Feature spotlights

Centralized monitoring across the hybrid multicloud

Guardium Insights acts as a central hub for data activity monitoring across disparate cloud (and when connected with IBM Security Guardium Data Protection) on-premises data sources. Further, the Guardium Universal Connector framework allows security teams and developers to easily build their own Connectors to any additional data source.This helps ensure that security teams get a snapshot of activity across the entire environment to discover risks and trends quicker - and with more context.

Modernized architecture for flexible deployment and scaling

Built on Red Hat OpenShift and deployed via microservice Kubernetes containers, Guardium Insights is compatible with major cloud data sources, including AWS Kinesis and Azure Event Hubs. This means that as business and cloud priorities change, your data security tools do not have to.

Advanced analytics to identify, analyze, and score risks

With predictive analytics and outlier detection, Guardium Insights can learn normal operations then quickly discover abnormal and suspicious user behavior. Guardium Insights can then add context, such as identifying the user behind privileged credentials, and score risks according to potential impact - helping prioritize remediation and stop potential breaches in their tracks.

Integration with mission critical security and IT tools

Guardum Insights can integrate with your SIEM, SOC, ticketing platform, and other key security and IT tools via REST APIs or, in the case of Cloud Pak for Security, via shared architecture. This allows data security insights contextualized via advanced analytics to be shared with other security teams. This actionable information helps combat alert fatigue and ensures that remediation steps are taken against high-priority data threats.

Automated workflows and long-term storage to meet compliance

Custom data monitoring policies and the full audit lifecycle can be defined, while processes and notifications can be automated, reducing the time spent manually addressing compliance requirements. This compliance data can then be stored for years, helping cut down on third party collectors and enriching investigations with empirical data.

Fast reporting to understand trends and notify stakeholders

Reports within Guardium Insights can be generated in seconds, and custom reports can be developed from scratch. This allows data security teams to quickly correlate and visualize data source activity over time, identify historical trends, and share out reports with key data security and data governance stakeholders across the organization.

Common use cases

  • Centralize data security visibility

    Problem

    In a hybrid multi-cloud environment, data multiplies at an exponential rate as new public and private cloud or on-premises databases are added to aide in business expansion or continued digital transformation. There needs to be a way to centralize visibility across the entire data estate.

    Solution

    Guardium Insights can connect to Guardium Data Protection, AWS Kinesis, or Microsoft Azure to centralize structured and unstructured data across the hybrid cloud. In this video, learn how easy it is to connect—in this case to Guardium Data Protection—to achieve greater data visibility. This, in turn, helps deliver deeper insights, detect threats, and identify user behavioral patterns.

  • Build reports out-of-the-box

    Problem

    In the case of an audit, breach, risk analysis, or other high-priority event, information must be compiled quickly and refreshed in near real-time. Many times, data security reports can take hours, due to technological limitations or data security data not being centralized within one platform.

    Solution

    In this video, watch how easy it is to generate a self-service, out-of-the-box report in Guardium Insights—turning a task that can elsewhere take hours, into one that can be done in a matter of seconds. These templates are based on common reports organizations must run to notify stakeholders of changes, assist in achieving regulatory compliance, or maintain good data security hygiene.

  • Generate fully custom advanced reports

    Problem

    Every organization is different and often times data security teams cannot solely rely on out-of-the-box reporting templates. Many times custom reports can take hours due to the significant amount of work that administrators must do to build out custom parameters, let alone run the report and schedule its distribution.

    Solution

    This, too, can be accomplished quickly in Guardium Insights, taking only minutes to define custom parameters and filters. In this video, use the below timestamps to explore each step in the creation of a from-scratch report.

    0:00 - 1:42 – Name, tag, and set report range
    1:43 - 3:18 – Adjust report parameters
    3:19 - 5:51 – Advanced filters by users and groups
    5:52 - 8:01 – Create a new report from scratch

  • Give visibility across the SOC into data security issues

    Problem

    Data security should be everyone’s business. With the cost of a data breach continuing to rise, siloes hindering security visibility across disparate teams, and an expanding threat landscape as hybrid cloud environments grow, it’s become imperative—yet difficult—to share data between data security teams and the greater security organization to help support a collaborative response to threats.

    Solution

    A key function of Guardium Insights is its ability to integrate with IBM Cloud Pak for Security cases. Through this integration, a ticket created in Guardium Insights—i.e. a for large, unexpected data extraction by a user that does not typically access the involved database—can be mapped to Cloud Pak for Security and opened as a case within the platform, giving greater visibility to security analysts in the SOC. This helps boost collaboration by supporting cross-functional investigation and incident response. In this video, see how this integration is configured and tickets are shared.

  • Combat tool sprawl through integration

    Problem

    Most organizations have disparate ticketing platforms and other relevant IT and security systems involved in data security operations, but struggle to find a way for them to work together more efficiently as they do not currently integrate well with one another.

    Solution

    In a digitally transformative organization, there is surely an abundance of security point solutions. In this video, learn how Guardium Insights leverages REST APIs to share data security information with other security and data applications, helping to connect disparate tools and helping build a more cohesive data security strategy.

  • Integrating with common, critical security platforms

    Problem

    Outside of general integrations, there are mission critical security platforms that data security tools must communicate with, such as Splunk. This must be done quickly and easily to ensure data security data is properly shared.

    Solution

    Certainly, one important aspect of Guardium Insights is its ability to integrate with the rest of the Security portfolio—from the IBM Cloud Pak for Security SOC to the IBM Security Qradar SIEM. But there are other tools in our customers’ security stack, and one that is often used in the quest for greater data security control is Splunk. In this video, watch how Guardium Insights can quickly integrate with Splunk to share critical data security event data.