IBM Security Guardium

 View Only

Guardium Universal Connector Framework: You Don't Have to Be Superhuman to Be Part of this Expanded Universe

By RYAN SCHWARTZ posted Mon September 20, 2021 01:16 PM


Digitally transformative organizations are migrating to hybrid, multi-cloud environments, spurring exponential increases in the data being stored across public and private cloud data sources. Those tasked with monitoring and securing data in those locations are faced with a dual-pronged problem: an expanded, fragmented attack surface and a growing list of data regulations with which organizations must comply.


With the Universal Connector, organizations can collect and normalize activity data from across their enterprise agentlessly. Data can then be utilized by consuming applications to perform a variety of security use cases. For instance, activity and audit log data can be centralized across disparate databases, giving a holistic, risk-centric understanding of your organization's data security posture.  Once centralized, this data can be analyzed to identify and understand historical trends in user behavior, ultimately leading to the detection of anomalous activity.


Beyond the immediate use case for Guardium users, building these Connectors has the benefit of enriching and expanding the usefulness of Guardium for organizations using it across all industries. Each new Connector is another data source that can be connected and protected by Guardium, further centralizing expanding hybrid multicloud environments. This boosts the efficacy of data security in all sectors, creating an open-source pathway to better data security hygiene and defense against threats.


How does it work?


Universal Connectors consist of a series of three plugins within a Logstash pipeline:] that ingest, process, and output events in a normalized, common format:

1) Input Plugin: Settings to pull events from APIs or receive push of events.

2) Filter Plugin: Parses, filters, and modifies events into a common format.

3) Output Plugin: Sends normalized events to locations to be consumed by security applications.


Universal Connectors are packaged and deployed in a Docker container environment.


It doesn’t matter who you are, if you are an IBMer, customer, partner or whether you are even currently using IBM Security Guardium for data security at all (and if not, let’s talk!); if you interested in building a Connector or want to View the Universal Connectors Library, go to this IBM GitHub page to learn more.

And register today for the Universal Connector Tech Day on September 30th.


And to learn more about the IBM Security Guardium or how IBM approaches data security and data privacy, go to the links below: