Guardium Product Overview

Database security and data governance

Guardium provides the only out-of-the-box solution that both secures databases in real-time and automates the entire compliance auditing process - making it the absolute simplest way for organisations to secure enterprise data and pass audits this year, next year and any year after that.

With Guardium, your customer gets a unified, cross-platform solution that's designed for heterogeneous environments. The solution supports all major database platforms, enterprise applications and operating systems (UNIX, Linux, Windows, and z/OS ).

Guardium's non-invasive, appliance-based technology can be up and running in minutes - with virtually zero impact on performance, stability or operations. It simply connects to the network and works with what is already there (such as LDAP, SNMP, and SMTP).

In order to enforce separation of duties, all audit data is stored in a secure, tamper-proof repository that is external to monitored databases. There is no root access to the appliance and all audit data is encrypted when it's archived to external storage devices.

Core Technology

Guardium's solution consists of a modular software suite that's built on a hardened Linux kernel and delivered as a pre-configured appliance. The SQL Guard appliance is a 1U rack-mountable unit built on a high-performance, industry-standard server platform. This self-contained system enables efficient monitoring, reporting and management of all database access activities.

The integrated software solution includes the modules described below:

HealthGuard™

• Creates dynamic vulnerability assessment based on real-time analysis of security metrics (failed logins, shared IDs, database errors, etc.).
• Auto-discovers entire database environment, including client applications, users, tables and rogue database servers.
• Produces an interactive visual access map with drill-down details about all database access activities (who, what, when, where and how).

AuditGuard™

• Automatically generates audit and compliance reports on a scheduled basis, including escalation reports.
• Distributes reports to all stakeholders for electronic sign-off, thereby saving time (via workflow automation) and demonstrating a formal oversight process for auditors.
• Reports can be distributed in PDF format without requiring users to login to the Guardium system.

PolicyGuard™

• Provides real-time enforcement and peremptory blocking of transactions that violate security policies.
• Creates policy-based alerts (SNMP and SMTP) based on real-time events and statistical thresholds.
• Prevents suspicious or unauthorised access using either passive (TCP reset) or active (in-line database firewall) technologies.
• The system can also generate custom, policy-based actions such as automated account logouts from DBMS systems and VPN port shutdowns.
• Automatically suggests policies via a "learning mode" (baselining) that analyses all monitored traffic and identifies both normal business processes and abnormal activities.
• Custom policies can easily be added or modified via drop-down menus.

Additional Modules

End-User Application ID Monitoring

• Positively identify application user IDs associated with specific database queries and transactions.
• Monitor enterprise applications such as Oracle EBS, PeopleSoft, JD Edwards, and in-house applications.
• Monitor both pure HTTP-based Web applications, as well as applications using other presentation-layer protocols (such as Oracle EBS and SAP R/3).
• Address connection pooling environments, in which multi-tier applications use a generic ID to access databases, thereby masking the identity of end-users.

Database Compliance Accelerators

• Simplifies compliance with 100+ preconfigured reports for SOX, PCI, data privacy laws, and Basel II.
• Rapidly satisfy auditors with best practices controls consistent with guidelines of Big 4 audit firms.
• Streamline data governance and data privacy by automating and centralising controls across all database platforms and initiatives.

Change Control

• Tracks changes to external OS and database objects that can affect security posture (database files, environment variables or registry entries, scripts, executables
• Includes pre-configured templates of which objects to monitor for all major DBMS and OS platforms
• Automatic tagging of all internal database changes (such as schema changes and data changes)
• Automated reconciliation with approved work orders from ticketing systems (Remedy, Peregrine, in-house systems, etc.)
• Imports descriptions and other information from external ticketing systems

Database Leak Prevention

• Discovery & Classification: Automatically locates and classifies sensitive data based on data patterns, labels, permissions, catalog info, etc.
• Implemented via configurable database crawler
• Policies determine actions taken upon discovery of sensitive data (alert, add to group of sensitive objects, assign access policy, etc.)
• Extrusion Policies: Unlike monitoring tools that only inspect inbound database commands, identifies unauthorised or suspicious actions by monitoring traffic both to and from database servers based on configurable data patterns, etc.
• Allows system to immediately identify query that returns thousands of credit card numbers, for example.

Incident Management

• Groups multiple policy violations into single incident for ease of tracking and resolution
• Tracks security metrics such as number of open incidents, number of assigned incidents, severity levels, length of time incidents have been open, etc.

Enterprise Manager

• Multi-tier cluster topology can be scaled up to support any mix of workload & monitoring criteria
• Centralised policy management
• Aggregation & normalisation of audit data to single repository
• Centralised management of appliance configurations, users, etc.
• SYSLOG support
• All traffic between collectors and centralised aggregators is encrypted
• Integrates with SIEM (ArcSight, RSA enVision, etc.) and frameworks (MOM, OpenView, etc.) via SMTP, SNMP, XML, CSV export