Analyst reports
Gartner - Apply the Nine Critical Capabilities of Database Audit and Protection
As organizations continue to increase the size and scope of databases, IT leaders are challenged to protect sensitive data, which has been condensed into many databases from different vendors. In this analyst report, Gartner Inc. has identified nine critical security capabilities that form part of a DAP solution.
Last updated: 07 Jun 2013
IBM X-Force 2012 Annual Trend and Risk Report
This document analyzes and explores security threats including vulnerabilities, malware, spam, phishing, and more.
Last updated: 30 Apr 2013
Hardening A Teradata Database: Best practices for access rights management
This joint IBM - Teradata white paper identifies the best practices for database access rights management and introduces the IBM InfoSphere Guardium Vulnerability Assessment.
Last updated: 26 Mar 2013
Current Analysis: Exposing the hidden costs of database security solutions
Organizations evaluating database security solutions must delve deeper than the upfront costs to meet compliance requirements and support new environments, like cloud and big data. Evaluating hidden costs and implementing best-in-class solutions delivers a much lower cost of ownership.
Last updated: 07 Feb 2013
Gartner - Magic Quadrant for Data Masking Technology
IBM InfoSphere Optim is a leader in Gartner Inc's Magic Quadrant for Data Masking Technology. InfoSphere Optim received the best ranking in the ability to execute and completeness of vision categories compared to competitors
Last updated: 09 Jan 2013
Control and Protect Sensitive Information in the Era of Big Data, a Forrester Research report
As big data initiatives ingest more and more data, enterprises will face significant risks and threats to the repositories in which they keep that data. Learn how to control and properly protect sensitive information that is subject to global laws and regulations.
Last updated: 23 Jul 2012
Insights from the 2012 IBM Chief Information Security Officer Assessment
To obtain a global snapshot of security leaders’ strategies and approaches, the IBM Center for Applied Insights conducted double-blind interviews with 138 security leaders-–the IT and line-of-business executives responsible for information security in their enterprises.
Last updated: 16 Jul 2012
Securing Enterprise Data and Ensuring Compliance
Security is an important element of an information integration and governance framework. This research perspective by Ventana Research provides insight to help organizations ensure a centralized, holistic security architecture to prevent breaches and automate compliance.
Last updated: 21 Jun 2012
Gartner Report: Database activity monitoring is evolving into database audit and protection
In this report, Gartner writes that “Database audit and protection (DAP) represents an evolutionary advance in database activity monitoring tools.” Read how DAP suites provide comprehensive support in heterogeneous database environments to protect sensitive data from inappropriate use.
Last updated: 07 May 2012
Gartner: Database Activities You Should Be Monitoring
Gartner has compiled a list of 10 critical database activities and behaviors — segmented by four user profiles — that enterprises should be monitoring and auditing now
Last updated: 10 Mar 2012
2012 Business Case for Data Protection: What Senior Executives Think about Data Protection
Data breaches and attacks on sensitive and confidential information are making data protection a critical component of an organization’s leadership and governance strategy. The 2012 Business Case for Data Protection Ponemon study investigates what senior executives think about data protection.
Last updated: 16 Feb 2012
Look beyond database auditing to improve security, audit visibility and real time protection
Enterprise Database Auditing Solutions Offer The Best Option To Secure Databases And Save Time And Money
Last updated: 20 Jan 2011
Announcement letters
IBM InfoSphere Guardium V9.0
Deliver real-time activity monitoring and automated compliance reporting for Big Data security
Last updated: 10 Sep 2012
Books
Bridging the data security gap - Unified data protection for four key data environments
Today's IT environment is complex- big data, cloud and virtual, enterprise data, and enterprise application security. How do you protect them all? Read this e-book and learn how you can implement an effective data security and privacy solution for multiple environments.
Last updated: 17 Jun 2013
Planning a data security and auditing deployment for Hadoop eBook
As volumes of data including 'sensitive data' move to Hadoop big data environments, the relative lack of controls makes it an attractive target. Read how IBM InfoSphere Guardium data activity monitoring and auditing solutions help to protect against breaches and unauthorized access.
