IBM Updates Guardium Database Security Software
September 21, 2010 Alex Woodie
IBM last week officially launched InfoSphere Guardium version 8, the first release of the database security software since it was acquired by IBM nearly a year ago. The new release adds support for new ERP applications, mainframe operating systems, and popular file systems.
The Guardium software monitors database management systems in real time for signs of unauthorized or malicious activity from internal and external threats, such as malevolent employees or SQL injection attacks. Because most IT security tools look at the application or network layers, providing insight into security goings-on deep down in the database can prove elucidating for elusive threats.
On most RDBMs, Guardium uses custom-developed “probes” to monitor database activity and send it to the analysis component of the tool, which runs as a virtual appliance within a VMware hypervisor. The developers say they can protect the database without hurting its performance much; between 2 and 4 percent is a typical performance hit, according to company representatives.
However, for DB2/400, which Guardium added support for in April 2009, the company uses the database’s native and information-rich journaling facility to track database activity. Using journaling also minimizes any additional performance hit on DB2/400, as most IBM i shops implementing Guardium will have journaling turned on.
With Guardium version 8–the first version since IBM’s acquisition in December 2009–the Guardium developers have added support for several specific operating environments and file types.
For starters, malicious employees who work in SAP enterprise environments will not be able to hide their nefarious activities beneath their ERP system’s massive complexity now that Guardium has bolstered its support for SAP. The company says it can now monitor “user activities at the application layer,” including activities by administrators and outsourced personnel.
Guardium can also monitor Microsoft SharePoint files with version 8. IBM says that using Guardium to monitor real-time activity within SharePoint is important, as the popular Microsoft portal lacks the controls necessary to prevent misuses by insiders.
Version 8 also added support for Netezza business intelligence appliances; by coincidence, IBM announced plans to acquire Netezza yesterday. IBM also bolstered support for its System z mainframe with Guardium 8. Guardium previously offered Z-TAPS for tapping into mainframe file systems, and with version 8, IBM has expanded coverage for DB2 running on the mainframe.
Version 8, which started shipping September 17, also brings enhancements to Guardium’s compliance and audit processes; brings new blocking and quarantining capabilities; and integration with IBM’s Tivoli security information and event management (SIEM) software.
The company also confirmed that it continues to support DB2/400. IT Jungle queried the company over its DB2/400 support when the RDBMs was not listed as supported platforms when IBM announced Guardium 8 on August 3 with United States Software Announcement 210-223. It was apparently a simple oversight by IBM.