IBM Guardium Data Protection Overview

IBM Guardium Data Protection is the #1 ranked solution in our list of top Data Masking tools. It is most often compared to Imperva SecureSphere Database Security: IBM Guardium Data Protection vs Imperva SecureSphere Database Security

What is IBM Guardium Data Protection?

The IBM Security Guardium portfolio empowers organizations to grow their business and prove compliance with smarter data protection capabilities. It provides complete visibility, actionable insights, real time controls and automated compliance workflows throughout the entire data protection journey, to support your most critical data protection needs.

IBM Security Guardium delivers discovery & classification, vulnerability & risk assessments, real-time monitoring & alerting, encryption, advanced analytics and compliance reporting across structured, unstructured, and semi-structured data in on-prem (including mainframe), cloud, and across hybrid cloud environments.

IBM Guardium Data Protection is also known as InfoSphere Guardium, Guardium, IBM Guardium.

IBM Guardium Data Protection Buyer's Guide

Download the IBM Guardium Data Protection Buyer's Guide including reviews and more. Updated: May 2021

IBM Guardium Data Protection Customers


IBM Guardium Data Protection Video

Filter Archived Reviews (More than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
EW
‎IT Security Analyst at a tech services company with 11-50 employees
Real User
Audit Process Builder enhances audit tasks and compliance workflows

What is our primary use case?

As a registered IBM Business Partner, our main interaction is to deploy Guardium at client sites.

What is most valuable?

Audit Process Builder – Workflow generator to enhance audit tasks and compliance workflows. Compliance Quick Start – Quick, GUI, step-by-step guide to automate compliance and give the customer a quick ROI.

What needs improvement?

Needs easier integration with custom applications.

For how long have I used the solution?

Three to five years.

What other advice do I have?

I would give the product a score of eight out of 10. This is due to its deep level of granularity and guided process/audit workflow generation.
Information Security Analyst at a tech services company with 501-1,000 employees
Real User
Top 20
Capture mode collects all activity and Collector stores the data for traceability

What is our primary use case?

Guardium is used based on our Manual of Internal Procedures (MPI), and its uses range from creating a rule to generating customized reports. The main use case is the procedure "Investigate Incidents Recorded by Unauthorized Access," with action "notify by electronic message the manager and/or leader of the area."

Pros and Cons

  • "The most valuable feature is using the capture operation mode “S-TAP/K-TAP agent”, because all activities in the database are captured, including direct access to the database server by privileged users. This is useful because, even if the database server logs were deleted, the Guardium Collector has already stored such data to enable traceability of access."
  • "The possible number of databases and database servers which can be monitored by Guardium is high. For me, this is a differentiator of IBM."
  • "I have already mentioned to IBM that a primary need is to improve the number of records in the reports above 65,535."

What other advice do I have?

* Read important articles related to DAP such as the "2017 Planning Guide for Security and Risk Management." * Gather information from the servers (operating system with version and database types with the versions) of the environment to be monitored. * Check which DAP solutions can monitor the environment. * List the “mandatory requirements” and “non-mandatory requirements.” It is important to have in mind which points will be evaluated. * Request PoCs with the main DAP manufacturers (IBM, Imperva, and Oracle). * Do the sizing with the topology to get an idea of the requirements and cost of…
Learn what your peers think about IBM Guardium Data Protection. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
502,275 professionals have used our research since 2012.
Business Development Manager at a tech services company with 10,001+ employees
Reseller
It made the setup easy for us

What is our primary use case?

Database encryption.

Pros and Cons

  • "Encryption is not straightforward, but Guardium made the setup easy for us."
  • "It needs an integration with Optum."

What other advice do I have?

Most important criteria when choosing to partner with a company: I started working with IBM only one year back. When I started a partnership with them, IBM had the security portfolio which covered most of the region where my customers were. IBM has a name with the support along the quality of its products.
Security Analyst at a insurance company with 1,001-5,000 employees
Real User
Supports security initiatives and ensures compliance policies, but ​It will not work as fast as you want

What is our primary use case?

Database activity management to ensure compliance audit regulations. It is also to manage risk. It is performing well, but we have a large journey to go.

Pros and Cons

  • "Supports security initiatives and ensures compliance policies."
  • "We now have the ability to begin to understand how people, applications, and service accounts are interacting with data to better protect it."
  • "​It will not go as fast as you want. ​"
  • "Initial setup is very complex. Once you start interacting with people's databases, they get very hesitant. Then, the amount of social tasks to socialize the solution ensuring people are comfortable with it became a much heavier lift."

