What's new in this release

New features, functions, and enhancements.

What's new in IBM Security Guardium Insights Version 3.2.0

Reporting
  • Auditing: Guardium® Insights now offers auto-distribution, which allows you to filter audit results. This feature allows for the creation of rules that define which users receive data based on report attributes such as Client/Server IP, and database type. For example, one report can be divided up and sent to roles or individuals based on who owns the data.
  • Ability to create advanced, custom filters for reports - including nested conditions, case insensitive/case sensitive, and usage of the AND/OR operators.
  • In report and Not in report filters allow you to reference values in another report for correlation use cases.
Enhanced risk-based user experience
  • Guardium Insights 3.2 introduces a new and enhanced risk engine. This engine replaces the now-deprecated risk analysis feature, that was based on anomalies. It connects the dots by using many data points to understand the broader story around your system's risk.
  • The enhanced risk engine includes more data points for risk calculation, such as activities, outliers, user characteristics like "privileged", vulnerability assessments, classifications, exceptions, and policy violations.
  • Automate responses to risk events using Response Rules.
  • Enhanced user experience that provides greater drill down capabilities for understanding how risk was calculated, database users involved, detailed reports, and related risk events.
  • Ability to reduce the noise by excluding non-critical assets.
  • Custom Risk profiles: Ability to customize the weighted values used in risk calculations
Best practices dashboard templates
  • Out-of-the-box template dashboards based on years of accumulated knowledge in the industry.
  • Accelerates customers' time to value.
  • Data hygiene: Proactively observe and remediate bad behavior to preserve healthy data hygiene and ultimately reduce the risk for your organization.
Universal connector
  • Template universal connector plug-in that makes it easy for you to write your own universal connector plug-in.
  • In Guardium Insights, check universal connector connectivity and health status in real time, or monitor connectivity and health status over a period of time.
Operational enhancements
  • Ability to use Prometheus for detailed monitoring of Guardium Insights ingestion micro services.
  • Data mart ingestion dashboard: End-to-end status of data mart ingestion that allows click down filtering using a timeline view. This feature includes the addition of the Data mart ingestion status report.
  • The script for purging hot storage data has been improved. It now purges tables related to outliers and risk data.
  • Guardium Insights can now detect outliers for data received from Guardium Data Protection as summarized data and direct streaming from either cloud sources or universal connector.
Integrations
  • Guardium Insights now supports IBM Security Discover and Classify (1touch.io Inventa) and IBM Security Guardium Big Data Intelligence (GBDI) file integrations.

What's new in IBM Security Guardium Insights Version 3.1.0

New unified connections experience
  • View all directly connected data sources in one unified, user experience.
  • When adding new connections, easily compare and contrast connection methods.
  • See which data sources are supported up front, without having to dig through documentation.
  • Use presets to save your custom view of connections for speedy troubleshooting and information gathering.
  • End to end guidance for adding new connections manually.
  • The Guardium Insights universal connectors now support CloudWatch.
Groups and Policy improvements
  • Group members can now be imported and synced using an LDAP server.
  • You can now create, edit, and sync a tuple group containing 7 member types.
  • Policy support for 7-tuple groups.
  • Ability to define a global schedule for syncing groups.
  • Policy support for extrusion rules: You can create extrusion rules that will process result sets and mask out returned data. An extrusion rule will cause Guardium Insights to look for a pattern in the result set to mask.
  • Guardium Insights now provides a seamless policy refresh to pick up changes for group members. Guardium Insights no longer restarts the Sniffer to reread policy group members - which means there is no backlog or interrupted service when there are group changes.
  • Policy usability improvements.
Data enrichment with 1touch.io
  • Sensitive data discovery and classification in structured and unstructured data sources across data at rest and data in motion with unparalleled accuracy. This feature assumes you have configured 1touch.io for importing results to Guardium Insights (the results will be imported according to a schedule).
  • Import sensitive data discovery data into Guardium Insights.
New customizable dashboards
  • Create fully-customizable dashboards and share them with one or more roles.
  • Ability to create charts or tables from pre-defined or custom reports.
  • Edit reports on the fly without having to leave the context of the dashboard.
Installation
  • Guardium Insights now includes an automated installation workflow that automates the previous manual step-by-step commands.
  • Guardium Insights now provides a built-in backup and restore process.
Supportability
Interoperability
Stabilization and performance improvements
  • Improved the data extraction performance for analytics workflows.
  • Improved OBJECT and SENTENCES data mart ingestion performance by removing duplicates in data marts.
  • Performance improvements in historical charts.

