or masking, blocking, or alerting data protection capabilities.

For full details please refer to the Getting Started Guide

Find out more

You need to have access to a Windows-based server to run the downloaded IBM Security Guardium Data Connector, which will connect to your databases and to Guardium Analyzer. You also must have user-level access to the databases you wish to connect.

You can find product documentation and more at the IBM Security Guardium Analyzer Knowledge Center.

Find out more

To successfully set up the trial, you need to have: database access privileges to scan the desired database(s) AND access to a Windows machine, to download and run the IBM Security Guardium Data Connector.

We recommend using Google Chrome for accessing Guardium Analyzer. As mentioned above, users also must have access to a Windows machine to download and run the Data Connector, as well as user entitlement to connect to and scan their databases.

Yes – today, we offer a “freemium” version of Guardium Analyzer that supports unlimited scans for up to three databases for as long as you want. Please go to the IBM Security Guardium Analyzer Marketplace page to register and get access.

Find out more

For pricing and packaging information, please visit the IBM Security Guardium Analyzer Marketplace page and click on the Purchase tab. As of October 2018, clients also have the option of purchasing Guardium Analyzer directly from the Marketplace page.

Find out more

Today, the Guardium Analyzer classification dictionary supports English, French, German, Spanish, Italian, and Japanese. Additional languages will be added over time.

Guardium Analyzer went live in English, and it has been globalized and translated for French, Spanish, German, Japanese. Additional languages will be added over time.

To change, update, or import new data classification patterns, you must first be subscribed to the Guardium Analyzer Professional Plan. Then, you can add either a regex or a dictionary based custom pattern to your classification by going to settings -> manage patterns

No. Guardium Analyzer does not move any regulated data to the cloud. Guardium Analyzer scans for regulated data and vulnerabilities in your databases, but only the results and insights gains are sent to the cloud-based Guardium Analyzer dashboard.

All communication is over HTTPS/TLS only. The data returned is only metadata: table name, column name, name of pattern found (e.g. tb_employees.emp_name: "First Name"), and any VA test that failed (ID only).

The connector stores only the connection data (db type, port/ip user/password) in a local encrypted database. No scan data is saved.

The new classification engine is based on an IBM Research asset called System T. System T has been proven as part of IBM Watson offerings, and now we are embedding it in Guardium Analyzer. System T does not involve or include machine learning or artificial intelligence.

The Data Connector is provided with the Guardium Analyzer service, and it helps clients efficiently connect to their cloud and on-premises databases to uncover regulated data and vulnerabilities related to that data. For more details about the Data Connector, watch this short video.

Find out more

It can take a few minutes to download the Data Connector. In some regions of the world, it may take up to 10 minutes to download the Data Connector (depending on internet connectivity and speeds).

Install the connector on a Windows-based server within your local data center. After it is installed it will be able to connect to your databases and to Guardium Analyzer. DO NOT install the Data Connector on the database server(s). Think of it as a secure gateway to the service.

Do not install the Data Connector on database servers. Use a windows server with at least 8GB of RAM and 4 cores. On 1 windows server, you should only have 1 connector installed. You may have multiple data connectors installed throughout your environment, each on its own server

Please refer to the Getting Started Guide

Find out more

Please refer to the Getting Started Guide

Find out more

We recommend connecting no more than 100 DBs to a single Data Connector. You should install additional connectors after that point.

See how it works