How IBM Security Guardium Vulnerability Assessment works

Automate vulnerability scanning and configuration

Scan the entire data source infrastructure for vulnerabilities. Provide platform-specific static tests that detect insecure configurations for the specific database being assessed.

Map predefined tests for best practice standards

Utilize preconfigured vulnerability tests, encompassing Center for Internet Security (CIS) and Security Technical Implementation Guide (STIG) best practices, updated regularly through the IBM Guardium Knowledge Base service. Provides support for SCAP and the ability to export in SCAP format. Does not rely on intrusive exploits or tests that can impact system availability, and provides external reference information such as common vulnerabilities and exposures (CVE) identifiers.

Uncover behavioral vulnerabilities

Conduct dynamic tests that uncover behavioral vulnerabilities such as account sharing, excessive login failures and unusual after-hours activity.

Provide a scalable platform

Support leading database platforms and all major operating systems, including big data environments. Provide a scalable platform to help
protect and secure customer data repositories and manage compliance with the latest security regulations.

Report and take action

Evaluate and document your database security to help you assess, escalate and remediate risks. Produce detailed reports and supporting data. Provide a summary security evaluation, which includes weighted metrics and recommended remedial action plans to strengthen security. Automatically schedule assessments and manage report distribution, sign-offs and escalations.

How customers use it

  • Screen shot of datasources to test in the Guardium Security Assessment Builder

    Automatically scan for risk to sensitive data


    Changes in accounts, configurations, and patches occur regularly, meaning security gaps can arise out of thin air. Manual processes to check vulnerabilities are tedious and time consuming for security operations and can be risky and error-prone.


    This solution automatically scans for known weaknesses related to configuration, user privileges, authentication, authorization, patches and more, based on the latest security standards, to provide your team with visibility into its risk posture.

  • Screen shot of Guardium dashboard with detailed charts from exposure tests

    Vulnerability reporting and remediation


    Threats to sensitive data are everywhere, and your team needs a scalable way to address known gaps across a breadth of data sources in order to enforce security best practices.


    IBM Security Guardium Vulnerability Assessment hardens your environment by providing detailed drilldown reports for more than 2,000 exposure tests and provides a simple and actionable remediation plan for failures.

Technical details

You may also be interested in

IBM Security™ Guardium® Data Protection for Big Data

Provides continuous monitoring and real-time security policies.

IBM Security™ Guardium® Data Encryption

Offers a set of modular encryption, tokenization and key management solutions that enable organizations to protect data across on-premises and hybrid muilticloud environments and help address privacy regulations like HIPAA, GDPR and CCPA.