What's new in IBM Security Guardium Insights Version 3.0.1

Supportability
  • Guardium Insights now supports Red Hat OpenShift Container Platform Version 4.10.x.
Interoperability
Risk user interface improvements
  • When choosing Data source assets or User assets from the main menu, Guardium Insights now returns only data sources or users with risk calculated.

What's new in IBM Security Guardium Insights Version 3.0

Supportability
  • Guardium Insights now supports Red Hat OpenShift Container Platform Version 4.10.x.
  • Kubernetes operators are now used to manage the installation of Guardium Insights.
  • The Guardium Insights installation is now unified with IBM Cloud Pak® foundational services.
  • Guardium Insights now supports 3-node clusters on Bare Metal machines.
  • The Guardium Insights API has moved to a new version (v3) and have improved by following API best practices.
  • Guardium Insights now supports replacing API keys using master key rotation.
  • National language support: The Guardium Insights user interface is now available in Brazilian Portuguese, Italian, and Turkish.
Interoperability
  • Guardium Insights now offers a Universal connector, which allows you to get data from potentially any native activity logs from your data sources. The Universal connector includes support for MongoDB by using Guardium plugins. You can easily develop plugins for other data sources, and install them in Guardium Insights.
  • You can now access Guardium Data Protection health information (including historical data) from within the Guardium Insights user interface. Information is provided for all Guardium central managers that you have connected to. You can see which central managers have errors, and you can see all S-TAP and appliance types and issues. You can see all of your central manager, aggregator, collector, and S-TAP health information in one location.
    Note: Guardium Data Protection Version 11.1 and below are not supported. In addition, S-TAP traffic health is not supported for Guardium Data Protection Version 11.2 and below.
  • Adding database credentials and blocking users in Azure databases is now supported.
New reporting features
  • Use a predefined chart or create a customized chart to visualize the data in Guardium Insights reports. Specify the type of chart and the data point that you want to measure. Filter or drill into different data sets and discover patterns at a glance.
  • Guardium Insights can now ingest classification data marts from Guardium Data Protection. This classification data is used to denote anomalies and it is used in the new Classification predefined report.
  • Audits:
    • You can now define full lifecycle audit processes, allowing you to set reporting schedules, assign tasks, and assign audit ownership.
    • Audit tasks can be assigned to people and groups - and task owners can receive tasks by email or within the Guardium Insights user interface.
    • Reports are now scheduled by creating audits. As part of these improvements, the Jobs view has been replaced by the Audit results page.
  • Data ingestion has been improved to include Db2® i/z fields from Guardium Data Protection for reporting.
  • The data ingestion workflow can now manage duplicate data scenarios in Guardium Data Protection data marts.
  • Improved data ingestion performance by changing MERGE to INSERT for INSTANCE-related data marts.
  • When adding a filter to a report, the steps for adding a value have been simplified for ease-of-use.
  • The date and time range that you choose for a report are now saved as part of the report. The next time you open the report, the date and time range will be preserved.
Integrations
  • Ability to query IBM® Security Verify Privilege Vault for more privileged identity context when responding to an anomaly. This integration allows Guardium Insights users to determine the exact user behind a service or administrator account that is taking actions within a data source.
Policies and compliance
  • You can now ensure compliance with Guardium Insights policies. Policies are sets of rules and actions applied in real time to the data source traffic observed by Guardium Insights. Policies define which traffic is ignored or logged, which activities require more granular logging, and which activities should trigger an alert or block access to the database.
  • From within the Guardium Insights user interface, you can define rules and notifications based on matching criteria. Out-of-the-box policy templates are included.
Risk user interface improvements
  • The Data sources menu item and page are now called Data source assets - and the Users menu item and page are now called User assets.
  • The Data source assets and User assets pages now display only those assets for which risk has been calculated.
  • When accessing the User assets page using the User risk card in the Overview page, only user assets with risk calculated will be listed. Similarly, when accessing the Data source assets page using the Data source risk card in the Overview page, the results will only include data sources with risk calculated. To see all results for User assets or Data source assets, access the pages from the main menu.
  • When selecting a data source or user in the Data source assets and User assets pages, the resulting URL includes query parameters.
LDAP and user management improvements
  • Guardium Insights now employs a single sign-on (SSO) service that allows you to log in via enterprise LDAP, your OpenShift cluster, or IBM Cloud Pak foundational services.
  • Guardium Insights now imports user email addresses from your LDAP server. After adding users to Guardium Insights, you will see their email address in the User management page and in the new user Details box that has been added.
  • Login issues when adding more than one LDAP server have been resolved.
  • The screens for adding an LDAP server have been added to the Getting Started experience, if an LDAP server hasn't already been added.
  • The privileges for the predefined roles have been redefined to better match the role name and description.
  • Guardium Insights now sends alerts via email, syslog, SNMP trap, and ticketing.

