What's new in this release

New features, functions, and enhancements.

IBM Security Guardium V12.0

Access management
Guardium 12.0 adds "password last changed" and "password expired" dates to the access management page and to the list_users API output to better support proactive password management.
Active threat analytics
You can now optimize resources and reduce false positives by excluding certain sources such as test data and activities that are performed by automated processes.
Audit process
  • The audit process to-do list adds the ability to quickly change the classification result sets being compared directly from the results-comparison view itself. For more information, see Comparing discovery and classification results.
  • You can now modify the receivers list for active audit processes, including deleting and rearranging existing users. Changes are tracked in the "User activity audit trail" report. For more information, see Audit process receivers.
Certificate management
  • Support added for automatic retrieval of existing certificates from Venafi using the Guardium CLI.
  • The number of SAN (subject alternative name) slots have increased from nine to 99.
  • The date format in the warning message under the notification icon for expiring certificates has changed from d-m-yyyy to yyyy-mm-dd.
  • Support added for fire with marker option for catalog search rules.
  • Support added for new custom properties, including maximum length for large-text data types with Microsoft SQL Server and new data-cardinality methods for Oracle.

    For more information, see MS SQL Server (DataDirect), and Oracle (Data Direct - Service Name).

Central management
  • You can now view patch installation status of managed units from central managers.
  • The cross-central-manager health view (cross-CM health view) is a new Guardium unit type that provides aggregated health views for an entire Guardium deployment. These views include health information for all available central managers, aggregators, collectors, and S-TAPs in your environment. For more information, see Viewing deployment health data from multiple central managers.
Database discovered instances rules
  • Ability to specify existing Guardium groups for filter and exclude rules.
  • Ability to delete discovered instances and existing inspection engines that match specified criteria and standard operators.
For more information, see database discovered instances rules.
Support added for creating new groups with username and host name or IP address criteria.
Entitlement reporting
Support added for EDB PostgreSQL.
External ticketing
Event Management is now integrated with the ServiceNow. For more information, see Configuring an external ticketing system.
Guardium now uses SHA256 GIM client certificates. For more information, see GIM clients with SHA256 certificates.
IBM® Knowledge Catalog integration
Investigation dashboard
Support added for monitoring and automatic recovery to identify and recover issues in the investigation dashboard. For more information, see Monitoring and automatic recovery for the investigation dashboard.
Network Time Protocol (NTP)
Network Time Protocol (NTP) now uses the chrony time server daemon. The ntp CLI commands are deprecated and replaced by time_server commands. For more information, see the store system time_server CLI command.
Runtime sensitive-object identifier
The Runtime Sensitive Object Identifier is redesigned. You can now manage runtime sensitive object identification by using the new Runtime Sensitive Object Identifier session level policy and report. For more information, see Runtime sensitive-object identifier.
Session-level policy adds support for SQL criteria, extrusion rules through criteria server data, and ability to use regex in groups and custom tuples.
  • Define S-TAP clusters for environments with multiple S-TAPs assigned to clusters of database servers. S-TAP clusters allow Guardium to detect traffic at the cluster level, meaning that if one S-TAP in the cluster is active, all S-TAPs assigned to the cluster are also marked as active. S-TAP clusters also support automatic removal of inactive S-TAP connections for active-passive cluster configurations. For more information, see Create and manage S-TAP clusters.
  • Unix S-TAP and External S-TAP support OpenSSL v3.1 and FIPS140-3.
  • External S-TAP supports MongoDB Atlas with MongoDB Compass.
TLS 1.3 support
Guardium now supports TLS 1.2 and 1.3, and support for earlier TLS versions is deprecated. For more information about moving to TLS 1.3, see Managing the TLS version.
Universal connector
  • The universal connector now offers a troubleshooting tool. For more information, see universal connectors.
  • Universal connector plug-ins are now preinstalled. When newer versions of the plug-ins become available, you can choose to upload them manually or wait for the next Guardium patch release to get them automatically updated.
Vulnerability Assessment
  • Ability to display both alias and non-alias value in a report.
  • Ability to find an existing vulnerability assessment by using the Security Assessment Finder screen.
  • Ability to upload MS SQL opensource driver through custom uploads.
  • Ability to export vulnerability assessment results through external feed.
  • Support added for Oracle MySQL enterprise edition 8.0 CIS benchmark version 1.2.0, MongoDB 4.0 and MongoDB 5.0 CIS benchmark version 1.0.0, latest CIS benchmark for DB2, CIS benchmark for PostgreSQL version 15.
  • Support added for Oracle MySQL enterprise edition 8.0 STIG benchmark, ver 1 rel 1, Oracle 19c benchmark.
  • SSL encryption support added for Oracle 11.x, 12.x, and 19.
  • Support added for Apache Cassandra, Percona MySQL datasources.
  • Support added for Apache Cassandra, PostgreSQL, and PostgreSQL EDB entitlement reports.
For a complete list of tests and groups added or updated in version 12.0, see https://www.ibm.com/support/pages/node/7031317. Tests and groups that are added after the release of Guardium version 12.0 will be available in upcoming quarterly DPS reports.
Other enhancements
  • RHEL is upgraded from RHEL 7 to RHEL 9
  • The output of all CLI commands (including Guardium API commands) that modify a component of the user’s system now includes the timestamp after the command finishes running.
  • Ability to mark updates as “read” from the notification icon in the UI.