What's new

New features, enhancements, and bug fixes in IBM Guardium® Insights SaaS releases.

2024 September

New features and enhancements in the monitoring editions (Essentials, Standard, and Premium):
Premium Asset inventory
You can now ingest various types of assets such as databases, applications, endpoints, storage, and models into the inventory. To effectively manage the asset data, you can merge or split assets based on specific criteria. Use the asset change log to view the changes that are made to a specific asset. For more information, see Asset inventory.

New features and enhancements in IBM Guardium DSPM:

DSPM New capabilities allow precise monitoring of sensitive data movement in Microsoft 365 Outlook
IBM Guardium DSPM can now discover and classify emails and attachments in Microsoft 365 Outlook and identify when sensitive data might be externally exposed or flowing by employees via private email addresses or shared mailboxes. Additionally, identify when sensitive data is copied between Microsoft 365 Outlook and other cloud providers and SaaS Applications.
DSPM Added support for automatic Shadow data discovery and classification in Microsoft Azure
Guardium DSPM can now discover structured and unstructured shadow data found in Microsoft Azure and can also scan for files and databases stored in Microsoft Azure virtual machines. Additionally, Guardium DSPM identifies data movements between shadow data and alert on anomalies and misconfiguration that can damage your security and compliance posture.
  • DSPM Analyzer instance type requirements for Microsoft Azure has been updated to the Standard_D4s_v3 size to support the increasing number of data stores in Microsoft Azure, while maintaining customer's organization data sovereignty.
DSPM Guardium DSPM discovers, classifies, and analyzes data movements in Google Cloud Platform (GCP) Bigtable databases:
  • GCP Bigtable databases are now also supported for automatic discovery and classification of sensitive data.
    • Guardium DSPM can also identify data movement between Bigtable and other cloud provider and SaaS applications, uncovering misconfiguration and data movements that can impact your security and compliance posture negatively.
  • DSPM Analyzer has been automatically updated to support the new data stores. No manual updates or changes are required.
DSPM Security
The DSPM Analyzer is upgraded to apply the latest security vulnerability fixes.
DSPM Bug fixes
  • Inconsistent classification status for Amazon Web Services (AWS) data stores.
  • Inconsistent status change of vulnerabilities.

2024 August

New features and enhancements in the monitoring editions (Essentials, Standard, and Premium):
Premium External ticketing service improvements for Risk Events
When you open a risk event that has been delegated to any ticketing service, the status of the external ticket is displayed next to the ticket number. The status is updated every time that the record is opened or refreshed.
Custom data imports
You can now import external data into Guardium Insights SaaS for use in reports or alert policies.
Jira ticketing
Guardium Insights SaaS now supports configuring ticketing for Jira.

New features and enhancements in Data Security Posture Management (DSPM):

DSPM Data Classification
  • Guardium DSPM can now automatically discover and classify structured and unstructured files stored in Azure file share.
  • Confidential data, as a new category of sensitivities, is now supported for classifying structured and unstructured data.
  • Added over 20 new sensitivities in personal, financial, identifiable, and confidential labeling categories for the following countries:
    • Brazil
    • China
    • Columbia
    • Greece
    • Portugal
    • Spain
DSPM Using DSPM
Guardium DSPM user interface now supports the following additional languages based on the user's browser language settings:
  • French
  • German
  • Italian
  • Portuguese
  • Spanish
  • Turkish
DSPM Security
The DSPM Analyzer is upgraded to apply the latest security vulnerability fixes.

2024 July

New features and enhancements in the monitoring editions (Essentials, Standard, and Premium):

Improved flexibility of reports visualization framework
Visualization of reports now includes a gallery of charts to choose from. Once you have selected a chart, you can modify its code to customize it to suit your needs.

When adding a report to a dashboard, you can now choose to add its data visualization to the dashboard card.

Improved tenant switching
The Guardium Insights SaaS main page now displays the tenant that you are using. Clicking the tenant allows you to easily switch to other tenants.
Support menu
The Support feature now opens a menu with a variety of articles and advice about the Guardium Insights SaaS page that you are currently using.
Premium Policy import from Guardium Data Protection
You can now reduce operational overhead by importing data security policy definitions from Guardium Data Protection (GDP) central manager to Guardium Insights SaaS (GI). To use the policy import feature on GI, your GDP system must be patched to the minimum supported version. For more information, see Importing policies from Guardium Data Protection.