What other advice do I have?

There are a lot of things that could be better, but it is performing pretty well. Take your time and learn each step. Make sure that you understand each step, because if you miss something, it will come back. Then, you have to circle back and figure it out anyway. Most important criteria when selecting a vendor: * Price * Support * Reliability in the marketplace * Integration with other systems.
Sr. Security Engineer
Real User
Saves us time monitoring and protecting a vast environment

What is our primary use case?

We are monitoring about 1500 or more applications, we have 150 million customers and their PHI/PII data in the repository. We have to protect that data. That is a big challenge because it's a vast environment that we have to protect. That is one of the prime use cases which caused us to select this product. Initially, we had some challenges, but as we talked with IBM and they provided some good support on it, now we are evolving pretty well. Certainly, everything is not perfect yet, but we are moving into that direction. We are far better than we were two years back.

Pros and Cons

  • "The solution has definitely saved us time, because if you want to monitor this kind of vast environment of different products, it's going to take a lot of time. Let's say one database server has 100 database instances running on it; I don't need to install 100 data instances, I just need to install on the one database server and that will cover all of my instances on that particular database."
  • "Initially it did not have support external applications like, say, Tableau, ServiceNow, Remedy, and the like. They have started growing into it, but I would like to have more and more integration with outside applications."

What other advice do I have?

I would definitely recommend it. It's easy to use and it can save a lot of headaches, by just implementing it and being able to ask at the time of audit. When it comes to audits, every company wants to be safe.
People Leader Of Cyber Strategy And Solutions at a insurance company with 10,001+ employees
Real User
We use it to create smarter controls for monitoring data

What is our primary use case?

Database monitoring. At the moment, we are using it to do a lot of data discovery from a data classification for structured data.

Pros and Cons

  • "Its ability to find data."
  • "We are using it to do a lot of data discovery from a data classification for structured data."
  • "The tech support is very knowledgeable."
  • "I am struggling getting through to social."

What other advice do I have?

Most important criteria when selecting a vendor: At the end of the day, it would have to be the support and relationship. There are a lot of smart people out there building products which do things. However, not everyone can use them, and without having someone to call, it is sort of its own disadvantage.
-- at a tech services company with 51-200 employees
Consultant
Provides regulatory compliance proof and evidence for audit

What is our primary use case?

* Database access monitoring * Vulnerability assessment * PCI compliance * SOX compliance * GDPR compliance

Pros and Cons

  • "The ability to collect the data without database administers being able to modify it."
  • "It provides us regulatory compliance proof and evidence for audit."
  • "Performance and the ability to use resources could be improved."
  • "The ability for Central Managers to talk to one another could be improved. I have 26 Central Managers and 26 silos which are independent."

What other advice do I have?

Overall, it is a very solid product.
VP Systems Engg at a financial services firm with 10,001+ employees
Real User
Heuristic network traffic analysis enables us to implement rule-based algorithms

What is our primary use case?

Database activity monitoring. It performs its job quite well.

Pros and Cons

  • "It has been very difficult to analyze all the network traffic with something else. Guardium provides that feature, it's heuristic. So we have rule-based algorithms in place to take care of that."
  • "There are features like end-to-end and S-TAP mapping, and the ability to install policies for your configuration builder. They're not there, but we'd like to see them in the next version."

What other advice do I have?

When selecting a vendor, what's important for us is * how quickly they can provide customer support * scalability * reliability * dependency. Overall, I'd rate it at eight out of 10. It could be a 10, however there are few features, like the ones I mentioned, that are still a work in progress. Regarding advice to a colleague, determine what your business needs are. If your business needs are similar to the ones Guardium solves then you should go for it. The implementation is seamless, the requirements are straightforward, and it's easy to use the product.
Data Architect at a transportation company with 1,001-5,000 employees
Real User
Makes database monitoring more visible to the business, helps with GDPR/SOX compliance

What is our primary use case?

Database activity monitoring. Its performance is good, most of the time.

Pros and Cons

  • "It's made database monitoring more visible to the business, creating more conversations about how we should do it better."
  • "Needs nore cloud support."
  • "We've had some issues recently that we're working through, on the agent software that runs on the databases."
  • "Setup can be complex. The documentation is in so many different locations, and a lot of times we have to leverage support and higher level resources to figure out the right steps to take."

What other advice do I have?

