IBM Security Guardium Data Protection
Automate compliance auditing and reporting, discover and classify data and data sources, monitor user activity and respond to threats in near real time
Guardium® Data Protection product tour Book a free live demo
Isometric illustration of spheres in x shape with four padlocks above

IBM Security® Guardium® Data Protection is data security software in the Guardium family of IBM Security products. It provides comprehensive data protection for on-premises and cloud data stores through features such as data activity monitoring and analytics, near-real-time threat response workflows, and automated compliance auditing and reporting.

Secure your organization’s data

IBM Security Guardium Data Protection supports a modern, zero-trust approach to security. It discovers and classifies sensitive data from across the enterprise, providing near-real-time data activity monitoring and advanced user behavior analytics to help discover unusual activity around sensitive data.

Uncover regulated data in your data stores and use prebuilt templates for regulations such as PCI DSS, SOX, HIPAA, GDPR, CCPA and many more, to streamline and automate data compliance workflows.


Find threats faster by enhancing data security across complex environments.
Learn more with the Guardium Data Protection solution brief
Why Guardium Guardium Data Protection delivers meaningful results. Read the commissioned 2023 Forrester Consulting Total Economic Impact™ study to learn more about the benefits our customers have realized. Read the 2023 commissioned Forrester TEI study 406%

Study found a 406% ROI with benefits of USD 5.86 million over three years.


Study revealed a 70% reduction in time spent on auditing.


of Data Security Analysts’ time saved.

Benefits Simplify regulatory compliance

Address security and privacy regulatory compliance with out-of-the-box and customizable policies, streamlined audit workflows and fast reporting. Take advantage of predefined templates for policies, groups and reports, to meet various compliance requirements such as PCI DSS, GDPR and CCPA in a short amount of time.

Uncover internal and external threats

Discover and classify sensitive data, and monitor and audit data activity using advanced analytics and outlier detection. Discover and classify data in both cloud-based and on-premises data sources.

Learn more about compatible data sources
Protect data across the hybrid multi-cloud

Enforce security policies in near real time that protect data across the enterprise—for all data access, change control and user activities. Guardium supports deployment on several cloud platforms, including Amazon AWS, Google, IBM Cloud, Microsoft Azure and Oracle OCI.

See supported platforms and databases
Enforce security policies in near real time

Monitor security policies for sensitive data access, privileged user actions, change control, application user activities and security exceptions.

Adjust to changes in your data environment

Rely on agile data protection that adjusts quickly when new users, platforms and types of data are added. Scale to any size data protection effort.

Easy integration with multiple data stores

To safeguard sensitive data wherever it is stored, Guardium Data Protection can be integrated with other Guardium products, the IBM Watson® Knowledge Catalog, IBM Cloud Pak® and existing enterprise tools.

Learn how to integrate data security and governance platforms to protect data, enhance operations and reputation, and boost productivity.
Features Dynamic risk assessment

The Risk Spotter implements a dynamic risk assessment, which considers multiple risk factors, to identify risky users. Each user's overall risk score is calculated daily based on the audited data, which you can use to prioritize mitigating actions.

Active Threat Analytics dashboard

The Active Threat Analytics dashboard shows potential security breach cases, based on an outlier mining process and on identified attack symptoms. In this dashboard you can view and investigate cases, and take actions on individual cases.

Agent-based monitoring

For agent-based monitoring, Guardium supports S-TAPs (installed at the data source) and External S-TAPs (installed in-line for containerized and cloud data sources). Supported agentless options include Universal Connector plugins and cloud event streams (for example, AWS Kinesis and Azure Event Hubs)

Smart Assistant

Guardium offers Smart Assistant, a low-touch, guided, 4-step workflow feature to get up and running on compliance monitoring by defining custom policies, workflows and reports for global regulations such as PCI DSS, SOX, GDPR, CCPA, Basel, HIPAA and others.

Learn more
Universal Connector

The Universal Connector is a lightweight open-source framework used to develop plugins for Guardium to monitor cloud and on-premises data sources by using native audit logs. Customers and partners are encouraged to build their own plugins by using the Universal Connector framework.