Last updated: 18 Jan 2013
Top 3 Myths about Big Data Security eBook
Data volumes are growing rapidly with no end in sight. Big data represents massive business possibilities and competitive advantage for organizations that are able to harness and use that information. But how are they protecting that data? This eBook addresses three myths of big data security.
Last updated: 24 Oct 2012
Top tips for securing big data environments
Big data environments create significant opportunities along with security challenges. There are risks and threats to the repositories containing data, much of which is financial, personal, intellectual property or sensitive data and subject to compliance regulations. Learn tips on how to secure big data environments.
Last updated: 09 Oct 2012
Protect data in physical and virtual infrastructures
The growth of virtualization has fundamentally changed the data center and raised numerous questions about data security and privacy. In fact, security concerns are the largest barrier to cloud adoption. Read this e-Book and learn how to protect sensitive data and demonstrate compliance
Last updated: 28 May 2012
Unifying Data Security and Integrity: Reduce Risk, Lower Costs
It is no longer viable or economical for IT to continue handling data security and maintaining integrity in a fragmented manner. IT can unify these tasks across functional disciplines and platforms to more effectively mitigate risk while reducing costs. This in-depth guide shows you how.
Last updated: 14 May 2012
Manage compliance and protect enterprise data
Organizations struggle to prioritize the multitude of compliance mandates and create data security policies to satisfy these requirements and protect their most sensitive data.
Last updated: 23 Apr 2012
Protecting against database attacks and insider threats
This eBook examines the top 5 scenarios and the essential best practices for preventing database attacks and insider threats. Organizations who adopt a proactive approach will require a comprehensive database security solution that can help them reduce compliance complexity
Last updated: 23 Mar 2012
Brochures
Protect your SAP data environment with IBM InfoSphere Guardium
Learn how IBM® InfoSphere® Guardium® solutions secure SAP database environments and help your organization monitor user activity to detect and respond to fraud, without causing a large-scale disruption of IT operations.
Last updated: 01 Mar 2013
Case studies
Santiago Stock Exchange Video ... Santiago Stock Exchange maintains database security with IBM InfoSphere Guardium
Andrés Araya Falcone, Chief Information Office, Santiago Stock Exchange, explains the value of IBM InfoSphere Guardium for maintaining database security and protecting client data from unauthorized access.
Last updated: 28 Jun 2012
Data Privacy in Telecommunications
Case Study: Implementing Database Activity Monitoring for a Major International Telecommunications Company
Last updated: 31 Jan 2011
Data Security and Compliance in Healthcare
Case Study: Implementing database activity monitoring and auditing in a leading healthcare payer organization
Last updated: 31 Jan 2011
Data sheets
IBM InfoSphere Guardium Appliances
IBM xSeries-based x2000 InfoSphere Guardium Appliances provide outstanding performance for all InfoSphere Guardium applications. Read how Guardium Appliances can help boost performance, improve scalability, and reduce costs.
Last updated: 08 May 2013
IBM InfoSphere Guardium for federal information systems
Escalating threats to federal information systems have most agencies moving aggressively to protect data and meet compliance requirements. InfoSphere Guardium Data Activity Monitor is a simple,scalable solution for centralizing and automating the controls needed to protect sensitive data.
Last updated: 08 May 2013
IBM InfoSphere Guardium Data Activity Monitor
Continuously monitor data access and protect sensitive data across the enterprise with IBM InfoSphere Guardium Data Activity Monitor—a robust solution for assuring the security and integrity of data in heterogeneous environments such as databases, data warehouses, file shares and big data platforms.
Last updated: 25 Apr 2013
IBM InfoSphere Guardium Vulnerability Assessment
IBM InfoSphere® Guardium® Vulnerability Assessment helps harden database infrastructures. It detects vulnerabilities and identifies threats and security holes in databases or the underlying operating system which could be exploited by intruders and hackers to gain access to sensitive data.
Last updated: 17 Apr 2013
IBM InfoSphere Guardium for z/OS
The IBM InfoSphere Guardium data security solution helps to lower the costs and risks of compliance, security and audit — using proven z/OS technology. It offers a simple, yet powerful, means of securing critical data throughout the enterprise.
Last updated: 21 Jan 2013
IBM® InfoSphere™ Guardium® Data Redaction
How secure is your sensitive information?
