How new are Guardium's 'new' database monitoring features?

Guardium has introduced its updated database activity monitoring tool, Infosphere Guardium 8, but one expert questions whether the product offers anything new.

IBM Corp.'s Guardium subsidiary has unveiled Infosphere Guardium 8, a new set of database activity monitoring (DAM) tools it says will help companies protect sensitive and confidential data across a wide range of technology platforms.

It doesn't really look that new to me. Guardium has been able to monitor most databases for a long period of time, and they have had mainframe support for a while.

Adrian Lane
CTO, Securosis LLC

The product is delivered as an appliance or virtual appliance and allows organisations to enforce information-handling rules on major ERP systems, including SAP, as well as on mainframe systems and Microsoft SharePoint systems, all from a single policy set.

Guardium Inc. was acquired by IBM last November, but Phil Neray, the company's vice president of security strategy and marketing, said version 8 of the product had already been planned and is the fruit of a two-year project to extend the range of its functions. "It gives a lot more coverage, and gives organisations a way to enforce their policies better," he said.

The company touts the following new database monitoring features in version 8:

  • Fraud protection in SAP systems: Businesses can detect and block fraud in real time by monitoring user activity at the application layer, including activity by administrators and outsourced personnel.

  • Real-time monitoring controls: These can be used to detect unauthorised access to SharePoint repositories.

  • Improved support for mainframe systems: Tapping into IBM's own technology to capture database transactions with minimal performance impact provides enhanced database activity monitoring capabilities for IBM DB2 databases running on System Z, allowing businesses to protect critical information from unauthorized access by administrators. Support is also provided for other databases such as Oracle.

  • Blocking functions: As well as providing alerts, the system can also apply selective blocking. For example, if a customer service worker looked up an unusually large number of credit card records in a short period, the system could automatically shut him or her out.

  • Integration with IBM's Tivoli system: This means that security and compliance information gathered by Guardium can be combined with information about other systems and network security devices collected by Tivoli Security Information and Event Management software.

  • Improved compliance reporting: The system includes standard templates for common regulations such as PCI DSS.

Adrian Lane, CTO with Arizona-based analysis firm Securosis LLC, knows the Guardium product line well and described it as "good and solid". But he questioned how new many of the features really are.

"It doesn't really look that new to me," Lane said. "Guardium has been able to monitor most databases for a long period of time, and they have had mainframe support for a while. They've also been able to provide some support for SAP systems, depending on how you do policies."

But Neray insisted that version 8 adds many new features to existing functions, as well as adding entirely new functions, such as SharePoint control. Among the new features for DB2 on the mainframe are a new IBM-developed agent for capturing database events and a library of preconfigured tests, based on industry best practices, that identify database vulnerabilities such as weak permissions.

Version 8 also offers support for two new database platforms, PostgreSQL and Netezza.

But Lane warned companies not to expect security tools to do all the compliance work for them. "In many ways, database monitoring parallels the security incident and event management market: You have all of the tools to get the job done, but you need to write a lot of policies to tune into your organisation," he said. "You collect a lot of data but you still have to make sense of it. And you need to write policies so that you still get the real-time analytics that you need without killing the server."

He also underlined the need to see database monitoring in broader context.

"It's not only about security any longer," Lane said. "It's also about compliance and operations management. It's about getting these systems under control and properly audited. It's also about integrating with trouble ticketing systems and patch management systems."

Read more on Application security and coding requirements