Learn more
Vulnerability assessment

Use IBM Security® Guardium® Vulnerability Assessment to scan data infrastructure such as databases, data warehouses and big data environments—both on premises and in the cloud—to detect vulnerabilities and suggest remedial actions based on benchmarks from STIG, CIS, CVE and other configurations.

Learn more
Guardium Data Protection integrations
IBM Security® Guardium® Insights

IBM Security Guardium provides a data security and compliance solution designed to help clients locate, classify and take action to protect sensitive data residing on premises and in the cloud. By integrating Guardium Data Protection and Guardium Insights, you can streamline your architecture, increase agility and improve response to threats and business requirements, all while supporting your specific business needs.

Identity and access management solutions

Guardium Data Protection can integrate with IBM Security® Verify and other identity management solutions (such as AWS Secrets Manager and CyberArk) for security automation use cases such as securely storing, provisioning and auditing your Guardium data source credentials.

Case management and threat response solutions

Guardium helps surface data-level security threats and can improve security operations with integrations to ServiceNow and to SIEM solutions such as Splunk and IBM Security® Radar® SIEM. It enables security orchestration and response with IBM Cloud Pak® for Security and IBM Security® QRadar® SOAR.

Unite data security and data governance

Guardium agents are available on the IBM Cloud Pak® for Data for proactive monitoring of hosted containerized database services, as well as data sources external to the cloud pak. These agents also provide separation of duties between database access and the processes responsible for monitoring behavior.

IBM Security® Discover and Classify

IBM Security Discover and Classify providess automated, near-real-time discovery, network mapping and tracking of sensitive data. Combined with Guardium Data Protection’s robust data monitorization, it can help you boost operational efficiency, significantly reduce risk and lower costs for your organization.

Use Guardium Data Protection with your choice of data sources Databases

Guardium Data Protection for Databases provides automated data discovery and classification, near-real-time activity monitoring, and machine learning analytics to discover unusual activity around sensitive data stored in databases, data warehouses and other structured data environments. The solution supports data on IBM DB2®, Oracle, Teradata, Sybase, Microsoft® SQL Server, Windows®, UNIX®, Linux®, AS/400 and z/OS®, and Hadoop NoSQL. It also supports key enterprise resource planning, CRP and custom applications as well.

Big data

Guardium Data Protection for Big Data provides full visibility on data activity, detecting unusual activity around sensitive data with near-real-time data monitoring and machine learning analytics. The solution learns user access patterns to detect suspicious activity, giving administrators the option to block access or quarantine users to defend against internal and external threats. It accelerates compliance workflows through prebuilt regulation template and supports both Hadoop and NoSQL environments.


Guardium Data Protection for Files provides automated discovery and classification of unstructured data in files and file systems, including NAS, SharePoint, Windows, Unix and Linux, to help you better understand and control unstructured data risks. Machine learning analytics detect unusual activity around sensitive data with intelligent access management and file activity monitoring across files and file systems.


Guardium Data Protection for z/OS enables you to deploy on-premises mainframes, including IBM z Systems® with data protection built in. The solution protects against threats by automating data discovery and classification, with near-real-time activity monitoring and machine learning analytics. Alerts are sent to SIEM solutions for correlating threats and streamlining response. You can also proactively assess vulnerabilities and misconfigurations in your DB2, IMS and data sets.


Guardium Data Protection for Database Services is optimized to provide automated data discovery and classification, near-real-time activity monitoring, and machine learning analytics to sensitive data stored in database-as-a-service (DBaaS) platforms and cloud-native platforms, such as IBM Cloud Pak for Data. The solution supports databases consumed as a service from the cloud, including AWS RDS and Azure Database-Platform-as-a-Service.


Guardium Data Protection enables you to scale and innovate in AWS while safeguarding sensitive data. You will quickly achieve smarter, more unified data protection across your hybrid AWS cloud environment with a unified set of powerful security controls, including discovery and classification, vulnerability and risk assessments, near-real-time monitoring and alerting, security policy controls, advanced analytics, and integration across the security stack.

Case studies

Data security for the hybrid multicloud world Learn how to protect modern and legacy data environments simultaneously by centralizing visibility and monitoring, employing advanced analytics, and orchestrating a collaborative response.

Protecting client data with proactive security Westfield Insurance uses IBM Security Guardium, IBM Security QRadar, and IBM Security QRadar SOAR to support their customers and enable their business to grow.

