IBM Guardium

IBM Guardium

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  DDOS & SQl Injection Policies

    Posted Fri October 11, 2024 02:05 AM

    Does IBM Guardium have any built-in policies for detecting DDoS attacks and SQL Injection attacks that can be used in an environment

    e.g. Trigger an alert for a potential denial-of-service (DoS) attack based on multiple failed login attempts within a minute. Additionally, a high number of client IPs in a single session could indicate a possible DDoS attack



    ------------------------------
    Ahmad Hassan Tariq
    ------------------------------


  • 2.  RE: DDOS & SQl Injection Policies

    Posted Fri October 11, 2024 12:00 PM

    @Abu Mussa Elahi,

    With your Guardium Data Protection Policy Builder there is a "Basic Data Security Policy [template]" that has example policy rules you can leverage for DDoS and SQL Injections. A more comprehensive list of the threat descriptions built in the product can be found here: https://www.ibm.com/docs/en/gdp/11.5?topic=analytics-threat-descriptions. Some, will be detected by policy rules, others leverage behavioral analytics.



    ------------------------------
    Wendy Zemba
    Sr. Consultant, Data Protection
    Converge Technology Solutions
    wendy.zemba@convergetp.com

    Need help with your Guardium deployment? Contact me directly to discuss engagement opportunities. Currently serving North America.
    ------------------------------

    Original Message