Last updated: 17 Aug 2012
IBM InfoSphere Guardium Data Encryption - Protect sensitive data against theft, misuse and exposure
IBM InfoSphere Guardium Data Encryption is designed to help organizations safeguard data in both online and offline environments.
Last updated: 27 Mar 2012
Demos
IBM InfoSphere Guardium database activity monitoring
Organizations across the globe continue to experience compromised data caused by malicious attacks, web application vulnerabilities or unauthorized changes.
Last updated: 29 Mar 2012
Magazines
A Proactive, Preventative Approach to Compliance and Security
Lower risk through a proactive approach to compliance and security. http://www.ibmsystemsmag.com, Sept. 2011.
Last updated: 09 Sep 2011
Guardium 7 – database security review, by David Mitchell, IT PRO
The Verdict: 5 Stars With database attacks on the increase Guardium can make sure businesses don’t get caught with their pants down.
Last updated: 25 Feb 2009
Network Security Against Today's Threats - Guardium 7 Product Review, by Samara Lynn, CRN ChannelWeb
Guardium’s database security may contain the most powerful compliance regulations tools that the Test Center has ever seen.
Last updated: 09 Jan 2009
Podcasts
Managing the lifecycle of your JD Edwards applications and data with Cynthia Babb, WW Product Marketing, IBM Software Group
This year, a significant number of JD Edward users are facing loss of support from Oracle. That means an upgrade and/or a migration. In this podcast, we will explore these challenges and the best practices JD Edwards users should implement to address them.
Last updated: 21 May 2013
Building security into big data podcast
Big data environments allow organizations to aggregate and share multitudes of data — much of which is sensitive data that must be protected. Listen to this podcast and learn how to build security and privacy into your big data platform using three key foundational pillars.
Last updated: 11 Mar 2013
Assess the Security of Your Database Environment
IBM InfoSphere Guardium Database Vulnerability Assessment provides ongoing evaluation of database security configurations. Learn how Guardium Database Vulnerability Assessment software performs security assessments, helps with compliance, and protects against data breaches.
Last updated: 09 Mar 2013
One Step Closer to Making Data Breaches a Thing of the Past
Databases contain some of an organization’s most valuable assets and have become the primary target of attacks. This podcast discusses how to prevent hacking or theft of your data that is stored on DB2 for z/OS and other database platforms with IBM InfoSphere Guardium.
Last updated: 28 Jan 2013
Ensure PCI DSS Compliance with Real-Time Database Security & Monitoring
Financial organizations struggle with PCI DSS compliance, especially with the requirements to “track and monitor” and “protect cardholder data.” IBM InfoSphere Guardium can help assure payment card industry data security standard compliance with real-time database security and monitoring.
Last updated: 25 Jan 2013
How to apply InfoSphere Guardium to the Big Data world
Ron Ben Natan discusses how you can apply IBM InfoSphere Guardium to the world of big data, specifically to Hadoop environments.
Last updated: 25 Oct 2012
Introducing Guardium V9 podcast
IBM InfoSphere Guardium V9 protects sensitive data and ensures compliance in unstructured Hadoop big data environments and expands integration and automation to further reduce total cost of ownership in large enterprises.
Last updated: 09 Oct 2012
Top tips for securing big data podcast
Organizations are generating more data now compared to any other point in history, yet they don’t fully understand how to protect it.
Last updated: 09 Oct 2012
Who is watching big data? Monitor and secure data streams
In this audio podcast, learn the key challenges of securing sensitive information in big data environments where volume, velocity and variety of data must be monitored, protected and analyzed while streaming across the enterprise.
Last updated: 09 Oct 2012
InfoSphere Guardium Data Redaction v2.5
In this podcast, learn about the new capabilities of IBM® InfoSphere® Guardium® Data Redaction for safeguarding and removing sensitive information contained in documents, forms, spreadsheets, images and other unstructured data sources while facilitating information sharing for business use.
Last updated: 01 Oct 2012
Ensure compliance with data security and privacy protection
Learn how you can address database security and privacy requirements to ensure compliance with IBM InfoSphere data security and privacy solutions.