2024 June

New features and enhancements in the monitoring editions (Essentials, Standard, and Premium):

Premium Asset inventory usability enhancements
You can use asset inventory as the single source of truth to have quicker and better visibility over your data security assets. For more information, see Reports and workflows for assets.
Reports
You can now filter on aggregated report data.
Downtime notifications
Admin users are notified both before and during any outages of the platform so they can avoid contacting IBM support.

New features and enhancements in Data Security Posture Management (DSPM):

DSPM Data Classification
Guardium DSPM now supports additional country-specific Personally Identifiable Information (PII) for the following countries:
  • Greece
  • Portugal
  • Brazil
  • Spain
Classification time and cloud costs are reduced because Guardium DSPM is optimized to use 30% more of its existing compute resources.
DSPM API proxy
You can now create and use Guardium Insights API Keys for orchestration and automation because Guardium DSPM is now integrated with Guardium Insights REST APIs. All API activity is audited and you can retrieve them using Guardium Insights Activity Report.
DSPM Security
DSPM Analyzer is upgraded to apply the latest security vulnerability fixes.
DSPM Bug fixes
Details of a data store that contains more than 15,000 resources, used to load slowly. This is fixed now.

2024 May

New features and enhancements in the monitoring editions (Essentials, Standard, and Premium):

Premium Risk event categories feedback
The risk event categorization has been enhanced and is now based on a machine learning model. With your help in providing feedback, this model can adjust itself to your organization’s needs. The machine learning model uses both positive and negative feedback to fine-tune the categorization. It uses an incremental learning algorithm that modifies the model gradually with each feedback provided so that a single case does not have a disproportionate impact. For more information on the risk event categories and feedback see, Risk event categories and Providing feedback respectively.

2024 April

New features and enhancements in the monitoring editions (Essentials, Standard, and Premium):

Premium Asset inventory
  • View the connected entities of an asset and their relationships with an interactive topology map.
  • Six new cards are added to the Classic Guardium Insights overview dashboard to view high-level asset information.
  • Along with the default list of all assets, you can also view the list of assets that are grouped by hostname.
  • You can now create a category when you add auto-tagging rules for assigning tags to the assets.
For more information, see Asset inventory.
Workflows
With Guardium Insights SaaS workflows, you can intuitively schedule jobs in simple or advanced manners, as suits your needs. When you create a workflow in Guardium Insights SaaS, you are setting up a process for scheduling jobs and then tracking the distribution, review, and completion of those jobs. You can schedule reports to run and set up workflows for those reports - or you can schedule import jobs (these require an integration for importing and exporting data, which you can set up when you create the workflow if you don't already have one).
Universal connector
  • Cloud databases: Support added for PostgreSQL, AWS PostgreSQL, and Aurora PostgreSQL.
  • On-premises databases: Syslog support added for PostgreSQL, EnterpriseDB PostgreSQL, and Fujitsu PostgreSQL.
For more information see Connecting to data sources by using the universal connector.
Launching Guardium Insights in the European Union (EU)
All editions of Guardium Insights SaaS (Essentials, Standard, Premium, and DSPM) are now available in the European Union. If you have data residency obligations that require your data to be stored in the EU, you can now take full advantage of the Guardium Insights platform without having to deploy and manage your own infrastructure.
  • Take advantage of the General Data Protection Regulation (GDPR) compliance journey in the Essentials, Standard, and Premium editions to build reports and policies for monitoring GDPR-material data.
  • Use DSPM to help discover and protect shadow data lurking in cloud accounts while keeping the metadata inside the EU boundaries (all the real data stays in your accounts).
  • Use DSPM to locate and highlight potential GDPR violations in the vulnerabilities view for faster remediation

Sign up for demos and trials in the same way you do today and choose eu-central-1 as your deployment data center. Note: you can only have one subscription type at a time regardless of geography. All SaaS tenants (demo, trial, and paid) that are provisioned in the EU can be accessed from https://eu.guardium.security.ibm.com. You can switch between your EU tenants just like you do in the US region.

