How IBM Guardium Data Protection for Databases works

Monitor and audit all data activity

Understand and develop complete visibility into all transactions for all platforms and protocols by users including database administrators, developers, outsourced personnel and applications. Identify application users who make unauthorized changes from common service accounts. Provide user and application access monitoring independent of native database logging and audit functions. Improve data security leveraging analytics to detect unusual data access patterns.

Enforce security policies in real time

Monitor and enforce security policies for sensitive data access, privileged user actions, change control, application user activities and security exceptions. Use outlier detection analytics to identify anomalous behavior by automatically comparing data activity to a normal behavior baseline. Support exception policies based on definable thresholds such as SQL errors. Use extrusion policies to examine data leaving the database for specific value patterns such as credit card numbers.

Accelerate compliance workflows and audit activities

Aggregate and normalize audit data throughout your enterprise for compliance reporting, correlation and forensics without requiring native database audit functions. Provide a tamper-proof data access audit trail that supports the separation of duties required by auditors. Deliver customizable compliance workflow automation to generate compliance reports and distribute them to oversight teams for electronic sign-offs and escalation to get the right reports to the right people at the right time.

Support heterogeneous environments

IBM Guardium Data Protection for Databases supports enterprise databases or data warehouses running on major operating systems including IBM DB2, Oracle, Teradata, Sybase, Microsoft SQL Server, running on Windows, UNIX, Linux, AS/400, and z/OS. It also supports key enterprise resource planning and customer relationship management applications as well as custom and packaged applications.

Readily adapt to changes in your data environment

Create an agile and adaptive data protection environment that adjusts as new users, platforms and types of data are added. Scale to any size data protection effort with a flexible and tiered approach including seamless load balancing and self-monitoring. Streamline administration and deployment of data security and compliance with a business-centric user experience and automated tasks.

Leverage the rest of the IBM Security Guardium solution

IBM Guardium Data Protection for Databases can be combined with IBM Guardium Data Protection for Big Data, and IBM Guardium Data Protection for Files, IBM Guardium Data Encryption, IBM Guardium Vulnerability Assessment, IBM Multi-Cloud Data Protection, IBM Guardium Multi-Cloud Data Encryption and more, to flexibly safeguard sensitive data across the business environment.

How customers use it

  • Address Structured Data Security Challenges

    Address Structured Data Security Challenges

    Problem

    Data is dynamic, distributed, and in demand – and databases hold some of your organization’s most sensitive data. Native logging approaches to support security and compliance can be operationally complex, and don’t ensure data confidentiality.

    Solution

    IBM Security Guardium Data Protection for Databases provides a holistic data security platform for structured data in databases and data warehouses on major operating systems.

  • Analyze Data and Gain Visibility

    Analyze Data and Gain Visibility

    Problem

    Because data is constantly changing, moving, and being accessed by new users, it can be difficult to understand what data you have, how it is being used, and if either of these things put you at risk from a security or compliance perspective.

    Solution

    Guardium automatically discovers critical data and uncovers risk, providing visibility into all transactions and protocols across platforms and users.

  • Protect Critical Data

    Protect Critical Data

    Problem

    Insider threat and external attacks pose dangers to data; but traditional approaches can’t enforce separation of duties, recognize suspicious activity in real time, or help you act. Compliance mandates and potential audits increase complexity.

    Solution

    Guardium enables complete protection for sensitive data via real-time capabilities including monitoring, alerting, blocking and quarantining, along with compliance automation to streamline operations and reduce risk of audit failure.

  • Adapt to Changing Environments and Requirements

    Adapt to Changing Environments and Requirements

    Problem

    Constantly expanding environments, new platforms, evolving compliance requirements and dynamic users make data protection a complex challenge.

    Solution

    Guardium seamlessly handles changes within your IT environment, enabling you to secure new data sources, expand your deployment, or add new users. This flexible, tiered approach allows you to reduce costs while protecting your most critical assets.

Technical details

Software requirements

Software requirements for IBM Guardium Data Protection for Databases can be viewed at:

    Hardware requirements

    Hardware requirements for IBM Guardium Data Protection for Databases can be viewed at: