IBM Security Guardium

 View Only
  • 1.  Deploy Policy architecture

    Posted Mon January 30, 2023 03:50 PM
    Hello all,

    Please if someone enlighten me, I want to integrate productive and laboratory databases to Guardium, but i want to have two different active policies:
    1. Policy for productive databases
    2. Policy for laboratory databases

    So, in each one, install a rule group and deploy the policy according to the database either productive or laboratory. Is it possible to do this?

    ------------------------------
    Mauricio Kenta
    ------------------------------


  • 2.  RE: Deploy Policy architecture

    IBM Champion
    Posted Mon January 30, 2023 05:33 PM
    Hi @mauricio:

    I'm going to assume that the S-TAPs will report to the same collectors (otherwise there are other considerations that you can make), but you can create a group of Server IP's or Server Host Names and use those groups in your policy rules.

    This scenario can get complicated and potentially difficult to maintain. So I recommend using wild cards in your groups if possible. For example, if your database hosts for your productive footprint have a naming convention of SQLSVRPROD01, SQLSVRPROD02, etc. you can use SQLSVRPROD% in your group. Likewise if you have network segments where they are assigned, you can use a similar concept for IPs. You'll then use the 'In Group' condition.

    Note that explicates are not recommended, especially if you are monitoring a clustered environment, because Guardium will record the Server host name and Server IP that is used in the connection. For example, if SQLSVRPROD01(10.1.1.1) and SQLSVRPROD02(10.1.1.2) are a pair and your users connect to SQLSVRPROD_A(10.1.1.3) which takes them to the primary node, Guardium will record SQLSVRPROD_A(10.1.1.3) as the Server host name(IP).

    Here's an example of what you would include in a policy rule using the wild card option, otherwise use equals '=':



    ------------------------------
    Wendy
    Converge Technology Solutions
    Formerly Information Insights
    ------------------------------



  • 3.  RE: Deploy Policy architecture

    Posted Tue January 31, 2023 09:49 AM
    Hi Wendy,

    Ok thanks for the tip, according to your comment, if the architecure implemented has 2 recollectors, exists another possibility?

    ------------------------------
    Mauricio Kenta
    ------------------------------



  • 4.  RE: Deploy Policy architecture

    IBM Champion
    Posted Tue January 31, 2023 02:27 PM
    Hi @Mauricio Kenta

    The policy is installed on the Collector, so if you need a different policy for ​productive and laboratory and they are segregated by Collectors, you can create two policies and install the applicable policy on the Collector based on what it's monitoring.

    ------------------------------
    Wendy
    Converge Technology Solutions
    Formerly Information Insights
    ------------------------------



  • 5.  RE: Deploy Policy architecture

    Posted Wed February 01, 2023 03:14 PM
    Hello Wendy,

    I've been reading the documentation, but i did not find an specific topic about my doubt, please if you could provide me the correct guide to do the corresponding tests and make an appropiate deploy of the solution

    ------------------------------
    Mauricio Kenta
    ------------------------------



  • 6.  RE: Deploy Policy architecture

    IBM Champion
    Posted Wed February 01, 2023 04:53 PM
    Hi @Mauricio Kenta,

    I'm not sure that there would be documentation specific to what we discussed here, but if you want to learn more about policies, there are several courses on IBM Security Learning Academy that you may find helpful. Below are a few recommendations:
    Create, install, and update Guardium Policy
    IBM Guardium Policy Management
    Guardium policy strategy and techniques

    If you're new to the IBM Security Learning Academy, the full course catalog can be found here: Guardium Data Protection - Course Catalog.

    Further documentation can be found on IBM's Technical Documentation site. Here's a link for v11.4 Policy search, but you can change your version if applicable: IBM Security Guardium 11.4 Documentation - Policy

    ------------------------------
    Wendy
    Converge Technology Solutions
    Formerly Information Insights
    ------------------------------