Last updated: 29 Mar 2012
Optimizing database infrastructures with InfoSphere Guardium
In this audio podcast, learn how IBM InfoSphere Guardium solutions optimize the database infrastructure by providing database security and auditing capabilities to protect sensitive data, meet compliance requirements as well as boost the efficiencies and effectiveness of the supporting infrastructure.
Last updated: 29 Mar 2012
Securing critical enterprise data in cloud and virtualized environments
Whether it is a physical data center, a virtualized data center, or a private cloud, the fundamental information security principles do not change, but control considerations do.
Last updated: 29 Dec 2011
Databases Under Attack
If your databases containing sensitive data were breached by hackers with compromised credentials - would you know? And could you prove it to your auditors?
Last updated: 19 Dec 2011
Automation of sensitive data identification and redaction
In this podcast, we will discuss processes for automatically recognizing sensitive information within different document types and layouts and securely removing or redacting it.
Last updated: 31 Aug 2011
Free Your Documents
In this podcast, we will discuss why access control and encryption are not enough!
Last updated: 31 Aug 2011
Product documentation
InfoSphere Guardium S-TAP for IMS on z/OS
Version 8 Release 2 User's Guide SC19-3344-00
Last updated: 09 Sep 2011
InfoSphere Guardium S-TAP for VSAM on z/OS
Version 8 Release 2 User's Guide SC19-3346-00
Last updated: 09 Sep 2011
Solution sheets
IBM InfoSphere Guardium 9.0
Manage the entire data security and compliance life cycle for enterprise systems
Last updated: 04 Feb 2013
Improve Your Data Security and Compliance Strategy
A holistic approach to data protection
Last updated: 19 Oct 2012
Videos
IBM InfoSphere Guardium for big data
Meet big data security challenges with IBM InfoSphere Guardium
Last updated: 16 Jan 2013
IBM Infosphere Guardium for System z - A proactive, preventative approach to security, audit and compliance
Databases contain personal, financial and sensitive info, thus remaining the #1 target for hackers and data breaches. IBM System z platform provides unprecedented security with InfoSphere Guardium, enabling organizations to take a proactive approach to security, audit and compliance.
Last updated: 25 Jan 2012
Best Practices for Database Security, Information Governance & Compliance
Learn about best practices for protecting against SQL injection attacks; unauthorized access by both privileged users and outsourced DBAs; database vulnerabilities; and changes to security configurations.
Last updated: 09 Aug 2011
Webcasts
IBM X-Force 2012 Data Breach Trend Report: Issues and Solutions webcast
Cyber attacks continue to grow in volume and sophistication — relentlessly evolving to bypass traditional IT defenses. Michael Hamelin of IBM X-Force® Advanced Research presents an in-depth analysis of recent public vulnerability disclosures and discusses important lessons learned.
Last updated: 17 May 2013
Why big data doesn't have to mean big security challenges
IBM® InfoSphere® Guardium® v9 helps organizations protect their sensitive data in real-time against internal and external threats by continuously monitoring access to heterogeneous databases including data warehouses, big data and file shares.
Last updated: 01 Feb 2013
How to build data security into big data environments
Watch this webcast and find out how you can apply the same fundamentals used in securing databases, data warehouses and file share systems for securing Hadoop-based environments to prevent data leaks, ensure the integrity of information and automate compliance controls.
Last updated: 19 Nov 2012
A Risk Based Approach to Data Security
To safeguard business critical data, you need to understand the risks to the data, databases and other data repositories. This webcast focuses on how to minimize risk exposure and impact of breaches and unauthorized access, as well as how to quantify and remediate database security risks.
Last updated: 12 Sep 2012
IBM X-Force 2011 Trend Report: Combat data security threats
This webcast reviews results of the "IBM X-Force 2011 Trend and Risk Report," an in-depth analysis of public vulnerability disclosures and events. Learn about increases in key areas of attack activity and how to combat them, including: cybercriminal activity, SQL attacks and more.
Last updated: 23 May 2012
Database Security and Privacy: A key component to passing your compliance audit
Continually faced with new regulations and auditing requirements, how can you be prepared before the auditor comes knocking? In this presentation, learn how securing your databases and protecting your sensitive data can help you pass compliance audits.
