How To
Summary
This video walks through the Data Source Risk functions and capabilities in Guardium Insights.
Guardium Insights uses risk scoring to help to prioritize workloads and uncover risks that support a zero trust approach to data security.
Objective
Guardium Insights uses risk-scoring to help prioritize workloads and uncover risks supporting a zero-trust approach to data security. This video walks through Guardium Insights Data source risk functions and capabilities.
https://www.securitylearningacademy.com/course/view.php?id=6487
The Data source risk tile reflects the risk level across all your data sources monitored and fed into Guardium Insights.
Clicking ‘View all data sources’ displays a list of data sources with associated risks.
Guardium Insights applies patented machine learning algorithms across security and compliance data to quickly detect anomalous activity. With assigned risk levels, this triggers risk-based alerts to help prioritize the next steps.
The risk levels are calculated as a probability of breach times its projected consequence. Existing vulnerabilities are an example of factors influencing probability while the sensitivity of data given a data source impacts potential consequences.
Records can be filtered by high, medium, low, or score pending.
Let’s review the FinanceDB data source. Select the record.
We can see a 49% confidence score has been calculated for the anomaly. Clicking the alert further reveals the average extraction level is 54.6K rows but suddenly jumped to 216K rows. With information about the Who, What, When, Where, and Why of the issue, Guardium Insights flagged the event and issued the alert.
To retrieve in-depth detailed information of the event, on the upper-right part of the screen, click ‘Anomaly report’.
Here Guardium Insights anomaly risk engine provides a complete picture into the calculation for that anomaly.
This in-depth forensic analysis helps security analysts understand various risk aspects of their data and act.
Reports can be exported to a .csv file or shared. Schedule distributions to ensure key stakeholders are consistently notified of the information.
If further action is needed, go back to the Anomalies page, and create a ticket in the ServiceNow® external ticketing system.
If immediate action is necessary, the user can be blocked. By selecting and confirming to block the user, a command is issued to Guardium Insights to stop the user from any further activity until the investigation is concluded.
Mark the events not needing any action as read or ignored.
Additional Information
Quick references
IBM Security Learning Academy - Guardium Training
Check out this URL to find free Guardium training that includes hands-on labs, self-paced online courses, and online books. Use the training roadmaps to help guide your learning path based on role. Want to learn about other IBM Security products and solutions? Click the Home icon, and you can review all the courses.
- IBM Security Guardium Documentation
Check out this URL to find formal product documentation on how to configure, administer, and use IBM Security Guardium.
- IBM Guardium Community
Stay informed on recent features and just-in-time topics. This community includes forums, blogs, how-tos, event notifications, and release wikis that Guardium subject matter experts contribute to and monitor.
Related Information
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
03 November 2021
UID
ibm16508581