2024 March

New features and enhancements in the monitoring editions (Essentials, Standard, and Premium)
Backend data management
Premium Guardium Insights SaaS now uses a new event-model based schema to make data management on Guardium Insights more suitable for larger enterprises. For more information about supported data marts and IBM® Guardium Data Protection versions, see Software prerequisites.
Data retention
You can now specify Data retention settings in the Guardium Insights SaaS user interface. With this setting, you can specify how long data is retained before it is removed from the system.
Improved report performance
Performance for the Match pattern in group and In report filters is now improved.
You can now activate table join optimization and queries that use pipeline plans for individual reports.
Risk event categories
Premium In this release the following changes were made in the risk event categories:
  • A new risk category, Abnormal or Unexpected Behavior was added. This category of risk event is detected when any asset is exhibiting deviations from normal activities. It covers all the following cases:
    • Massive violations
    • Excessive activities
    • Excessive activity on sensitive objects
    • Excessive activity on vulnerable objects
    • Excessive diversity of activity
    • Excessive exceptions
    • Excessive new activities
  • The following risk event categories were renamed:
    • Account takeover was renamed as Credential stealing
    • Denial of service was renamed as Distributed Denial-of-Service (DDoS)
    • Data leak was renamed as Data stealing
  • The following cases were combined to form broader categories:
    • SQL Injection-Tautology and SQL Injection- Side channel were combined to form SQL Injection category.
    • SQL Injection- Denial of Service is now part of Distributed Denial-of-Service (DDoS).
For more information, see Risk event categories.
System health dashboard
Five new cards are added to the system health dashboard. If you don't see the latest cards, you can delete your existing dashboard and create a new one. This action does not delete your data. For more information, see Dashboards.
Universal connectors
Syslog and Amazon S3 support added for YugabyteDB. For more information see Connecting to data sources by using the universal connector.
DSPM New features and enhancements in Data Security Posture Management (DSPM)
Data Classification
Azure CosmosDB for NoSQL is now supported for data discovery and data classification.
Security
DSPM Analyzer is upgraded to apply the latest security vulnerability fixes.
Troubleshooting and self-service
Removing connected cloud providers and SaaS applications is now supported to provide users with a self service to control connected cloud providers.
Vulnerabilities
You can now filter vulnerabilities by specific compliance policies, such as, GDPR, CPRA, PCI, and HIPAA. This filtering ability can help an organization to focus and prioritize specific compliance violation remediation.
Bug fixes
- The Microsoft 365 quick filter in the Data Inventory page was incorrectly renamed to SharePoint. This is fixed now.
- The missing third party vulnerability values (third-party potential data flow and third-party actual data flow) are added in quick filters for both the Data Inventory and Vulnerabilities pages.

2024 February

New features and enhancements in the Essentials, Standard, and Premium editions
Edition name change
The IBM Guardium Insights SaaS Advanced edition is renamed to Premium.
Variants
Variants allow users to use report data more easily by customizing reference data inside reports, as required. Customization of report data also allows for better joins to occur with custom data. For more information, see Working with variants.