Last updated: 23 Feb 2012
Addressing PCI for Databases: Beyond Encryption and Log Management
PCI databases handle millions of transactions per day—making it impractical to implement native database logging and auditing. PCI Reqt. 10 (Track & monitor access to cardholder data) is considered to be the most challenging requirement. In this webinar.
Last updated: 21 Dec 2011
Cybercrime Insights: 2011 Data Breach Investigations Report from Verizon Business & the U.S. Secret Service
"Check out this technical webcast to learn about critical trends in data theft and proven strategies for safeguarding your company’s sensitive data from cybercriminals and rogue insiders."
Last updated: 30 Sep 2011
Compliance best practices for Oracle E-Business Suite, PeopleSoft and SAP
"Auditors often focus on Oracle EBS, PeopleSoft, SAP and other enterprise applications because they contain sensitive data for SOX, PCI, HIPAA/HITECH, FISMA2 and other regulations. Watch this Webcast to learn how to pass audits faster and with less effort, via automated reporting for common violations."
Last updated: 30 Aug 2011
Reconciling Openness with Privacy: How Automated Data Redaction supports Data Privacy within IBM ECM
Learn how automated data redaction can help your company comply with privacy initiatives.
Last updated: 11 Aug 2011
Preventing Database Breaches: Insights from Independent Research on Database Auditing and Real-time Protection
Preventing database breaches and unauthorized access to sensitive data by hackers, outsourced personnel and privileged users, such as DBAs, has become vital for organizations. Watch this webcast and learn why database auditing and real-time protection is a critical component in building a successful data security strategy.
Last updated: 12 Jul 2011
From Stuxnet to SQL Injection: HOWTO Safeguard Against the Latest Cyber-Threats
Learn about the security landscape and get the latest results from the newly-released “IBM X-Force 2010 Trend and Risk Report" in this On Demand Webcast.
Last updated: 20 Jun 2011
Top Scenarios for Real-Time Database Security & Monitoring
Insider threats, high-profile data breaches, regulatory compliance demands -- learn how Guardium can help.
Last updated: 24 Mar 2011
HOWTO Secure Oracle 10g and 11g: Hardening the Database
Learn how to eliminate security risks by removing features you don’t need and securely configuring databases using industry best practices and benchmarks.
Last updated: 01 Mar 2011
HOWTO Assess Your Database Vulnerabilities and Protect Your Most Sensitive Data
An Information Week & Dark Reading Webcast sponsored by IBM InfoSphere Guardium
Last updated: 18 Feb 2011
Securing Sensitive Data in the Healthcare Industries
Learn about the impact of database security and compliance standards in the healthcare industry
Last updated: 27 Jan 2011
Look beyond database auditing to improve security, audit visibility and real time protection
A Forrester Consulting Study commissioned by IBM. This Forrester Consulting study provides real-world findings from in-depth interviews with 15 enterprises that have implemented database auditing and real-time protection solutions
Last updated: 01 Jan 2011
Best Practices for Database Security & Compliance with Noel Yuhanna, Forrester
Phil Neray, Guardium VP, will show you how Guardium customers are achieving rapid ROI by replacing manual database logging with automated and centralized controls for heterogeneous DBMS environments, including application-layer monitoring to identify fraud.
Last updated: 01 Apr 2010
Creating a Database Security Plan -- Why Database Security is No Longer Sufficient
View this on-demand webcast featuring Noel Yuhanna, Principal Analyst and database security expert at Forrester Research Inc to learn
Last updated: 01 Apr 2010
Cybercrime Insights from the 2010 Verizon Data Breach Investigations Report
View this on-demand webcast featuring Noel Yuhanna, Principal Analyst and database security expert at Forrester Research Inc to learn: **Why AAA and basic security are no longer sufficient **Why 60% of internal database threats go undetected and more...
Last updated: 01 Apr 2010
Databases at Risk – and HOWTO Address Them
View this on-demand webcast featuring Jon Oltsik, Principal Analyst at ESG, as he discusses these survey findings and learn what your peers are saying about the state of database security. Jon also discusses best practices for securing corporate databases
Last updated: 01 Apr 2010
Data Protection: How security needs differ between industries
In this podcast, Phil Neray, VP of Security Strategy for Guardium, an IBM Company, talks about how the data security needs of a financial services company differ from those of a power company – and where to find common ground.
