IBM Guardium

IBM Guardium

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
  • 1.  DDOS Detection

    Posted Thu August 01, 2019 02:27 PM
    Hi All,

    Can we detect DDOS , DOS attack on Guardium? What will be policy condition for this or any other feature helps to detect this.

    ------------------------------
    Regards,
    Tukaram gaonkar

    ------------------------------


  • 2.  RE: DDOS Detection

    Posted Fri August 02, 2019 09:59 AM

    Hello Tukaram,

    Guardium v11 has active threat analytics that uses a mining engine to detect threats and attack symptoms.  It detects access patterns such as denial of service, account takeover, insider data leak, sql injection, malicious stored procedures...etc.  New threat cases are shown in the Active Threat Analytics dashboard (on CM in managed environment; or on standalone collector).  

    You can find more information here -- https://www.ibm.com/support/knowledgecenter/en/SSMPHH_11.0.0/com.ibm.guardium.doc/protect/active_threat_analytics.html

    Video demo here -- https://mediacenter.ibm.com/media/Advanced+Threat+Analytics/0_149862n9


    Hope this helps.
    Polly



    ------------------------------
    POLLY LAU
    ------------------------------



  • 3.  RE: DDOS Detection

    Posted Fri August 02, 2019 10:11 AM
    The 'Count of Client IP per server' report could be used to see if a server has a high amount of client IPs.

    ------------------------------
    JOSHUA KLAHN
    ------------------------------