IBM Guardium 11 introduces risk spotter, a semi-automatic process that hones in on the most risky users and the most risky databases. This dynamic risk assessment considers all risk factors, including but not limited to: outliers, vulnerability, volume of activities, access to sensitive data, type of commands (privileges). It scans unmonitored users and databases beyond your current policies to spot previously unmonitored risks, and it suggests proactive actions.

The IBM Guardium 11 active threat analytics dashboard shows potential security breach cases, based on the outlier mining process and on identified attack symptoms. In this video, you see how to use the dashboard to view cases, investigate them, and take action.

In this session from Virtual Master Skills University, David Rozenblat covers Analytics, Security Analytics, and Predictive Analytics in Guardium, including quick search outliers, investigation dashboard, outlier detection (over long term), and case studies (malicious stored procedure, SQL).

The IBM Security Guardium Active Threat Analytics dashboard shows potential security breach cases based on the outlier mining process and on identified attack symptoms. In this dashboard, you can view and investigate cases, and take actions on individual cases.

As Guardium monitors data activity, the outlier mining engine also works in the background every hour to identify attack symptoms. You use the Active Threat Analytics dashboard to view cases, investigate cases and take actions, and minimize the chances of an attack or malicious activity.

Risk Spotter is a first of its kind technology, changing the security paradigm to an artificial intelligence data protection policy. It uses a holistic algorithm to dynamically assess risk factors and it uses a smart algorithm to identify potential risks across your entire system.

In this lab, you explore the Active Threat Analytics and Risk Spotter dashboards to:

• Investigate existing and new threats
  
• Analyze risky users
  
• Create a ticket in ServiceNow