How IBM Security™ Guardium® Vulnerability Assessment works

Automate vulnerability scanning and configuration

Scan the entire data source infrastructure for vulnerabilities to identify security risks, such as missing patches, weak passwords, incorrectly configured privileges and default vendor accounts. Schedule platform-specific static tests that detect insecure configurations for the specific database being assessed.

Map predefined tests for best practice standards

Harden databases based on hundreds of preconfigured tests based on best practices such as those developed by CIS and STIG, as well as support for SCAP. Custom dashboard reports and drill-down capabilities are available for each major test. Leverage automatic updates from the IBM Vulnerability Assessment R&D team about the latest vulnerabilities. No intrusive exploits or tests that can impact system availability.

Uncover behavioral vulnerabilities

Conduct dynamic assessments that uncover behavioral vulnerabilities such as account sharing, excessive login failures and unusual after-hours activity. Users, groups, roles and authentication to databases and applications can be updated automatically and directly from sources such as Lightweight Directory Access Protocol (LDAP), Radius and Microsoft Active Directory. Out-of-the-box integration is available with CyberArk, HashiCorp (HCP) Vault, and Amazon Web Services (AWS) Secrets Manager for managing data source credentials in Guardium Vulnerability Assessment.

Scale to match enterprise needs

Support leading database platforms and all major operating systems, including big data environments. Guardium Vulnerability Assessment is equipped to scale from one data source to tens of thousands without disrupting operations across multiple data centers or geographical locations. This scalable platform helps protect and secure customer data repositories and address regulatory compliance with audits and exception management.

Report and take action

Evaluate and document your database security to help assess, escalate and remediate risks. Produce detailed reports and supporting data. Provide a summary security evaluation, which includes weighted metrics and recommended remedial action plans to strengthen security. Automatically schedule assessments and manage report distribution, sign-offs and escalations. Integration with ServiceNow allows users to directly address failed vulnerability scan results.

How customers use it

  • Screenshot of datasources on security assessment builder window

    Automatically scan for risk to sensitive data


    Changes in accounts, configurations, and patches occur regularly, meaning security gaps can arise out of thin air. Manual processes to check vulnerabilities are tedious and time consuming for security operations and can be risky and error-prone.


    This vulnerability assessment tool automatically scans for known weaknesses related to configuration, user privileges, authentication, authorization, patches and more — based on the latest security standards —  to provide your team with visibility into its risk posture.

  • Screenshot of SAP HANA report results dashboard in the vulnerability assessment

    Vulnerability reporting and remediation


    Threats to sensitive data are everywhere, and your team needs a scalable way to address known gaps across a breadth of data sources in order to enforce security best practices.


    IBM Security Guardium Vulnerability Assessment hardens your environment by providing detailed drilldown reports for more than 2,000 exposure tests and provides a simple and actionable remediation plan for failures.

Technical details

You may also be interested in

IBM Security™ Guardium® Data Protection for Big Data

Provides continuous monitoring and real-time security policies.

IBM Security™ Guardium® Data Encryption

Offers a set of modular encryption, tokenization and key management solutions that enable organizations to protect data across on-premises and hybrid muilticloud environments and help address privacy regulations like HIPAA, GDPR and CCPA.