What is our primary use case?
It's being used to identify who is using what data, what resources, what they're using them for, providing audit trails. We also use it to set baselines for usage patterns, to start building cases if there are any erroneous accesses happening, and to start allowing more intuitive alerts.
So far it's installed. It was a little rocky at the beginning but everything is working pretty well now. I think the baselines have been established and so far it's performing as expected.
Now that they have the base, they are going to start creating other use cases. I'm not sure what they are, but they are going to start expanding the usage and provide more education to the security staff.
How has it helped my organization?
It's another layer to help us identify, especially from audit perspectives. It's allowing us to be more proactive than reactive on alerts and access rights and types of resources that are being hit. Before, there were a lot of different solutions, but this expanded that out and made it a more holistic solution.
It provides centralization of monitoring, instead of multiple, disparate applications. It definitely allows more economies of scale, streamlining, less fragmented use.
We also use IBM Guardium to support security initiatives and compliance policies. For example, our audit area can verify if someone has access to information that they shouldn't have, for their regular job functions. For instance, a customer service rep is looking at his ex-wife's records. We can now see all those accesses and we can verify, and if it's true and it wasn't part of their job duties, they can actually be terminated - and a lot of that has happened since.
In terms of whether it has helped us comply with industry regulations like SOX, PCI, or GDPR, with workflow, reports, and accelerators, I know we're working on becoming high-trust certified, but I'm not part of that process any more. I would have to guess, though, that it has helped, as another tool in the tool box.
I also think we integrated it with our SIEM tool, and I don't think there were any issues.
I think the solution will save us time and money. We're still in that "ROI phase" where we're building towards that. I'd give us probably another year to year and a half until we achieve that all back. But every time an inquiry comes in, instead of it taking tens of hours, now it's taking minutes.
Senior management is definitely aware of the improvements.
What is most valuable?
I'm not aware of our using any of the existing advanced features. I was only in on the initial implementation, so if they have added new things since then, I'm not aware of it.
What needs improvement?
If I used it every day I'd probably be able to give you a really good answer. But I don't.
What do I think about the stability of the solution?
I haven't heard of any issues. I think it's been pretty stable, once they got over the initial bumps. The bumps were just our staff knowing how much information needed to be monitored, and at what level. I think they were fluctuating between levels of granularity as well.
What do I think about the scalability of the solution?
We started out with as much as we could from the beginning. I don't think there have been any issues. It's our internal skill set and maturity with the tool that have been growing. I think it has TAPs in every piece of our data in our datacenter, so it's already been able to scale to what we need.
How are customer service and technical support?
I personally haven't used tech support, but I know that during implementation, when they were reaching out, IBM was always really responsive.
We have a really good relationship with IBM, regarding PMRs being taken care of. We actually have monthly meetings with the sales and technical support staff to make sure everything is being addressed, and they do a good job.
Which solution did I use previously and why did I switch?
We knew there was a gap that needed to be filled, I believe, when they engaged IBM. We had some pretty specific, and general, requirements around auditing and security. I don't recall who else they looked at in that space, but IBM seemed to fulfill every requirement we had on our list. And some issues we didn't even know about, because of our level of maturity; you don't know what you don't know, until you find out, "Oh, we can do that?"
How was the initial setup?
A lot of it was just knowing where to put all the S-TAPs. There was a lack of skill set on our implementation team, so IBM had a partner come in and help. There was that gap of knowledge that had to be crossed, and once the skill set was built it performed a lot cleaner.
Which other solutions did I evaluate?
I don't know. They went through the RFP process and selected the tool, and then I got involved, and then I hopped back out.
What other advice do I have?
If it's the vendor or a third-party telling you how things should be set up out of the gate, go with that and don't argue with them. That saves a lot of time.
I would rate it a nine out of 10. It has done a really good job for us.