2024 January

New features and enhancements in the Essentials, Standard, and Premium editions
Active queries monitor
The active queries monitor is a new dashboard card and report that shows key information about queries. The report shows the origin of the query, the user who ran it, its name, start time, elapsed time, and status. In addition, you can use the report to view the SQL of the query and, for SELECT statements, stop the query.
Asset inventory
Premium Manage an inventory of data assets such as vulnerability assessment results, data classification results, business tags, and other related attributes by using a unified view. The broader view of the asset information helps you to easily view and identify the critical risks and prioritize mitigation activities. For more information, see Asset inventory.
Enhanced dashboard filtering
This release provides the ability to add global dashboard filters by clicking individual cells in report-type cards and selecting filter criteria. Once set, global filters are applied to all cards on the dashboard that support the criteria, allowing you to quickly identify and visualize stories in your data.
GDPR Compliance program
A new guided compliance program with enhanced user experience was added to help you secure your data and achieve General Data Protection Regulation (GDPR) compliance. For more information, see Compliance milestones.
Reports
You now have the ability to display report data for a customized time period. You can group timestamps by the hour, day, week, month, year, or a specific date.
Slack integration
Standard Premium The Slack integration is used to send outgoing messages from Guardium Insights SaaS to Slack, an instant messaging platform. You can create an app in your Slack workspace and then configure Guardium Insights SaaS with its incoming webhook or bot user token (with the chat:write scope). After integration, you can use Slack to receive notifications and policy alerts. For more information, see Slack configuration.
System health dashboard
The new system health dashboard displays health metrics such as the tenant's utilization of the allocated space for warehouse storage. Use this dashboard to analyze warehouse storage trends. For more information, see Dashboards.
Bug fixes
This release includes over 200 security fixes, performance improvements, and UX enhancements.
DSPM New features and enhancements in Data Security Posture Management (DSPM)
Data Classification
- Added support for the classification of new file types in all the cloud storage buckets. The file types supported are configuration files, scripts, private keys and other file types.
- Added support for the classification of Dutch sensitivities, such as, Dutch citizen service number (BSN), Dutch driver license number, and Dutch passport number. In addition, Medical license sensitivity is renamed to DEA license.
Security
- DSPM Analyzer is upgraded to apply the latest security vulnerability fixes.
Troubleshooting and self-service
- You can now get details about a data store that identifies missing permissions required to classify your sensitive data. This identification helps in faster streamlining and troubleshooting for data store classifications. Additionally, actionable items to expand the monitoring coverage of your discovered data is provided.
- If the issues preventing data classification are fixed for a data store or if a data store is modified, you can now rescan and reclassify the datastore, thereby reducing the duration of the classification window.
- Prerequisite checks are included for AWS when adding to the regions monitored, thereby leading to more streamlined and successful deployment of the DSPM Analyzer. Additionally, in order to simplify the identification of each region for all providers, the region name has been added.
Using DSPM
- The Third parties page enables you to identify the third-party vendors that have access to your data in the cloud environment. You can also view the third-party vendors conform (publicly announced on their website) and you will get an alert when a third-party vendor has access to sensitive data that it is not certified to handle.
- The Data inventory page provides a more granular filtering for a group of sensitivities under the Personal, Developmental, Finance, and Identifiable categories.
Vulnerabilities
- Added to the list of vulnerabilities that can be detected by Guardium DSPM for an enhanced support to compliance-related vulnerabilities. These newly added vulnerabilities provide additional information regarding supported compliance frameworks, such as General Data Protection Regulation (GDPR), California Privacy Rights Act (CPRA), Payment Card Industry Security Standards (PCI), and Health Insurance Portability and Accountability Act (HIPAA) . This allows Government Regulation Compliance (GRC) engineers to prioritize compliance violations remediation based on their sensitive data.
Bug fixes
- Account name filter in the Data inventory page and Vulnerabilities page used to show the account number instead of the name. This is fixed now.
- The Severities column in the Vulnerabilities page was listing all the vulnerabilities instead of only the open vulnerabilities. This is fixed now.

2023 November

DSPM Data Security Posture Management (DSPM)
  • Through Data Security Posture Management (DSPM) as part of IBM Guardium Insights SaaS you can now discover, analyze, and recommend protection and compliance for your cloud data. For more information about IBM Guardium DSPM, see IBM Guardium DSPM.
    • IBM Guardium DSPM assists you to understand who or what has access to your sensitive data across all your cloud accounts. Additionally, you can also monitor the actual accesses and flows of data when logs are enabled.
    • Discovering sensitive data in the cloud environments and SaaS applications is easy with IBM Guardium DSPM.
    • You can use IBM Guardium DSPM to get security and compliance insights that can recommend you to enhance the protection and compliance of your sensitive data with respect to the different regulations.

2023 September

Improved report performance
Improve report performance by enabling table join optimization in your report settings.

2023 July

Bug fixes
  • The Snowflake plug-in now works as expected when it is hosted on Google Cloud environment.
  • It was possible for data loss to occur when you use some CloudWatch plug-ins. This is now fixed.
  • Improved file upload performance by two times for data marts coming from Guardium Data Protection.

2023 May

Flexible subscription option with three editions - Essentials, Standard, and Premium
- Essentials The Essentials edition of IBM Guardium Insights SaaS offers a guided compliance program to organizations that need a simplified answer to prove California Consumer Privacy Act (CCPA) compliance.
- Standard The Standard edition of IBM Guardium Insights SaaS includes all the features in the Essentials edition. In addition, the Standard edition offers an introduction to data security by way of data compliance for the mid-sized enterprise market.
- Premium The IBM Guardium Insights SaaS Premium edition includes all the features in the Essentials and Standard editions. In addition, the Premium edition offers seamless integration with IBM Guardium Data Protection and efficient risk mitigation without having to deploy and maintain Red Hat® OpenShift®. This solution caters to IBM Guardium Data Protection and GBDI customers who are looking for a convenient and faster way to adopt Guardium Insights.
Subscription management
Manage your subscriptions and instances easily with the IBM SaaS Console.
Demos and trials
- A three-day demo subscription comes with a set of preloaded sample data that gives you the ability to test drive IBM Guardium Insights SaaS without adding connections to your data sources, event streams, or native activity logs.
- A 30-day trial subscription in the production environment allows you to add up to two connections to data sources, event streams or native activity logs. This option gives you the convenience of experiencing all the features of IBM Guardium Insights SaaS at your leisure with your own data. You can easily upgrade to a paid subscription right from the trial.
Dynamic dashboards
Depending on the edition that you are using, IBM Guardium Insights SaaS provides a mix of dynamic dashboard options and customizable templates to help you track, analyze, and act on the collected data.
Framework to add more compliance regulations
The first release of IBM Guardium Insights SaaS helps you to achieve California Consumer Privacy Act (CCPA) compliance. It also includes the framework that is positioned to easily add more compliance regulations (like GDPR) at a rapid pace in upcoming releases.
Guided compliance program
An enhanced user interface design with easy-to-follow-prompts helps you to create a CCPA data compliance program quickly and efficiently. After you answer a few questions and provide a small amount of information, IBM Guardium Insights SaaS automatically installs policies, populates groups, creates reports, and generates dashboards on your behalf. You can schedule automatic report delivery and assign reviewers to create an audit trail and adhere to compliance regulations.
Integrations
- Integrations such as ticketing, sending alerts, importing and exporting data, and data enrichment are now improved with the enforcement of certificate use. All integrations must now support SSL certificates.
- Premium You can now authorize external applications to access the Guardium Insights SaaS web services by using the Open Authorization (OAuth) protocol.
- Premium IBM Guardium Insights SaaS uses a new push model for datamart transmission that is based on multi-part HTTPS uploads. It limits exposure of both IBM and the customer's environments by eliminating SSH requirements like bidirectionality.
LDAP connection
Standard Premium Use an LDAP connection to import users into the IBM Guardium Insights SaaS group builder.
Outlier detection
Premium IBM Guardium Insights SaaS offers enhancements that improve the stability and performance of outlier detection.
Reports

IBM Guardium Insights SaaS offers over 30 different reports that can be viewed online or scheduled and distributed through various methods. Depending on the edition that you are using, you can also customize reports.

Many reports that are used for compliance are expected to be in an immutable format. IBM Guardium Insights SaaS allows reports to be exported to PDFs.

The following new reports are included in this release:
  • The Datamart ingestion status report displays datamarts received from aggregator. This report includes data from collectors and aggregator.
  • The Activity log report helps you to see actions of all users in the product.
  • Eight predefined CCPA reports help you identify unauthorized activity and detect risks to CCPA-related data in your databases.
  • Standard Premium Six predefined data security reports help you to detect risks and identify threat patterns.
REST APIs
The shift from Swagger to readme.io for API exposure provides easier usage of the APIs in multiple languages.
Risk Events
Premium Risk Events offers wider functions, such as more Risk Event categories, a new follow-up option in the respond and tune window, and more customization options.
Support for many popular data sources
Collect activity logs from data sources into IBM Guardium Insights SaaS by using various cloud-native methods, including Amazon Kinesis, Amazon CloudWatch, Amazon Simple Queue Service (SQS), Azure Event Hubs, Filebeat, and many more. For more information, see https://ibm.github.io/guardium-supported-datasources/.
Universal connector
The Universal connector plug-ins are preinstalled in the IBM Guardium Insights SaaS environment and are automatically updated as new versions are released. In addition to newly supported plug-ins, the universal connector is compatible with the mutual TLS (mTLS) protocol.
User management
IBM Guardium Insights SaaS uses IBMid to authenticate users. Any user with the 'admin' role can invite users to IBM Guardium Insights SaaS. If the new user already has an IBMid, they can immediately sign in to IBM Guardium Insights SaaS. New users who do not have an IBMid can create one at https://ibm.biz/new-gi-user before they sign in. All invited users become active after they log on to IBM Guardium Insights SaaS for the first time.