Our most important criteria when selecting a vendor are stability and architecture. I rate this solution a nine out of 10 because there are a few things I'm working through that I would like to see improved, mostly around the stability on the agent software side, working with the database vendors. Regarding advice, I would recommend you use it and that you try to leverage IBM's support and services as much as possible to help get through the initial installation and configuration.
Cyber Security Architect at a tech services company with 11-50 employees
Real User
Our clients use Accelerators to help with PCI and GDPR compliance

What is our primary use case?

We have implemented it on an industrial network to monitor the production of medicines. This is something that is very controlled by Brazilian regulations and we have to keep an audit trail for this data. Trying to enable it on SQL Server - that was our client's main server - the load would go so high that they couldn't use the application anymore. They are using Guardium now so they can produce that audit trail for audit compliance.

Pros and Cons

  • "We have integrated IBM Guardium​ with IBM Watson Curator. They access Curator to identify and correlate other actions the user is doing to determine if this is a legitimate action or not."

    What other advice do I have?

    I would rate it an eight out of 10 because it is very stable; we had some problems but they were solved, and we can do what we need to do.
    President at a tech vendor with 1-10 employees
    Real User
    Helps us support security initiatives and compliance policies like HIPAA and PCI

    What is our primary use case?

    To provide cyber security for databases. It has performed very well.

    Pros and Cons

    • "It provides a comprehensive security for databases, both on-prem and on the cloud. Among the advanced features we use automatic backups, DR."
    • "More predictive, using Watson AI would be good."

    What other advice do I have?

    Buy it.
    Database Administrator at a financial services firm with 11-50 employees
    Real User
    Automates detection of access to restricted data across our multiple platforms

    What is our primary use case?

    It's a security product that works across multiple platforms, in our case it's the mainframe and the midrange. We use it to detect when somebody accesses restricted data and report on it. So far it has performed quite well, we're happy with it.

    Pros and Cons

    • "It does not require our involvement to run it. It runs in the background and the people that do the reporting do so. The reports go to the directors who are in charge of the various data areas. It's pretty clean. Clearly there is some setup, but after you get it set up it just goes."
    • "This is a multi-platform solution that consolidates everything and centralizes support for it."

      What other advice do I have?

      We're very happy with it. It depends on what your needs are, but it meets our needs.
      Guardium Engineer
      Real User
      Helps make us more compliant with regulatory requirements but cost outweighs benefits

      What is our primary use case?

      We want to protect our data. That's the primary use case. So far, performance has been okay.

      What other advice do I have?

      I would rate this solution six out of 10. The benefit to the cost is not justified, in my opinion. I would say Guardium is a good product. It's a very good product, but you want to weigh how much you want to implement. Do you want to focus on only certain applications? Certain databases? Don't do it across the enterprise. So think about that.
      IT Security Manager at a healthcare company with 10,001+ employees
      Real User
      We use it to support security initiatives and combine policies within the organization

      What is our primary use case?

      Primarily re-monitoring sensitive data and privilege user access.

      Pros and Cons

      • "Our ability to see when users are accessing sensitive data."
      • "We use IBM Guardium to support security initiatives and combine policies within the organization."
      • "The front-end works very well."
      • "Gathering ​the data works very well. ​"
      • "One of the limitations that everyone who uses Guardium knows is its ability for back-end reporting. The ability to collect it sometimes is easier than the ability to retrieve it, use it, or give a good representation of it for incidence response or questions which come from the different people who want to use the data."
      • "Using the data in native Guardium is difficult, at best."
      MT
      Database Administrator at a healthcare company with 10,001+ employees
      Real User
      It tests security to support SOX compliance

      What is our primary use case?

      It tests security to support SOX compliance.

      Pros and Cons

      • "It supports our audit compliance."
      • "It tests security to support SOX compliance."
      • "I would like them to support cloud services."
      • "Sometimes the performance is not good, and also sometimes we have sudden bugs causing difficulties."

      What other advice do I have?

      IBM Guardium is good. Most important criteria when selecting a vendor: reliability.
      Systems DBA at a insurance company with 1,001-5,000 employees
      Real User
      We are more efficient in demonstrating compliance but the reporting features need work

      What is our primary use case?

      To protect the data. We're trying to monitor privileged users, get an idea of what's normal access, and to make sure that service account usage is only coming from the appropriate places, not being used by people from their own work stations. How I would describe how well it's performing is that we are taking a slow and steady approach to it. Right now, I would say we're going from crawl to walk as far as usage goes; not using any of the sophisticated features, more getting the base implementation in place.

      Pros and Cons

      • "Our internal audit is keeping an eye out, and making sure that we're in compliance. Having the Guardium solution and its reporting helps us get through that process a lot more quickly and efficiently."
      • "The most valuable feature for me, in my role as systems DBA, is the expediting of internal and external audits."
      • "The one thing that I would like to see improved, but I don't think it's going to be in the next release, is its reporting capabilities. I think that's been offloaded to another third-party product that I think IBM actually endorses for that."

      What other advice do I have?

      It does a good job for what it's designed to do. You may want to look into the enhanced reporting that's available by the third party, because some of the report-building features are not as nice as some of the third party's.
      AA
      App Mainframe And Storage at a financial services firm with 1,001-5,000 employees
      Real User
      It's one of the first to encrypt DB2 databases, but the technology needs to mature a little more

      What is our primary use case?

      We acquired Guardium to encrypt certain databases to meet a customer requirement. It has been performing to spec.

      Pros and Cons

      • "It's one of the first to encrypt DB2 databases."
      • "It was difficult implementing it, configuring it, getting it up and running and in production. However, since then, I believe it has stabilized."

      What other advice do I have?

      In terms of advice, I would say allow the technology to mature a little more. I think we were one of the first, if not the first, to implement Guardium. And, like I said before, it was kind of painful, but let the maturation process run it's course. I'd say learn from other people's mistakes or, not so much mistakes, just experiences. Benefit from other peoples' pain, bumps, and bruises. I rate it seven out of 10 only because it's a unique, niche offering that is not, that I know of, offered elsewhere in the marketplace. It fills a need, which is good. I don't know how prevalent the need is in…
      IT Manager at a financial services firm with 1,001-5,000 employees
      Real User
      Very good for security and compliance, simple to use and manage

      What is our primary use case?

      The primary use case is security of our data in the bank. Performance is very good.

      What other advice do I have?

      When selecting a vendor, I look at the price and the scope of solution. My advice is to use this solution. For security and compliance it is very, very good.
      Security Analyst at a insurance company with 10,001+ employees
      Real User
      It has automated a bunch of manual tasks, but it is fairly buggy at times

      What is our primary use case?

      Our primary use case would be for compliance reporting: DBA activity monitoring for SOX regulations. It has performed fairly well. There are issues here and there, but it is the only product on the market that can do this job. It is the industry leader in database security.

      Pros and Cons

      • "You could easily throw it onto a VM or add additional hardware. One central manager supports about a hundred managed units, so scalability is excellent.​"
      • "Guardium does a great job of capturing data and having the ability of trying to pull it out and make sense of it. Using it for business applications is its biggest capability."
      • "It has automated a bunch of manual tasks, giving us insights into activities that we would not otherwise be able to capture."
      • "We have had some issues with patches breaking things unexpectedly in our environments."
      • "​Overall testing and quality need improvement. It is fairly buggy at times, so it feels like it could use additional staff on the product, testing and trying it out."
      • "I would like to see a lot of additional reporting and analytics features. They have basic outlier detection, but I would love to see that go further, and model it after analytics tools like Splunk."

      What other advice do I have?

      Most important criteria when selecting a vendor: * The ability to meet requirements. * Costing * Scalability and market share.
      Systems Programmer at a financial services firm with 10,001+ employees
      Real User
      Tells us who is using our privileged IDs, helping mitigate security risks

      What is our primary use case?

      For the mainframe, monitoring DB2 privileged access to our databases. It has performed really well so far for the purpose, but we're not using the full capacity of it. There's also an open systems side that they're implementing now, that I'm not part of, but there's a lot more growth in that area.

      Pros and Cons

      • "Satisfies audit requests, to give us an idea if anybody is accessing our privileged user IDs without our knowledge."
      • "Right now we're having some issues where it's using a high CPU, we don't know why. So, better testing before the product is ready would help."

      What other advice do I have?

      I give it a nine out of 10. It's not perfect: Issues like using a high CPU and, in the beginning, it was a little unclear on how to install it. This is only on the mainframe side. In terms of advice, do a good PoC on it, because I believe it's a very expensive solution. And it has to satisfy the auditors, for sure. If it doesn't satisfy the auditors it won't go anywhere.
      Senior information security analyst at PFG
      Real User
      GUI is user-friendly; also interfaces well with REST API if you want to automate commands

      What is our primary use case?

      For compliance and risk assessment, monitoring the database traffic, as well as doing vulnerability assessments on the database to make sure that our security is up to par. We use it to keep us less vulnerable as a company as well as to keep the customers' data safe. So far it has performed really well. Occasionally, we have issues here and there with new patches having bugs, but that's the case with any software.

      Pros and Cons

      • "Our main focus for IBM Guardium is to support security initiatives and compliance policies within our organization. We use the DPD product for monitoring, especially for GDPR, SOX regulations and, of course, the vulnerability assessment that we use to make sure we're keeping up with our patches, making sure things are configured, making sure we're following the best practices."
      • "Accelerators is one of the big functions they have out there. It gives you canned reports that you don't have to make yourself, they're out there by being part of the patch. You just have to fill your information in to some of the already built groups, for your environment, and it automates a lot of that. That has definitely helped improve things."
      • "The most valuable feature is the GUI, the interface. It also interfaces well with REST API, if you want to automate some of the commands."
      • "I think it scales pretty well. It can run on most of the database platforms currently out there. That is something we really like as a feature, because we try to hit everything in our environment to make sure we're meeting those regulations."
      • "I'd like to see a smoother GUI interface for the CAS agent - CAS does configurations on the database - to interface better with the vulnerability assessments."
      • "I'd like to them make sure that the data sources can be more easily managed, because some of them are tied to multiple things. You try to remove one and you have to go to all the different spots to remove the associations before you can get rid of it."
      • "I would like to see streamlining of some of the agent features, some of the patches; make it a little bit more user-friendly on the documentation."

      What other advice do I have?

      I would rate it an eight out of 10. To make it a 10 they would need to do streamlining of some of the agent features, some of the patches, make it a little bit more user-friendly on the documentation. In terms of advice, I would make sure you do a thorough PoC, that you join the virtual user group that meets once a month, as well as a customer user group that IBM is not involved in, where you can also get some candid questions and answers.
      Application Architect at a healthcare company with 1,001-5,000 employees
      Real User
      Allows us to be more proactive on alerts, access rights, and types of resources being hit

      What is our primary use case?

      It's being used to identify who is using what data, what resources, what they're using them for, providing audit trails. We also use it to set baselines for usage patterns, to start building cases if there are any erroneous accesses happening, and to start allowing more intuitive alerts. So far it's installed. It was a little rocky at the beginning but everything is working pretty well now. I think the baselines have been established and so far it's performing as expected. Now that they have the base, they are going to start creating other use cases. I'm not sure what they are, but they are… more »

      Pros and Cons

      • "It's allowing us to be more proactive than reactive on alerts and access rights and types of resources that are being hit. Before, there were a lot of different solutions, but this expanded that out and made it a more holistic solution. It provides centralization of monitoring, instead of multiple, disparate applications. It definitely allows more economies of scale, streamlining, less fragmented use."
      • "We also use IBM Guardium to support security initiatives and compliance policies. For example, our audit area can verify if someone has access to information that they shouldn't have, for their regular job functions."

        What other advice do I have?

        If it's the vendor or a third-party telling you how things should be set up out of the gate, go with that and don't argue with them. That saves a lot of time. I would rate it a nine out of 10. It has done a really good job for us.
        Operator at Halliburton
        Real User
        Provides a unified key management system to help simplify encryption key management

        What is our primary use case?

        To keep track of client information, index security risks, and other information needed at a moments notice. IBM Guardium performs transparent encryption and decryption provides on the fly encryption without needing to be indoctrinated into lengthy training to use it.

        Pros and Cons

        • "Efficiency is key and IBM Guardium provides information in a heartbeat, but protects the data with military grade encryption."
        • "Security policy enforcement of policy-based encryption and centralized encryption key management allows us to maintain data in a secure environment."
        • "Provides a unified key management system to help simplify encryption key management."
        • "I would like to see IBM Guardium have other encryption algorithms employed."

        What other advice do I have?

        Put simply, human error is often the downfall of computer security. When using IBM Guardium, or any encryption software for that matter, use common sense: Encrypt data when not in use, watch where you enter in passwords (not at Starbucks in view of security cameras that can be retrieved by an adversary, or the person next to you), and watch out not to inadvertently install spyware while clicking on a random link.
        Solution Architect at a financial services firm with 10,001+ employees
        Real User
        Ability to define reports based on SQL query, especially when you have complex report criteria.

        Pros and Cons

        • "Ability to define reports based on SQL query, especially when you have complex report criteria."
        • "Deployment process is very complicated as you need to now all advanced parameters. Almost not possible to figure out for yourself."

        What other advice do I have?