Last updated: 01 Apr 2010
How Dell IT Simplified Database Security for SOX, PCI, SAS 70
Learn how to simplify database security and compliance - without impacting performance or creating more work for your DBAs and security teams
Last updated: 01 Apr 2010
White papers
Protecting your critical data with integrated security intelligence
Extend security intelligence with data security insights. Combine the IBM QRadar Security Intelligence Platform with the robust data security capabilities of IBM InfoSphere Guardium to prevent attacks, ensure compliance and reduce the overall costs of security management.
Last updated: 08 May 2013
Three guiding principles to improve data security and compliance
The information explosion, growing user volumes and emerging sophisticated threats require a more proactive and systematic approach to data security. Read how three guiding principles can help organizations protect data (no matter where it resides) and meet compliance mandates with confidence.
Last updated: 19 Oct 2012
Understanding holistic database security: 8 steps to successfully securing enterprise data sources
This paper discusses the eight essential best practices that provide a holistic approach to safeguarding data sources and achieving compliance with key regulations, such as SOX, PCI DSS, GLBA and data protection laws.
Last updated: 08 Oct 2012
InfoSphere Guardium Data Redaction: Reconciling openness with privacy
Provide fine-grained protection for sensitive unstructured data to achieve regulatory compliance and reduce risk.
Last updated: 17 Aug 2012
Protect enterprise data at rest with encryption, access controls and auditing
Data security threats and related incidents, such as breaches, can harm any organization. Private and confidential information is sought after for profit, business advantage, malicious use and both industrial and government espionage.
Last updated: 13 Dec 2011
Protect payment card data to help ensure compliance
Solution scenario: IBM InfoSphere Solutions for data security and privacy. Growing financial institution tackles PCI DSS compliance through a seven-step approach and IBM® InfoSphere® Solutions for data security and privacy.
Last updated: 13 Dec 2011
Supporting HIPAA compliance with need-to-know access to sensitive medical information
This white paper walks through an example scenario of how a growing insurance company uses IBM® InfoSphere® Solutions for data security and privacy to help achieve HIPAA compliance.
Last updated: 01 Dec 2011
Implementing Database Security and Auditing: Chapter 4 - Authentication and Password Security
Learn best practices and techniques involving authentication and user account management, password strength and password profiles, as well as user account/password maintenance.
Last updated: 04 Nov 2011
IBM InfoSphere Guardium Data Encryption: Help secure and protect SAP data
This paper describes the unique challenges involved in securing SAP data. It highlights and compares the various technologies that can be used to secure SAP data along with the trade offs posed by the different approaches.
Last updated: 16 Sep 2011
HOWTO Secure and Audit Oracle 10g and 11g: Account Security
Download the Chapter “Account Security,” to learn best practices and techniques for securing your Oracle database environments.
Last updated: 09 Aug 2011
InfoSphere Guardium Encryption Expert - Meeting encryption and access control requirements for the Payment Card Industry Data Security Standard
IBM® InfoSphere™ Guardium® Encryption Expert is an essential tool for any company that must comply with the PCI DSS. InfoSphere Guardium Encryption Expert is a cost-effective and easy-to-manage solution for high-speed data encryption of data both online and offline.
Last updated: 01 Feb 2011
HOWTO Secure and Audit Oracle 10g and 11g: Chapter 6 - Authentication
Ultimate guide for providing HOWTO information for security and audit best practices for Oracle--bridging the gap between those who install and configure security features and those who secure and audit them.
Last updated: 10 Mar 2009
HOWTO Secure and Audit Oracle 10g and 11g: Hardening the Database
Learn how to choose a hardening guideline, use a vulnerability assessment tool, create and maintain a secure configuration baseline.
Last updated: 10 Mar 2009
Implementing Database Security and Auditing: Auditing Categories
Learn which audit logging trails you need to address key security and compliance requirements
Last updated: 01 Dec 2005
Implementing Database Security and Auditing: Getting Started
Learn about hack-proofing your databases, tracking security vulnerabilities, the anatomy of buffer overflow vulnerabilities, why database auditing is important.
Last updated: 01 Dec 2005