IBM Guardium

Does IBM Guardium have any built-in policies for detecting DDoS attacks and SQL Injection attacks that can be used in an environment

e.g. Trigger an alert for a potential denial-of-service (DoS) attack based on multiple failed login attempts within a minute. Additionally, a high number of client IPs in a single session could indicate a possible DDoS attack

------------------------------
Ahmad Hassan Tariq
------------------------------

@Abu Mussa Elahi,

With your Guardium Data Protection Policy Builder there is a "Basic Data Security Policy [template]" that has example policy rules you can leverage for DDoS and SQL Injections. A more comprehensive list of the threat descriptions built in the product can be found here: https://www.ibm.com/docs/en/gdp/11.5?topic=analytics-threat-descriptions. Some, will be detected by policy rules, others leverage behavioral analytics.

------------------------------
Wendy Zemba
Sr. Consultant, Data Protection
Converge Technology Solutions
wendy.zemba@convergetp.com

Need help with your Guardium deployment? Contact me directly to discuss engagement opportunities. Currently serving North America.
------------------------------

Original Message:
Sent: Fri October 11, 2024 02:05 AM
From: Ahmad Hassan Tariq
Subject: DDOS & SQl Injection Policies

Does IBM Guardium have any built-in policies for detecting DDoS attacks and SQL Injection attacks that can be used in an environment

e.g. Trigger an alert for a potential denial-of-service (DoS) attack based on multiple failed login attempts within a minute. Additionally, a high number of client IPs in a single session could indicate a possible DDoS attack

------------------------------
Ahmad Hassan Tariq
------------------------------