        If you have complicated report requirements which involves very specific filtering and/or aggregation. And you have lots of resources in your virtual platform. Then give it a try. Also I suggest you take a look at other top grade product like Imperva SecureShere. the reduction in resource requirements is 3 times less and it have plenty of nice features out of the box.
        Senior System Administrator IBM Certified Specialist Infosphere Guardium at a financial services firm with 1,001-5,000 employees
        Vendor
        It can provide the logs for the activities performed by the privileged users across the all databases including MSSQL, DB2, Teradata, Oracle Sybase and many more.

        What other advice do I have?

        vast product as there are many features of this product to full fill the customer requirements, and less expertise are the there worldwide.
        Senior Middleware Engineer at a tech company with 501-1,000 employees
        Real User
        We used it to harden databases by defining policies for alerting and blocking access to prohibited and restricted data.

        Pros and Cons

        • "Database logging and audit functions are the most valuable features."
        • "I would like to be able to upgrade appliances within major versions without needing to rebuild the appliance."

        What other advice do I have?

        At first, IBM Guardium may seem complicated, but once you learn the basics, it becomes simple to use.
        Senior IT Consultant, Pre-Sales Manager, Project Leader at a tech services company with 51-200 employees
        Consultant
        Fulfills the international standard security requirements, such as PCI DSS.
        Database Security Specialist at a tech services company with 51-200 employees
        Consultant
        Provides database activity monitoring. Can discover databases on your network and find their vulnerabilities.

        What other advice do I have?

        There are three main steps when implementing a Data Activity Monitor (DAM) solution. * Discover and Classify: Find your databases in your environment, and decide which one of them has confidential data that you need to monitor. Classify your data in your database if it includes critical data like personal ID, credit card, or IMEI numbers. * Monitor Activities: Monitor all end-user activities while developing your policy rules and critical activities. * Block Critical Activities: Define and block critical activities to prevent data leakage.
        Pre Sales Engineer at a tech services company with 501-1,000 employees
        Reseller
        It provides visibility for the DB activity and secures the customer information in the DB from any misuse.

        What other advice do I have?

        Take care of the scope and the monitoring mode. Also, if the size of the DB is high then do not do it over virtual.
        Security Software Presales Specialist
        Vendor
        Reporting is automated and activity alerts are routed to the appropriate responders.

        What other advice do I have?

        Buy services. You do not need to have services for the entire implementation, but, at a minimum, invest in the Quickstart option to get up and running and to provide knowledge transfer. Once Guardium is installed on a few systems, it is very easy to add and manage.
        Security Consultant at a energy/utilities company
        Consultant
        Captures data requests from various sources and consolidates them for analysis.

        What other advice do I have?

        Take your time. Think about the elements you want to audit. Don't just audit everything. Understand the normal traffic, so you can focus on the abnormal traffic.
        Technical Specialist/Consultant Ibm at a tech services company with 5,001-10,000 employees
        Consultant
        Monitors database activity, and blocks firewalls and malicious connections.

        What other advice do I have?

        Ask for a PoC project and then decide.
        Senior Advisory Consultant - Cyber Security Practice at a consultancy with 10,001+ employees
        Consultant
        The Data Activity Monitor covers data warehouses and file shares. It helped control excessive administrator rights to databases.

        What other advice do I have?

        Try to have a dedicated team. There are a lot of moving parts and you need take a hands-on approach. It doesn’t come configured out of the box.
        Senior IT Consultant at a government with 1,001-5,000 employees
        Vendor
        It can capture database queries and use policies to feed SIEM tools for deeper correlation and for analysis. It gives us a tamper-proof audit of logged data.

        What other advice do I have?

        You need to know what you want to protect very well.
        BI Consultant /Data Security at a tech services company with 51-200 employees
        Consultant
        You can divide roles, creating safe access zones; manage credentials; and access rules.

        What other advice do I have?

        This product could by easily used with other security products; for example, SIEM products such as IBM QRadar and ArcSight.
        Information Security Analyst at a government with 1,001-5,000 employees
        Real User
        The query rewrite and redaction functions provide flexible/dynamic control of our data.

        What other advice do I have?

        If you have enough budget for database security, you must evaluate this product for your use cases.
        Information Security Engineer at a financial services firm with 10,001+ employees
        Vendor
        With the GIM, you can remotely enable/disable, install and upgrade the S-TAP agent. DB user profiling should be part of the auditing systems.

        What other advice do I have?

        I would consider IBM brand value.
        Buyer's Guide
        Download our free IBM Guardium Data Protection Report and get advice and tips from experienced pros sharing their opinions.