Frequently asked questions

Get answers to the most commonly asked questions about IBM Security Guardium Data Protection.

Getting started with this product

What is Guardium Data Protection?

Guardium Data Protection is a unified data security solution delivering critical capabilities — data discovery and classification, data activity monitoring and analytics, real-time response to threats, automated compliance auditing and reporting — to enable comprehensive data protection.

What groups and users can use Guardium Data Protection?

Data security is everyone's business. While security and compliance teams are primary users, the implications of data security is now beyond IT. Data, privacy, lines of business, risk and legal teams all have use cases that are supported by Guardium Data Protection.

What challenges does Guardium Data Protection address for security teams?

Guardium can help address the challenges of having visibility into sensitive data, whether on-premises or in the cloud, detecting risky users and suspicious data access and activity, and simplifying data security and data privacy compliance.

How does Guardium Data Protection align to a zero-trust framework?

Guardium Data Protection wraps security around data with context through data activity monitoring to learn when, where, how, and who is accessing data to detect anomalous and non-compliant activity – and dynamically adjust controls and access rights.

How does Guardium Data Protection enable customers to address data privacy?

Guardium can help accelerate your ability to address data privacy compliance with easy to setup compliance policies and monitoring, a data access audit trail, entitlement reporting and other compliance reports.

What types of environments and data stores does Guardium Data Protection secure?

Guardium supports a variety of on-premise and cloud data stores including databases, big data, files, database-as-a-service and mainframes.

Does Guardium Data Protection protect cloud data sources?

Does Guardium Data Protection support data discovery and classification for cloud-based data sources?

Yes, please view the list of the data sources that are compatible with Guardium Data Protection's data discovery and classification processes.

What types of data discovery methods does Guardium Data Protection provide?

Guardium supports data discovery using a policy-based approach. Out-of-the-box and custom classifier policies can be defined to perform catalog or metadata discovery using sensitive data regexes and patterns. It can also be used to perform exact data match and unstructured data discovery.

How can I learn more about Guardium's vulnerability assessment capabilities?

Customers can choose to license just the vulnerability assessment features of Guardium Data Protection.

Does Guardium Data Protection support case management and threat response solutions?

Yes, Guardium helps surface data-level security threats and can improve security operations with integrations to ServiceNow and to SIEM solutions such as Splunk and QRadar. It enables security orchestration and response with IBM Cloud Pak® for Security and IBM Security SOAR (Resilient).

Does Guardium Data Protection integrate with identity and access management solutions?

Yes, Guardium can integrate with identity management solutions (e.g., AWS Secrets Manager and CyberArk) for security automation use cases such as securely storing, provisioning and auditing your Guardium data source credentials.


Can Guardium Data Protection deploy in the cloud?

Yes, Guardium supports deployment on several cloud platforms. More information about deploying Guardium on Amazon AWS, Google, IBM Cloud, Microsoft Azure and Oracle OCI.

What do I need to run Guardium Data Protection?

Where can I find documentation for Guardium Data Protection?

Documentation on Guardium Data Protection is available.

What are the data sources supported for data discovery and classification?

View the list of the data sources that are compatible with Guardium Data Protection's data discovery and classification processes.

What is a Universal Connector?

The Universal Connector is a light-weight open-source framework used to develop plugins for Guardium to monitor cloud and on-premise data sources using native audit logs. Customers and partners are encouraged to build their own plugins using the Universal Connector framework.


What types of data activity monitoring methods does Guardium Data Protection provide?

Guardium Data Protection provides both agent-based and agentless methods to monitor data sources. It supports multiple monitoring methods under each of these categories based on the type of data source and where it is located — in the cloud or in your data center.

What data collection and monitoring connectors are available?

For agent-based monitoring, Guardium supports S-TAPs (installed at the data source) and External S-TAPs (installed in-line for containerized and cloud data sources). Supported agentless options include Universal Connector plugins and cloud event streams (e.g., AWS Kinesis and Azure Event Hubs)

How does Guardium Data Protection help customers quickly address regulatory compliance?

Guardium offers Smart Assistant, a low-touch, guided, 4-step workflow feature to get up and running on compliance monitoring by defining custom policies, workflows and reports for global regulations such as PCI DSS, SOX, GDPR, CCPA, Basel, HIPAA and others.

What are Guardium's compliance accelerators?

Compliance accelerators provide Guardium users pre-defined templates for policies, groups and reports, in order to meet various compliance requirements such as PCI DSS, GDPR and CCPA in a short amount of time.

What compliance reports can Guardium Data Protection generate?

Guardium provides out-of-the-box report templates to get started with compliance monitoring for various regulations and standards such as PCI DSS, SOX, HIPAA, GDPR and CCPA. It also offers Workflow Builder to define custom audit workflows and reports to tailor to the needs of various teams.

How does Guardium work with IBM Security Verify to unite data security and IAM?

Guardium can integrate with IBM Security Verify's identity governance capabilities to improve visibility into how access is being utilized, prioritize compliance actions with risk-based insights, and make better decisions with clear actionable intelligence.

How does Guardium work with IBM Cloud Pak for Data to unite data security and data governance? 

Guardium agents are available on the IBM Cloud Pak® for Data for proactive monitoring of hosted containerized database services, as well as data sources external to the cloud pak. These agents also provide separation of duties between database access and the processes responsible for monitoring behavior.

What is Guardium's Investigation Dashboard?

The Investigation Dashboard provides powerful tools for identifying and assessing problems that might exist in your environment by querying and visualizing data to reveal patterns, anomalies and relationships across your data.

What is Guardium's Risk Spotter?

The Risk Spotter implements a dynamic risk assessment, considering multiple risk factors, in order to identify risky users. Each user's overall risk score is calculated daily, based on the audited data, so that you can prioritize mitigating actions.

What is Guardium's Active Threat Analytics?

The Active Threat Analytics dashboard shows potential security breach cases, based on an outlier mining process and on identified attack symptoms. In this dashboard you can view and investigate cases, and take actions on individual cases.

Other often-asked questions

What is data protection?

Data protection is a set of processes and technologies used to secure the integrity, privacy, and availability of data. Data protection is critical for any organization that handles and stores sensitive data in order to reduce the chance of a data breach.

What is data activity monitoring?

Data activity monitoring or DAM is a capability that can identify and prevent potential malicious activity across operating environments by providing real-time alerts and notifications to the data security team or security operations team in order to enhance the protection of sensitive data.

What is compliance monitoring?

Compliance monitoring refers to various controls and tests that organizations put in place to check how well their business is meeting their regulatory requirements on an on-going basis. This need to monitor compliance performance is often required by data security and data privacy regulations.

How does monitoring work?

Data activity monitoring or compliance monitoring is deployed as agent or agentless connectors to data sources, thereby providing access for maintaining logs, detecting policy breaches and correlating data to present a fuller picture of events related to the data being monitored.

What is vulnerability assessment?

Vulnerability assessment is used to scan the database infrastructure for security gaps and provide an evaluation of database and data security health, with real-time and historical measurements, so that you can identify and correct security vulnerabilities in your database infrastructure.

What is entitlement reporting?

Entitlement reviews ensure that users only have the privileges required to perform their duties. Guardium's predefined database entitlement reports can help you see who has system privileges and who has granted these privileges to others, to minimize lingering accounts and ill-granted privileges.

What is database auditing?

Auditing databases and other data sources enable you to track and understand how your data is being used and who is using your data, in order to have visibility into any risks of data misuse or breaches.

Next steps

Review your options with a Guardium expert in a free, 30-minute call.