IBM Security Guardium

dear all,
anybody has experiences on blocking policy:
- how many percent of latency or  impact on performance drops?
- any idea to optimize the policy to reduce the dropped performance

thx

#mur​

------------------------------
Murdjoko ...
------------------------------

Hi Murdjoko, 
One commonly used approach is to keep the STAP firewall in hybrid mode:
firewall_installed=1
firewall_default_state=0

identify your "safe", latency-sensitive application sessions like multi-user applications and create a group with these sessions. 
Client IP/Source Program/DB User/ Server IP/Service Name
Configure a rule to "S-GATE attach" for any session that is not one of these "safe" sessions 
You can then create the rule that terminates any of these other sessions that attempt to write to sensitive objects

This should keep your application server sessions out of the firewall and eliminate latency for these critical sessions.
You have to be very careful in identifying the safe sessions though. Always best to test it first with an alert rule before implementing blocking

Regards

------------------------------
----------------------------
Olufemi "Femi" Adalemo
----------------------------
------------------------------

Original Message:
Sent: Sat March 26, 2022 05:02 AM
From: Murdjoko ...
Subject: Guardium Data Protection Blocking Policy

dear all,
anybody has experiences on blocking policy:
- how many percent of latency or  impact on performance drops?
- any idea to optimize the policy to reduce the dropped performance

thx

#mur​

------------------------------
Murdjoko ...
------------------------------

ok
thanks

------------------------------
Murdjoko ...
------------------------------

Original Message:
Sent: Mon April 04, 2022 02:04 PM
From: Olufemi Adalemo
Subject: Guardium Data Protection Blocking Policy

Hi Murdjoko, 
One commonly used approach is to keep the STAP firewall in hybrid mode:
firewall_installed=1
firewall_default_state=0

identify your "safe", latency-sensitive application sessions like multi-user applications and create a group with these sessions. 
Client IP/Source Program/DB User/ Server IP/Service Name
Configure a rule to "S-GATE attach" for any session that is not one of these "safe" sessions 
You can then create the rule that terminates any of these other sessions that attempt to write to sensitive objects

This should keep your application server sessions out of the firewall and eliminate latency for these critical sessions.
You have to be very careful in identifying the safe sessions though. Always best to test it first with an alert rule before implementing blocking

Regards

------------------------------
----------------------------
Olufemi "Femi" Adalemo
----------------------------

Original Message:
Sent: Sat March 26, 2022 05:02 AM
From: Murdjoko ...
Subject: Guardium Data Protection Blocking Policy

dear all,
anybody has experiences on blocking policy:
- how many percent of latency or  impact on performance drops?
- any idea to optimize the policy to reduce the dropped performance

thx

#mur​

------------------------------
Murdjoko ...
------------------------------