Catalog Navigator

IBM Guardium 11 introduces risk spotter, a semi-automatic process that hones in on the most risky users and the most risky databases. This dynamic risk assessment considers all risk factors, including but not limited to: outliers, vulnerability, volume of activities, access to sensitive data, type of commands (privileges). It scans unmonitored users and databases beyond your current policies to spot previously unmonitored risks, and it suggests proactive actions.

The IBM Guardium 11 active threat analytics dashboard shows potential security breach cases, based on the outlier mining process and on identified attack symptoms. In this video, you see how to use the dashboard to view cases, investigate them, and take action.

In this session from Virtual Master Skills University, David Rozenblat covers Analytics, Security Analytics, and Predictive Analytics in Guardium, including quick search outliers, investigation dashboard, outlier detection (over long term), and case studies (malicious stored procedure, SQL).

The IBM Security Guardium Active Threat Analytics dashboard shows potential security breach cases based on the outlier mining process and on identified attack symptoms. In this dashboard, you can view and investigate cases, and take actions on individual cases.

As Guardium monitors data activity, the outlier mining engine also works in the background every hour to identify attack symptoms. You use the Active Threat Analytics dashboard to view cases, investigate cases and take actions, and minimize the chances of an attack or malicious activity.

Risk Spotter is a first of its kind technology, changing the security paradigm to an artificial intelligence data protection policy. It uses a holistic algorithm to dynamically assess risk factors and it uses a smart algorithm to identify potential risks across your entire system.

In this lab, you explore the Active Threat Analytics and Risk Spotter dashboards to:

• Investigate existing and new threats
  
• Analyze risky users
  
• Create a ticket in ServiceNow

IBM Security Guardium provides deployment health tools to help you visualize and gather information about problems that affect the central manager, collectors, aggregators, S-TAP and GIM agents, and inspection engines. 

Different tools provide different views into the health of your Guardium deployment. Some tools, such as the Deployment Health topology view, show the data flow relationships between various components. Others, such as the Deployment Health table, provide insight into issues that affect numerous components across your deployment. Others, such as the Deployment Health dashboard provides charts that summarize data and allow you to drill down to explore issues in greater detail.

In this lab, you explore various Guardium deployment health tools. You search for common issues, such as resource availability, a problem with K-TAP loading, changes in S-TAP agents and inspection engines, or with version control of GIM and S-TAP agents.