What's new in IBM Security Guardium Insights Version 2.5.1

New reporting features
  • Scheduled reports are now compressed as a .zip archive file. In Guardium Insights, you can schedule reports to run at times that are convenient for you. When a scheduled report is complete, it is emailed to recipients with a link to download the completed report. This download is now a .zip archive file.
  • Report names must now be unique. In previous versions of Guardium Insights, reports could be saved with non-unique names. If you have existing reports with the same name, you will need to rename them to unique names in your previous environment before following the backup and upgrade procedure.
Security updates
  • Golang has been updated to version 1.15.7 to address an IBM Product Security Incident Response Team (PSIRT) incident.
  • The ubi image version has been upgraded to version 8.3-230.
  • The MongoDB charts have been updated to mongodb:4.2.11-debian-10-r58 and mongodb-exporter:0.11.2-debian-10-r63 to address a PSIRT incident.
  • Kafka and Zookeeper images have been updated to kafka:2.7.0-debian-10-r39 and zookeeper:3.6.2-debian-10-r131 for Bitnami support.

What's new in IBM Security Guardium Insights Version 2.5

New reporting features
  • You can now create your own custom reports, choosing the data points that suit your needs.
  • Report filtering now supports search criteria such as specifying wildcard characters and equals-to and pattern matches.
  • You can now schedule reports to run when you choose - and you can view the jobs page to see when scheduled reports are running or have completed.
  • The Vulnerability assessment report has been added as a predefined report. In addition, vulnerability assessment data marts are now imported from Guardium Data Protection to enhance Guardium Insights reports.
  • Groups are collections of similar data objects (or members) that can be used for filtering reports. In Guardium Insights Version 2.5, you can now perform full group management by creating and working with your own groups. You can also export groups to CSV file.
  • Report data now includes original and local timestamps.
Interoperability
  • When connecting to a Guardium central manager, you can now select the specific collectors that will export data marts.
  • You can now configure Guardium Insights to create tickets in ServiceNow, IBM Resilient Security Orchestration, Automation and Response (SOAR), and IBM Cloud Pak for Security.
Supportability
  • You can now install Guardium Insights and IBM Cloud Pak for Security on the same cluster.
  • You can now install Guardium Insights using IBM Entitled Registry.
  • The mustgather.sh script now collects database logs for Db2 and MongoDB.
  • Guardium Insights now allows you to perform Guardium Data Protection health checks to determine readiness for installing the product, patches, and upgrades.
  • Guardium Insights now provides a script that allows you to regenerate certificates and easily extend their period of validity.
  • Guardium Insights now provides a preinstallation script that verifies some of the Guardium Insights prerequisites and that generates the secrets needed for installation.
  • The procedure for backing up and restoring Guardium Insights databases has been improved.
Stabilization and performance improvements
  • Improved data ingestion performance coming from Guardium Data Protection, AWS Kinesis, and Azure.
  • Improved reporting performance.
  • Guardium Insights no longer requires NFS. OpenShift Container Storage is now utilized - resulting in performance improvements and greater stability.
  • A new risk formula has been implemented in this release of Guardium Insights.
    Note: If you are upgrading from previous releases of Guardium Insights, data source and user risk severity may change in the current release.
API support
LDAP and user management improvements
  • When you are connected to Guardium Insights via a JDBC connection, you can now employ OpenLDAP for adding and managing users.