You’ve finally completed your Guardium deployment: stood up collectors, pushed out STAPs and are monitoring hundreds, thousands or even tens of thousands of database servers. Great, you’re done with the hard part and the rest is a piece of cake. Or so you think.
In reality, the core of your implementation is just starting because now you must begin to focus on the activity data itself and converting this visibility into value. While it used to be fine to collect the basic user data and produce a handful of compliance reports that were quickly filed away, this is no longer the case: today, infrastructures are larger and more data is generated than ever before, creating increased complexities – but also new opportunities to extract value. This value comes in the form of being able to quickly search on the data you collect through Guardium, including ad-hoc searches across the entire estate. It includes making the data available to data scientists that use tools such as “R” and Python/Scikit. It includes making the data available to the business owners who want to get CSVs that include activity performed on their servers. And all this must be done without adding FTEs – so that the answer cannot be “tell me what you want and I will produce it for you” because you just don’t have the capacity to accommodate all these requests for insight.
Enter Guardium Big Data Intelligence (GBDI), or BigG as we call it. GBDI collects the data from all the collectors into a Big Data repository and makes the data available for ad-hoc searches, analytics, reporting and flexible yet controlled downloads. It then makes this functionality available through a universal access layer that allows people to get what they need themselves without overwhelming the Guardium administrators with requests that would otherwise cripple the team.
“Universal access” means that the data is available through a large number of methods – the actual number is somewhere between 500 and 700! You can use SQL to access the data. You can use Tableau and other Business Intelligence tools to access the data. You can use “R” and Python to write your own machine learning algorithms and use the most important security data in any organization. You can query using Splunk – without indexing it in Splunk! You can use Kibana discovery and dashboards. The list goes on and on since GBDI is so flexible for data access.
As an example, one of the most advanced Guardium deployments in the insurance industry uses GBDI to provide access to their business owners who view not only activity, but also vulnerability assessment data. Rather than static reports, the users get data in a combination of CSVs, search interfaces in Kibana and a dashboard that lets them drill down immediately on what they should fix. The Guardium admin team originally designed these dashboards, but with GBDI, different owners are easily able to customize them for content and presentation. The entire experience went from a “batch” experience to a “look at me go” experience.
All this can be done without throwing security out the window. Openness does not imply insecure, because GBDI has a data-level security rule system through which the Guardium administrators continue to control who is allowed to see what.
The secret to increasing the value of a Guardium investment is to unshackle the Guardium data and empower many different teams within the organization to directly access the data and views that are most relevant for them.