Ways to buy
Contact us for more details and pricing in your environment

Visit the AWS Marketplace to learn more about using Guardium on AWS

Visit AWS Marketplace
Resources KuppingerCole Leadership Compass for Data Security Platforms
Get an overview of the Data Security Platforms market, along with guidance and recommendations for finding the sensitive data protection and governance products that best meets clients’ requirement.
The Need for Data Compliance in Today's Cloud Era
Read a senior analyst's perspective on the importance of data compliance.
Complexity in Today’s Patchwork Data Regulations
Experts give 3 strategies that can help you meet constantly changing data compliance regulations.
Guardium products IBM Security® Guardium® Vulnerability Assessment
Scan your data to detect vulnerabilities, threats and security gaps.
IBM Security® Guardium® Insights
Get centralized visibility, monitoring, compliance, advanced analytics and data source flexibility. Simplify data security and analytics.
IBM Security® Guardium® Insights SaaS DSPM
Looking to identify shadow data and its movement across applications? Read about the Data Security Posture Management (DSPM) capabilities in Guardium Insights.
IBM Security® Discover and Classify
Enable zero-trust based discovery and classification of sensitive and regulated data, wherever it resides, structured or unstructured, at rest or in motion.
IBM Security® Guardium® Key Lifecycle Manager
Deliver centralized, secured key management with reduced costs and greater operational efficiency.
IBM Security® Guardium® Data Encryption
Encrypt sensitive data in all states and across environments, including your files, databases and applications. Address data security and privacy regulations, and control encryption keys for cloud-based data.
Get a live demo from an expert for any Guardium product

Frequently asked questions

What groups and users can use Guardium Data Protection?

Data security is everyone's business. While security and compliance teams are primary users, the implications of data security is now beyond IT. Data, privacy, lines of business, risk and legal teams all have use cases that are supported by Guardium Data Protection.

What challenges does Guardium Data Protection address for security teams?

Guardium can help address the challenges of having visibility into sensitive data, whether on premises or in the cloud, detecting risky users and suspicious data access and activity, and simplifying data security and data privacy compliance.

How does Guardium Data Protection align to a zero-trust framework?

Guardium Data Protection wraps security around data with context through data activity monitoring to learn when, where, how and who is accessing data to detect anomalous and non-compliant activity—and dynamically adjust controls and access rights.

How does Guardium Data Protection enable customers to address data privacy?

Guardium can help accelerate your ability to address data privacy compliance with easy-to-set-up compliance policies and monitoring, a data access audit trail, entitlement reporting and other compliance reports.

What types of data discovery methods does Guardium Data Protection provide?

Guardium supports data discovery using a policy-based approach. Prebuilt and custom classifier policies can be defined to perform catalog or metadata discovery using sensitive data regexes and patterns. It can also be used to perform exact data match and unstructured data discovery.

Can Guardium Data Protection deploy in the cloud?

Yes, Guardium supports deployment on several cloud platforms. Get more information about deploying Guardium on Amazon AWS, Google, IBM Cloud, Microsoft Azure and Oracle OCI.

What do I need to run Guardium Data Protection? What types of data activity monitoring methods does Guardium Data Protection provide?

Guardium Data Protection provides both agent-based and agentless methods to monitor data sources. It supports multiple monitoring methods under each of these categories based on the type of data source and where it is located—in the cloud or in your data center.

What data collection and monitoring connectors are available?

For agent-based monitoring, Guardium supports S-TAPs (installed at the data source) and External S-TAPs (installed in-line for containerized and cloud data sources). Supported agentless options include Universal Connector plugins and cloud event streams (e.g., AWS Kinesis and Azure Event Hubs)

What compliance reports can Guardium Data Protection generate?

Guardium provides prebuilt report templates to get started with compliance monitoring for various regulations and standards such as PCI DSS, SOX, HIPAA, GDPR and CCPA. It also offers Workflow Builder to define custom audit workflows and reports to tailor to the needs of various teams.

Take the next step

Get started with a click-through demo of Guardium Data Protection or review your options with a Guardium expert in a free, 30-minute call.

Guardium Data Protection demo
More ways to explore Documentation IBM Security Learning Academy Thought leadership Community