IBM Beefs Up Database Security with Guardium Buy
December 14, 2009 Alex Woodie
IBM two weeks ago bought database security software vendor Guardium. The acquisition nets Big Blue a powerful suite of products that monitor transactions across all major relational database management systems (RDBMS)–including DB2/400–in real time for signs of suspicious activity, such as unauthorized use by insiders or SQL injection attacks by outside hackers.
Guardium was founded in Israel about seven years ago to address what its founders considered a sizable hole in IT security tools and best practices. While most organizations have a range of security tools in place to protect their networks, applications, and data, they typically have very few security controls in place at the database layer, say officials with the company, which was based in Waltham, Massachusetts, before IBM bought it.
“The key issue for database security is that most companies have no visibility into what’s really going on with their database,” Phil Neray, Guardium’s vice president of marketing, told IT Jungle earlier this year. “They don’t really know who’s accessing those databases, and they don’t have any mechanisms for identifying unauthorized or suspicious activity.”
Guardium’s solutions provide that visibility into database access, as well as the capability to clamp down on security policy violations in real time. In particular, the software allows organizations to protect themselves against inside threats, such as systems administrators with “super user” authorities who could easily bypass application- or network-level security control points.
Guardium’s offering is also effective against SQL injection attacks, which can be difficult to spot using traditional security tools. In its February X-Force report, IBM’s own Internet Security Systems subsidiary identified SQL injection attacks as an increasingly popular route of ingress for hackers seeking to infiltrate corporate computer systems over the Web.
There is a slight performance hit of 2 to 4 percent as a result of running all database transactions through Guardium’s policy-based controls and anomaly detection routines, company officials have said. The product also keeps a detailed audit trail of all database activities, which is useful for regulatory compliance.
Guardium has delivered its technology–which is currently at version 7 and starts at about $75,000–as a combination of a hardened appliance deployed atop VMware, as well as a series of probes that relay data from the guarded databases. The product supports all major databases, including IBM DB2 (for Unix, Linux, and Windows), DB2/400, DB2 for z/OS, and Informix; Oracle 8i through 11g; Microsoft SQL Server 2000 through 2008; and others such as MySQL, Teradata, and Sybase. Support for DB2/400 (or DB2 for i, as iBM likes to call it) was added this April.
IBM plans to integrate Guardium’s technology into its Information Management division within Software Group. “This acquisition is another significant step in our abilities to help clients govern and monitor their data, and ultimately make their information more secure throughout its lifecycle,” Arvind Krishna, general manager of the Information Management division, stated in a press release. No details were provided about specific integration plans.
Guardium has been growing quickly and recently became profitable. Its software is used by about 400 customers, including at the Washington Metropolitan Area Transit Authority, which processes more than 9 million credit card transactions per year. Guardium had about 150 employees in the Boston area.
According to IBM, it’s the 28th acquisition for the Information Management division for this decade. IBM did not provide financial details of the acquisition. But according to an Israeli newspaper, the value of the deal was $225 million.