IBM Security Guardium V11 is a major new release. We're excited about the new capabilities. In this article we'll give you a brief overview of what's new.
To help customers get up and running with monitoring for compliance to various regulations, there's the Smart Assistant for compliance monitoring. It guides you through the process of setting up your data sources, scanning for sensitive data and setting up the compliance monitoring. It uses a step by step flow which is also flexible. It provides pre-built templates for common data regulations. The new Compliance Health Monitor dashboard tracks the progress of your compliance monitoring.
Guardium V11 provides new analytics that focus on increasing the security of your data. Active Threat Analytics identifies potential security threats, such as: SQL injection, malicious stored procedures, data leaks, denial of service, account take over and more. The Active Threat Analytics dashboard takes Guardium's monitored data and summarizes it into meaningful events that merit attention. You can view the rationale for each threat event and drill down to the database or database user level to see the behavioral analytics profile. You can take needed actions and investigate cases further by drilling down directly to the Investigation dashboard.
Risk Spotter is another new analytics technology that identifies users that are performing activities that are anomalous or novel, or in some way considered "risky." It uses a patented UEBA (user and entity behavior analytics) algorithm. The Risk Spotter dashboard shows an ordered list of risky users as well as aggregated insights. You can see why they were assigned a particular risk score (i.e., what risk indicators contributed to the score). You can take appropriate actions at a user level or group level from the dashboard.
Guardium V11 has an enhanced Data Protection dashboard for a full view of security and compliance. It pulls together high level information from other dashboards -- analytics findings, vulnerability assessment and compliance progress --that can be useful to CSOs.
The new Policy Analyzer feature was created to help customers better understand how their data activity monitoring (DAM) policies are performing. Policy Analyzer addresses some key use cases that customers had told us about: 1) Identify which policy rules fire the most so they could optimize the rule installation order, 2) determine if any policy rules are not firing at all, and 3) see the impact of a rule change. Policy analyzer provides a visual way to see how your DAM policy rules are being triggered, enabling customers to better tune their policies. This feature is invoked on the Analyze menu on the Policy Builder for Data page on managed units.
Guardium has expanded the integration with CyberArk for password management -- now enabling you to use CyberArk to securely store, provision, audit, and manage your Guardium datasource credentials.
Vulnerability Assessment has been enhanced to allow users to configure test exceptions, test detail exceptions, and group exceptions via the Guardium GUI. You can now apply test exceptions to a specific security assessment, review test details, and add new criteria. Group exceptions can be configured with a start and end date. All types of exceptions can be customized to apply to a single datasource, a group of datasources, or all datasources.
Guardium has expanded the scope of where your data can reside. For data on the cloud, the External TAP is the approach to use. The External TAP was part of the 10.6 release but now in V11, the external TAP can be deployed via the Guardium user interface, as well as via Kubernetes framework or service.
Guardium now has integration with AWS Database Activity Streams for Aurora PostgreSQL. You can use AWS database activity streams with Guardium to monitor and audit your database activity. No S-TAPs (external or otherwise) are needed.
As usual with each new release, Guardium has updated currency support for various databases. There's also support for two new databases: Neo4j and Couchbase.
With V11, we've made it easier to find out what platforms/database releases Guardium supports--you select the database or platform of interest, click search, then get all the relevant information. Try it here: Guardium supported platforms search.
For customers who use File Activity Monitoring (FAM) for Networked Attached Storage (NAS) or SharePoint, you can now use Guardium's Policy Builder for Files to create policies.
Finally, Guardium has been updated to use Red Hat Enterprise Linux (RHEL) 7, which enables more capabilities within Guardium.
We touched upon some key capabilities in Guardium V11. For more comprehensive information, see the IBM Security Guardium Knowledge Center. Also, don't miss the webinar "What's New in Guardium V11" available live on June 25 and on replay afterwards.
We look forward to hearing your feedback as you learn about and begin to use Guardium V11!
#Guardium