Starting with version 10.6, Guardium has a new policy builder. This builder incorporates many of the 10.x design features, including a format that presents configuration options as sections, and an intuitive, step-by-step guide to create and configure the policy.

Franklin Almonte

A policy is a key component of your data security strategy. To keep your data secure, you must implement rules that monitor, log, and control data.  In this course, you learn how to create, install, and modify IBM Security Guardium policies and policy rules that control data access.

This video is based on Guardium 11.2.

Objectives 

• Create, install, and test a Guardium policy
  
• Modify a Guardium policy and policy rule
• Add rules to a Guardium policy
• Test a reinstalled Guardium policy
  

Polices are a core component of the Guardium Solution. Policies are sets of rules and actions applied in real time to the database traffic observed by a Guardium system. Policies define which traffic is ignored or logged, which activities require more granular logging, and which activities should trigger an alert or block access to the database.  Therefore, it is critical to develop strategies and techniques associated with polices to maintain a healthy Guardium ecosystem while meeting business requirements. This course consolidates every Guardium policy course on the Security Learning Academy, which provides you with practical knowledge and hands-on experiences to help you develop effective and efficient Guardium polices in your environment. 

In this course, you learn about creating, installing, and tuning Guardium polices through various related videos and labs. In addition, you learn about policy strategy, recommended practices when designing your polices, and advanced policy techniques.

Franklin Almonte

Lou Fuka

Avi Waleruis

Guardium 11 introduces Policy Analyzer, which provides rule counts for installed Data Access Management (DAM) policy rules.

Guardium File Activity Monitoring provides tools to discover, classify, and build policies for files. In this lab, you use the Quick Search GUI window to find files that contain sensitive information, select a set of these files, and create a policy that monitors attempts to access these files.

This lab is useful for Guardium users and administrators who need to monitor access to files that contain sensitive information. The lab is based on Guardium version 10.5.

Guardium Data Security policies help flag suspicious database activity. When you configure policy rules to ignore trusted database activity, you can reduce the load on the network and Guardium managed units. In this  lab, you create a policy with rules to discard trusted activity and flag untrusted activity.

The lab environment reflects Guardium 10.5.

Policy actions are key components of Guardium polices and are critical to policy strategy and tuning. This interactive video introduces you to common blocking actions, alerting actions, and logging actions. It also includes general tips about using policy rule actions.

Franklin Almonte

Organizations have many goals for monitoring data servers. These goals require many rules, some of which  apply to a broad set of data servers, and some of which might apply to only one or a few data servers.

In this video, you learn how to organize these rules into a series of policies to optimize maintainability.

Starting with version 10.6, IBM Guardium features special policies that work at the session level. These policies are installed and processed before standard data-security policies, and respond to information that is available at the beginning of a database session. This feature allows quicker processing and response. In this lab, you create and test a session-level policy. 

Franklin Almonte

Peak database traffic periods can overload monitoring solutions. The Guardium flat log policy provides a way to defer analysis and logging of traffic to off-peak periods. In this video series, you learn about the flat log policy and how it can help you avoid resource overload.

IBM Guardium policy rules fall into three categories:

• Access rules
• Extrusion rules
• Exception rules

In this video series, you  learn about the three types of rules , what criteria and actions are associated with each type, and some of the uses for each type of rule.

IBM Guardium provides powerful functions you can use to monitor and control database access. Guardium can terminate sessions performing suspicious database access commands and even quarantine suspicious users. In this lab, you explore the session termination and quarantine functionality.

The lab environment reflects Guardium 10.5.

Using IBM Guardium, you can create policies to monitor access to unstructured data, such as that found in files, as well as structured data, such as that found in databases. In this lab, you learn how to create and install policies to monitor files. Then you modify the FAM policy and add a rule that prevents a group of users from copying a file.

Guardium policies often have multiple rules. By default, after a rule is triggered, processing stops. If you do not want to stop processing after the first rule triggers, you must configure your policy to continue to the next rule. In this lab, you configure and test a policy to examine the continuation functionality.

The lab environment reflects Guardium 10.5.

Louis Fuka

With Guardium, you can set up rules that automatically terminate database sessions when Guardium detects improper data access, limiting the damage from hostile attacks on your database.

In this videos, you learn how to configure the S-TAP agent and create policy rules to take advantage of S-GATE functionality.

Guardium policies are powerful resources to monitor your data environment. However, due to the large amount of data activity in a database production environment, you must configure your policy carefully to filter out innocent traffic.

Guardium data security policies help flag suspicious database activity and events. In this virtual lab, you create a policy that will detect and alert on database login failures that occur multiple times over a short time period.

Franklin Almonte

Guardium 10.x includes functionality you can use to monitor file activity. In this course, you view the discovery and classification capabilities of the file activity monitoring (FAM) tools and learn how to set up a blocking rule to prevent someone from deleting files in a directory and logs the attempt. You also learn how to create and install policies to monitor files.

In this session from Virtual Master Skills University 2020, Yosef Rozenblit shares how to best use and manage policies and groups and discusses the overall impact on logging and performance. 

It is easy to use the predefined alerts in Guardium. In this course, you to learn about the different Guardium alert types and how to use them to monitor your Guardium ecosystem.

In this video, you see how to check the Guardium policy for actions that can fill the database.  This is an important step in preventing database full issues.