IBM Guardium Data Protection Review

Provides regulatory compliance proof and evidence for audit


What is our primary use case?

  • Database access monitoring
  • Vulnerability assessment
  • PCI compliance
  • SOX compliance
  • GDPR compliance 

How has it helped my organization?

  • It provides us regulatory compliance proof and evidence for audit. 
  • It allows us to find bad actors. 
  • It allows us to find people who are doing stupid things, and do it without the intervention and loss of data integrity of the people that we are monitoring manipulating the data.

We have integrate IBM Guardium with ArcSight and Splunk.

What is most valuable?

The ability to collect the data without database administrators being able to modify it.

What needs improvement?

  • There are some GUI improvements that I have provided to development already.
  • Performance and the ability to use resources could be improved. 
  • The ability for Central Managers to talk to one another could be improved. I have 26 Central Managers and 26 silos which are independent.
  • Some of the data handling or data recording could be improved. We are doing it with external software, components, etc. 

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

For the most part, it is stable. Depends on the year.

What do I think about the scalability of the solution?

It has scaled. It was pulling teeth, but it does scale. 

We taught IBM about the limits of the product. They did not think there were limits to the product. There were, because we do very extensive testing of performance. We can tell you when a product is going to break. Their development thought this was valuable because they do not have the facilities to do this sort of extensive testing.

How is customer service and technical support?

Technical support is very knowledgeable now. 

At one time, they were horrible since they were blue washed. After the blue wash and a couple of years on the honeymoon, then they have gotten considerably better. They have had problems understanding that they do not know as much about the company's environment as the employee does. This will result in them downgrading tickets, and they will just do it on the fly. This is not a good thing because they do not understand the issue. This may not look like a sub 1 ticket to IBM support, but it is.

Which other solutions did I evaluate?

We went in and tested it. We continually test everything that is in the industry. Guardium has significantly gone past the mark of acceptable every single time, as compared to their other competitors.

What other advice do I have?

Overall, it is a very solid product. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Add a Comment
Guest
Sign Up with Email