IBM Guardium

 View Only
  • 1.  DDOS & SQl Injection Policies

    Posted Fri October 11, 2024 02:05 AM

    Does IBM Guardium have any built-in policies for detecting DDoS attacks and SQL Injection attacks that can be used in an environment

    e.g. Trigger an alert for a potential denial-of-service (DoS) attack based on multiple failed login attempts within a minute. Additionally, a high number of client IPs in a single session could indicate a possible DDoS attack



    ------------------------------
    Ahmad Hassan Tariq
    ------------------------------


  • 2.  RE: DDOS & SQl Injection Policies

    Posted Fri October 11, 2024 12:00 PM

    @Ahmad Hassan Tariq,

    With your Guardium Data Protection Policy Builder there is a "Basic Data Security Policy [template]" that has example policy rules you can leverage for DDoS and SQL Injections. A more comprehensive list of the threat descriptions built in the product can be found here: https://www.ibm.com/docs/en/gdp/11.5?topic=analytics-threat-descriptions. Some, will be detected by policy rules, others leverage behavioral analytics.



    ------------------------------
    Wendy Zemba
    Sr. Consultant, Data Protection
    Converge Technology Solutions
    wendy.zemba@convergetp.com

    Need help with your Guardium deployment? Contact me directly to discuss engagement opportunities. Currently serving North America.
    ------------------------------