Guardium Courses:

Guardium Tech Talk: Making cloudy skies clear again: What can you do with Guardium Data Protection in the cloud?

This Tech Talk discusses how to use IBM Guardium Data Protection to address Cloud data security issues including:

  • IaaS Solution: Multi-Cloud Protection
  • Backup/Restore Additions
  • Amazon RDS: Discovery
  • Roadmap, Resources, and Questions

Guardium auto create inspection engines

In this video, Guardium expert Glenn Weidner demonstrates enhancements to Guardium 11.2 auto create inspection engines, including scheduler user interface, rules results report, report only mode, and alerts.

Discussion and Demonstration of Guardium Vulnerability Assessment

This course covers why Vulnerability Assessment is critical, what it is, how Guardium addresses it, and discusses and demonstrates using Guardium Vulnerability Assessment.

Guardium Vulnerability Assessment Demonstration

This video provides a short demonstration of Guardium Vulnerability Assessment v10. 

How to install GUI certificates in Guardium

This course contains a step by step guide for installing a Guardium GUI certificate signed by an internal organization certificate authority.

Finding vulnerabilities with Guardium Vulnerability Assessment

This course demonstrates how to use Guardium Vulnerability Assessment to locate various security risks in your environment.

What's new in Guardium 11.2

In this video, Shay Harel, Director of Data Security Engineering, explores the new features and updates in IBM Guardium v11.2.

Topics include:

  • Deployment Health
  • Asset reconciliation  
  • LDAP import
  • 2FA using DUO
  • FAM enhancements
  • Auto create inspection engine
  • GIM upload modules
  • Active threat detection
  • Vulnerability Assessment enhancements 
  • Ticketing support for audit process 
  • S-TAP updates 
  • Outliers clustering
  • Session Level Policy updates
  • ELB failover

Create a Guardium File Activity Monitor dashboard and report

File activity monitoring (FAM) includes two major components. The first component discovers and classifies files stored in the file system, and the second component is the activity monitor. It extracts the security policy from the appliance and enforces it on file activity in real time. 

In this lab, you view the settings necessary to perform file access monitoring, create a dashboard and add a file entitlement report, and then perform some file operations to view how the FAM functionality reacts to changes.

Franklin Almonte, Guardium 10.5

Upgrading to Guardium 11

In this video, Vlad Langman, L3 Engineering Manager, discusses best practices for upgrading to Guardium 11.

Guardium inspection engine management for discovered databases

You can configure IBM Security Guardium to discover databases that are created on both Windows and UNIX systems. In many cases, you might want Guardium to create and run inspection engines on all newly discovered databases. However, there are scenarios in which you want to control when and how Guardium creates new inspection engines. In these cases, Database Discovered Instances Rules, which is available in Guardium 11.2, provides a way to manage inspection engine creation. You can configure Discovered Instances Rules from a central manager in a managed environment or on a stand-alone system.

In this lab, you use the Database Discovered Instance Rules to specify how to manage inspection engines for discovered databases.

This type of configuration requires Guardium 11.2 or higher.

Franklin Almonte

Guardium database vulnerability assessment

The Guardium Vulnerability Assessment application enables organizations to identify and address database vulnerabilities in a consistent and automated fashion. The assessment process in Guardium evaluates and recommends actions to improve the health of your database environment. In this lab, you learn how to configure and run a database vulnerability assessment.

This lab environment reflects Guardium 10.5.

Franklin Almonte

Archiving Guardium Data

In this video, you learn how to configure the Guardium archive.

Build Your First Guardium App Using the New Ecosystem Technologies

Guardium 10.5 includes an ecosystem to extend and enhance your current Guardium deployment with new capabilities. Guardium apps are the centerpiece of the ecosystem, allowing you to augment and enrich your current Guardium system. You can create your own Guardium apps or download and install shared apps created by IBM, business partners, or other Guardium customers.

In this tech talk, John Haldeman from Information Insights will share his experiences using the Guardium Ecosystem and demonstrate how to:

- Create a Guardium app using the Software Development Kit (SDK)

- Deploy your app on your Guardium appliance

- Share your app on the IBM Guardium App Exchange

Tour Guardium on the Security Learning Academy

Join the IBM Security Learning Services team for an in-depth tour of the Security Learning Academy, with a focus on IBM Security Guardium course offerings. In this video, you will see how to navigate the platform, search the course catalog, enroll in a course, view your enrollments on your dashboard, create progress reports, and see how Security Learning Academy is integrated with IBM VIP Rewards for Security.

Clone a Guardium query and report

Guardium provides over 600 preconfigured reports. As well as being useful in themselves, these reports can serve as templates to create a report customized to your specific needs. This saves time and effort. In this course, you clone a Guardium query. Then, you customize the fields and conditions of this query and generate a report from the new query.

The lab environment reflects Guardium 10.5.

Lou Fuka

Create a Guardium policy from file activity discovery and classification results

Guardium File Activity Monitoring provides tools to discover, classify, and build policies for files. In this lab, you use the Quick Search GUI window to find files that contain sensitive information, select a set of these files, and create a policy that monitors attempts to access these files.

This lab is useful for Guardium users and administrators who need to monitor access to files that contain sensitive information. The lab is based on Guardium version 10.5.

Create a Guardium query and report

Guardium gathers a large amount of data about your database environment. You use reports and queries to learn the details of your data security environment. In this virtual lab, you create a dashboard, simple query, and report that is used to examine user data you generate.

The lab environment reflects Guardium 10.5.

Franklin Almonte

Create Guardium policy to log file activity

Using IBM Guardium, you can create policies to monitor access to unstructured data, such as that found in files, as well as structured data, such as that found in databases. In this lab, you learn how to create and install policies to monitor files. Then you modify the FAM policy and add a rule that prevents a group of users from copying a file.

Create Guardium reports with drill-down capabilities

Guardium contains a powerful tool that links related reports. Users can click report entries and view a list of other reports that provide more granular information related to the entry. In this lab, you create a drill-down report to extend the capabilities of existing reports. Then, you test your new report.

This lab environment reflects Guardium 10.5.

Franklin Almonte

Creating a Guardium policy that ignores trusted user session database activity

Guardium Data Security policies help flag suspicious database activity. When you configure policy rules to ignore trusted database activity, you can reduce the load on the network and Guardium managed units. In this  lab, you create a policy with rules to discard trusted activity and flag untrusted activity.

The lab environment reflects Guardium 10.5.

Creating and populating Guardium groups

Guardium 10.1.4 includes a new group builder application that  provides powerful tools you can use to add users to a group  and review  which resources use a given group. In this course, you learn to how to build and populate Guardium groups.

Louis Fuka

Deploying the external S-TAP on AWS EKS using the Guardium UI

This video demonstrates the process of deploying the Guardium external S-TAP on Amazon Web Services (AWS) Elastic Kubernetes Service (EKS) in order to monitor AWS cloud databases with Guardium.

Deploying the Guardium S-TAP Agent

Guardium S-TAP is a lightweight software agent installed on database servers. S-TAP agents collect the data that are used by traffic reports, alerts, and visualizations. S-TAP agents also enact certain policy rules.

In this lab, you install the S-TAP agent on a database server using the Guardium Installation Manager (GIM) and Guardium GUI.

Deploying the Guardium virtual appliance

Guardium is available as a hardware and software offering. The hardware offering is a physical appliance that is fully configured by IBM. The software offering consists of software images that are deployed on customer hardware directly or as virtual machines.

Most organizations use the software offering to deploy Guardium because they can take advantage of virtualization. The Guardium Virtual Machine (VM) is a software-only solution that you install on a host hypervisor machine such as VMware ESXI server.

In this lab you create a virtual machine, install the Guardium image, and perform basic configuration steps to connect the appliance to the network.

Author: Franklin Almonte

Deployment Guide for InfoSphere Guardium

This IBM Redbooks® publication provides a guide for deploying the Guardium solutions.

This book also provides a roadmap process for implementing an InfoSphere Guardium solution that is based on years of experience and best practices that were collected from various Guardium experts. We describe planning, installation, configuration, monitoring, and administrating an InfoSphere Guardium environment. We also describe use cases and how InfoSphere Guardium integrates with other IBM products.

Detect database login failures with Guardium

Guardium data security policies help flag suspicious database activity and events. In this virtual lab, you create a policy that will detect and alert on database login failures that occur multiple times over a short time period.

Franklin Almonte

Dos and Don'ts of Guardium GPU patch installation

This video provides an example of installing a Guardium GPU patch; highlighting good practices and tips for the install.

Enabling IP-to-Hostname Aliasing

In this video, you learn how to enable IP-to-Hostname alias mapping.

Explore active threat analytics in Guardium 11

The IBM Guardium 11 active threat analytics dashboard shows potential security breach cases, based on the outlier mining process and on identified attack symptoms. In this video, you see how to use the dashboard to view cases, investigate them, and take action.

Facilitating secure hybrid cloud adoption with Guardium

Learn how IBM Security Guardium helps organizations expand data protection capabilities across hybrid/multi-cloud deployment models and take advantage of fast-paced innovation delivered through cloud-enabled services securely.

There is a fundamental shift in the way IT is providing services through modernized infrastructure and SecDevOps driven operational models. This shift, in turn, is affecting all the facets of application management, including the way organizations use and consume next-generation database management solutions.

Topics covered
  • Cloud trends
  • Database service use cases
  • Cloud journey
  • Data protection
  • External-TAP
  • Native logging
  • Streaming APIs
  • Considerations
  • Adoption
  • Guardium for database services

  • File Activity Monitoring using Guardium

    Guardium 10.x includes functionality you can use to monitor file activity. In this course, you view the discovery and classification capabilities of the file activity monitoring (FAM) tools and learn how to set up a blocking rule to prevent someone from deleting files in a directory and logs the attempt. You also learn how to create and install policies to monitor files.

    Getting started with Guardium alerts

    It is easy to use the predefined alerts in Guardium. In this course, you to learn about the different Guardium alert types and how to use them to monitor your Guardium ecosystem.

    Guardium sample roles

    In IBM Security Guardium, you use roles to grant access to Guardium resources, applications, and accelerators. This guide discusses the sample user roles such as Basel II, PCI, SOX, and GDPR to name a few. For each role, you learn the purpose of the role, the applications that the role has access to, and what the default user desktop that is associated with the role looks like.

    Getting started with Guardium policy actions

    Policy actions are key components of Guardium polices and are critical to policy strategy and tuning. This interactive video introduces you to common blocking actions, alerting actions, and logging actions. It also includes general tips about using policy rule actions.

    Franklin Almonte

    Create, install, and update a Guardium policy

    A policy is a key component of your data security strategy. To keep your data secure, you must implement rules that monitor, log, and control data.  In this course, you learn how to create, install, and modify IBM Security Guardium policies and policy rules that control data access.

    This video is based on Guardium 11.2.


    • Create, install, and test a Guardium policy
    • Modify a Guardium policy and policy rule
    • Add rules to a Guardium policy
    • Test a reinstalled Guardium policy

    Guardium 10.6 improved policy builder

    Starting with version 10.6, Guardium has a new policy builder. This builder incorporates many of the 10.x design features, including a format that presents configuration options as sections, and an intuitive, step-by-step guide to create and configure the policy.

    Franklin Almonte

    Guardium 11 policy analyzer

    Guardium 11 introduces Policy Analyzer, which provides rule counts for installed Data Access Management (DAM) policy rules.

    Guardium 11 risk spotter

    IBM Guardium 11 introduces risk spotter, a semi-automatic process that hones in on the most risky users and the most risky databases. This dynamic risk assessment considers all risk factors, including but not limited to: outliers, vulnerability, volume of activities, access to sensitive data, type of commands (privileges). It scans unmonitored users and databases beyond your current policies to spot previously unmonitored risks, and it suggests proactive actions.

    Guardium 11 smart assistant for compliance monitoring

    In Guardium 11, the smart assistant for compliance monitoring helps you quickly configure monitoring for GDPR, PCI, SOX, and other security standards by automating policy installation and scheduling, populating policy groups, discovering sensitive data in your databases, and more.

    Guardium 11 Smart Assistant: Industries and Applications demonstration

    This video presents a deep dive with a Use Case and supporting screen shots showing how to use the functionality of Smart Assistant.  

    Guardium 11 Vulnerability Assessment and CyberArk integration

    This Tech Talk focuses on one of the many key features of Guardium 11, integration with CyberArk for managing user names and passwords, as well as, enhancements for managing data sources and groups. 

    Guardium 11 Vulnerability Assessment Overview

    The Guardium 11 Vulnerability Assessment (VA) has many new features, including test exceptions, test detail exceptions, security assessment using datasource group, CyberArk integration, DataStax Cassandra, as well as support for the new release of MongoDB 4.0, PostgreSQLv11 and Oracle 18c CVE tests.

    Guardium Access, Exception, and Extrusion Policy Rules

    IBM Guardium policy rules fall into three categories:

    • Access rules
    • Extrusion rules
    • Exception rules

    In this video series, you  learn about the three types of rules , what criteria and actions are associated with each type, and some of the uses for each type of rule.

    Guardium appliance patching

    In this Open Mic video, Avi Walerius from Guardium Technical Support discusses different aspects of appliance patches: differences between patch types, advice on the health check patch, and best practices for installing GPU patches.

    Guardium ATAP & EXIT functionality for database traffic collection

    This Guardium Open Mic discusses the usage of ATAP and EXIT. ATAP allows interception of encrypted traffic at the database server application level, and EXIT functionality makes it possible to intercept any traffic while eliminating the need for loading the KTAP module into the kernel.

    Guardium Best Practices

    Learn how IBM Security Guardium supports IBM's approach to data-centric audit and protection.

    Guardium Big Data Intelligence for Data Security Insights and Integration

    Guardium Big Data Intelligence complements existing Guardium deployments with the ability to quickly integrate an optimized security data lake.

    Part 1 covers architecture, reporting, and data retention.

    Part 2 takes a deeper look at the solution and its benefits, which includes: noise-reduction analytics, data integrations for enrichment and automation, workflow and orchestration, trusted connections, and Database User Entity Behavior Analytics.

    Guardium disk and database health analyzer

    New in IBM Guardium 10.6, alerts are sent when the system predicts that a DB size or files on disk (/var) will reach 50% in the next 14 days. Alerts detail the predicted size and the largest tables or files. Alerts are also shown in the deployment health dashboard of the central manager.  In this course, you will see a quick overview of this feature and then a deeper dive into the function and its architecture.

    Guardium external S-TAP overview

    In this video, you will learn how IBM Guardium supports monitoring capabilities for Database as a Service (DBaaS) and containerized databases, offering a consistent approach to data protection for on-premise and cloud environments.

    Guardium for z/OS overview

    The IBM DB2 for z/OS platform stores mission critical data for companies. In this overview, you will learn how IBM Security Guardium can help monitor, audit, and protect DB2 z/OS environments.  Topics include best practices and approaches to protect your data using Guardium for DB2 z/OS S-TAP features and capabilities, and troubleshooting.

    Guardium Full Appliance Issues - Detection, Root Cause, and Remediation

    The information in this Open Mic will help keep you out of trouble and possibly rescue you in the case of full appliance issues.


    • Introduction
    • Detection
    • First Response
    • Getting to Root Cause
    • Questions & Answers

    In the follow-up to the Open Mic, John spends time answering audience questions on that and other topics.

    • Reboot the appliance
    • Issues with fixes
    • Vulnerabilities
    • The Discovery engine
    • High CPU

    Guardium in AWS

    In this video, you will see the steps to create an IBM Guardium instance in Amazon Web Services (AWS).

    Guardium in Azure

    In this video, you will see how to set up an IBM Guardium instance in Microsoft Azure.

    Guardium Insights Installation Cookbook

    The central reporting of activity of database activity monitoring systems is measured against the problem of huge amounts of data and the necessity of long data retention that is enforced by regulations, and correct identification of anomalies in user behavior through quantitative analysis.

    IBM Security Guardium Insights (GI) is a response to these needs and is designed as a container service implementable in both private and public clouds. The following procedures bring together the various installation and configuration steps to install Guardium Insights. The process is divided into five main tasks:

    • System requirements
    • Red Hat setup
    • OpenShift installation
    • IBM Cloud Private installation
    • Guardium Insights installation

    Guardium Installation Manager (GIM) Agent Installation - Part 1

    The Guardium Installation Manager (GIM) allows you to install, upgrade, and manage agents on individual servers or groups of servers.  In this course, you will learn about GIM Agent installation planning, installation steps and validation, and installation troubleshooting.  This is Part 1 of a two-part series.

    Guardium Installation Manager (GIM) Usage and Deployment Methods - Part 2

    The Guardium Installation Manager (GIM) allows you to install, upgrade, and manage agents on individual servers or groups of servers.  In this course, you will learn about GIM deployment and usage, and includes GIM reports, registration and authentication, and troubleshooting.  This is Part 2 of a two-part series.

    Guardium integration with Cloudera Distribution of Hadoop (CDH)

    In this video, Leila Johannesen demonstrates a Guardium integration with Cloudera Distribution of Hadoop (CDH).

    Guardium Open Mic: Using Buffer Usage Monitor Report & Sniffer Must-gather for Troubleshooting

    Guardium technical support commonly analyzes the Buffer Usage Monitor Report & Sniffer must_gather to determine problems occurring with in the Guardium environment. This Open Mic explores those reports and information commonly analyzed.

    Guardium policy stacking

    Organizations have many goals for monitoring data servers. These goals require many rules, some of which  apply to a broad set of data servers, and some of which might apply to only one or a few data servers.

    In this video, you learn how to organize these rules into a series of policies to optimize maintainability.

    Guardium policy strategy and techniques

    Polices are a core component of the Guardium Solution. Policies are sets of rules and actions applied in real time to the database traffic observed by a Guardium system. Policies define which traffic is ignored or logged, which activities require more granular logging, and which activities should trigger an alert or block access to the database.  Therefore, it is critical to develop strategies and techniques associated with polices to maintain a healthy Guardium ecosystem while meeting business requirements. This course consolidates every Guardium policy course on the Security Learning Academy, which provides you with practical knowledge and hands-on experiences to help you develop effective and efficient Guardium polices in your environment. 

    In this course, you learn about creating, installing, and tuning Guardium polices through various related videos and labs. In addition, you learn about policy strategy, recommended practices when designing your polices, and advanced policy techniques.

    Franklin Almonte

    Lou Fuka

    Avi Waleruis

    Guardium policy: Using the Continue to next rule functionality

    Guardium policies often have multiple rules. By default, after a rule is triggered, processing stops. If you do not want to stop processing after the first rule triggers, you must configure your policy to continue to the next rule. In this lab, you configure and test a policy to examine the continuation functionality.

    The lab environment reflects Guardium 10.5.

    Louis Fuka

    Guardium Query-Report Builder

    Starting with version 10.6, Guardium has a new query and report builder. This builder incorporates many of the 10.x design features, including a format that presents configuration options as sections, as well as an intuitive, step-by-step guide to create and configure the query. The report is automatically generated from the query. If the query is modified, the report is automatically regenerated when the query is saved.

    In the lab exercises, you create a query and report that shows SQL commands. Then you generate data to test the report and view the results.

    Guardium Selective and Non-Selective Audit Policy

    Guardium policies are powerful resources to monitor your data environment. However, due to the large amount of data activity in a database production environment, you must configure your policy carefully to filter out innocent traffic.

    In this course, you learn the differences between selective and non-selective audit policies.

    Guardium session-level policy

    Starting with version 10.6, IBM Guardium features special policies that work at the session level. These policies are installed and processed before standard data-security policies, and respond to information that is available at the beginning of a database session. This feature allows quicker processing and response. In this lab, you create and test a session-level policy. 

    Franklin Almonte

    Guardium Tech Talk: Hints and tips for a successful v10 upgrade

    During this Tech Talk, Guardium experts discuss hints and tips for a successful upgrade to v10

    Guardium User Management

    During this Open Mic session, Carolina Leme from Guardium Level 2 support discusses user management and roles and responsibilities.  The bookmarks in the video will take you to the following topics:

    • Administrator responsibilities
    • Root user
    • GUI users
    • CLI access
    • Roles and permissions

    Guardium v10 Enterprise Load Balancing

    Load balancing automatically allocates managed units to S-TAP agents when new S-TAPs are installed and during fail-over when a managed unit is unavailable. The load balancing application also dynamically re-balances loaded or busy managed units by relocating S-TAP agents to less-loaded managed units.  These topics are discussed in this Open Mic.

    Guardium Vulnerability Assessment for MongoDB

    MongoDB is a free and open-source cross-platform document-oriented database program.  In this video, you will see a detailed demonstration of Guardium Vulnerability Assessment for MongoDB, including the process to set up and run the test, and what happens after you harden the database per recommendations from the assessment.

    Guardium Windows S-TAP performance and stability improvements v10

    In this video, you will learn about some major performance improvements and stability improvements in the Guardium Windows S-TAP V10 series.

    How can I check if the correct data is being logged on my Guardium Appliance?

    In this video, you will see how to use specific Guardium GUI reports to check the data being logged on a Guardium Appliance .

    How to download a Guardium patch

    Updating your Guardium environment is an important part of maintaining your site, and can provide new features and enhancements as well as fixing bugs. In this video series, you learn how to download a Guardium patch from IBM Fix Central and upload patch files to your Guardium environment.

    IBM Guardium 10.6 Multi-threading capability

    IBM Guardium version 10.6 introduces multi-threading capabilities to vulnerability assessment. With multi-threading, you can run vulnerability assessments in parallel, reducing completion time while more efficiently using CPU resources. 

    In this video series, you will see how to configure vulnerability assessment multi-threading.

    Guardium default roles

    This intermediate level guide discusses the default  user roles in Guardium. Students learn the purpose of each role, the applications that the role has access to, and what the default user desktop that is associated with the role looks like.

    IBM Guardium alerts: Database full troubleshooting

    If the IBM Guardium database utilization reaches capacity, this is a critical situation and operations will fail.  There are many reasons why this could happen, and it is important to review these causes to prevent this problem. It is also imperative that you are alerted when there is a problem.

    This course is a troubleshooting tool.  Depending on your situation, you will choose to take preventive steps to maintain the health of your Guardium environment and prevent this issue, or if you are experiencing symptoms your database is getting full, you will be guided through troubleshooting steps.

    Topics covered in this course:

    Appliance patch levels      
    Auto stop services  
    Alert notifications
    Purge periods Policy tuning
    Database percent used           
    Top database tables
    Aggregation / archive logs                          
    Disk & Database Health Analyzer                          
    Collectors S-TAPs


    • Identify symptoms that indicate the Guardium database is getting full
    • Describe possible reasons the database utilization increases
    • Navigate through decision points to determine how to take preventive or corrective action
    • Troubleshoot based on the scenario you are experiencing
    • Prepare the required information to present to Guardium Technical Support, if needed 

    IBM Guardium Cloud Deployment Guides

    IBM Guardium uses data activity monitoring, file activity monitoring, and vulnerability assessment to help ensure the security, privacy, and integrity of your data. Guardium can be deployed on various cloud environments, including Amazon AWS EC2, Google, IBM SoftLayer, and Microsoft Azure. The following guides provide instructions you can use to deploy a Guardium instance in a specific cloud.

    IBM Guardium Data Protection for Files, NAS, and SharePoint

    IBM Guardium Data Protection for Files discovers and classifies unstructured sensitive file repositories on various platforms, including Network Attached Storage (NAS) and Microsoft SharePoint. These videos cover:
    • Data-centric security approach
    • Partnership with STEALTHbits
    • Data Protection for Files, NAS, and SharePoint
    •  File Discovery, Entitlement, and Classification (FDEC)
    • File Activity Monitoring (FAM)

    IBM Guardium Distributed Reports

    In this Open Mic, you will learn about IBM Guardium distributed reports. This Central Manager feature provides a way to automatically gather data from all or a subset of the Guardium managed units that are associated with this particular Central Manager. Distributed reports are designed to provide a high-level view, to correlate data from across data sources, and to summarize views of the data.

    IBM Guardium S-GATE Policy

    With Guardium, you can set up rules that automatically terminate database sessions when Guardium detects improper data access, limiting the damage from hostile attacks on your database.

    In this videos, you learn how to configure the S-TAP agent and create policy rules to take advantage of S-GATE functionality.

    IBM Guardium troubleshooting and Support

    This course covers:

    • How to capture must gathers from Guardium
    • Collecting a guard_diag for a Guardium S-TAP installed on UNIX
    • How to Upload Data to a Support Ticket (PMR)
    • Using Guardium cli commands iptraf and tcpdump to troubleshoot network issues

    IBM Guardium: 10.1.3 Overview - Speed Compliance and Simplify Deployments

    The video provides details on IBM Guardium release 10.1.3. This release helps to speed compliance and simplify deployments.

    IBM Guardium: Sniffer restart & High CPU correlation alerts

    This Open Mic discusses how to troubleshoot underlying problems causing you to receive Sniffer restart and High CPU correlation alerts.

    IBM Security Guardium Foundations

    Are you getting ready to administer database security policies? Learn how to configure Guardium to discover, classify, analyze, protect, and control access to sensitive data. You learn to perform vulnerability assessment, and how to monitor data and file activity. This course teaches you how to create reports, audits, alerts, metrics, and compliance oversight processes. 


    • Identify the primary functions of IBM Security Guardium
    • Apply key Guardium architecture components
    • Navigate the Guardium user interface and command line interface
    • Manage user access to Guardium
    • Build and populate Guardium groups
    • Use the administration console to manage Guardium components
    • Configure policy rules that process the information gathered from database and file servers
    • Use the configuration auditing system, Vulnerability Assessment application, and Database Discovery to perform data security tasks
    • Create queries and reports to examine trends and gather data
    • Automate compliance workflow processes
    • Use file activity monitoring to keep track of the files on your servers

    Installing and configuring S-TAP

    S-TAP and K-TAP are Guardium components that can intercept database communications between clients and the database server. This course includes the following materials:

    • Guardium: Linux S-TAP installation guidance
    • Troubleshooting the Guardium S-TAP Verification Process
    • How can a SLON capture be created on an InfoSphere Guardium Appliance

    Is Your Guardium Environment Secure & Supportable?

    In this Guardium Open Mic, the following topics are discussed:  Shared Secrets, ID's and Passwords, Ports and Firewalls, Backups and Archives, Supportability Options

    Managing Transport Layer Security (TLS) Protocol Versions in IBM Guardium 10.1.4

    IBM Guardium 10.1.4 introduces the capability for all managed units, agents, and clients to communicate by using Transport Layer Security (TLS) Protocol version 1.2. This capability enhances security in your data center.

    In this series of three videos, you learn how to enable TLS1.2 in your IBM Guardium environment.

    Duration: 15 minutes

    Open Mic: How to Build Custom KTAP Linux STAP

    This IBM Guardium Open Mic discusses the following topics:

    • How to tell if KTAP will install directly on a kernel version? (i.e how to use ktaposmatch)
    • Options to build KTAP for unlisted kernel versions (flex_loading, and custom ktap build), including examples of each case, with GIM and non-GIM installs.

    Overview of the IBM Guardium User Interface

    This course introduces  you to the Guardium interface and command line interface. You learn how to access common Guardium features and applications. You can use the Guardium command line interface (CLI) to automate and script functions that are frequently used. You learn how to search the CLI for commands and list applicable options.

    In the lab, you explore the Guardium GUI and learn how to classify data in your database environment. You create a new classification policy that searches for credit card numbers and populates the Sensitive Objects group with the table name and column name for each detected incident. 

    The lab environment reflects Guardium 10.5.

    Franklin Almonte

    PCI compliance quickstart with IBM Guardium

    IBM Guardium provides tools for helping meet the requirements of the Payment Card Industry (PCI) data security standard.

    In this video series, you become familiar with Guardium features that pertain to the PCI data security standard. You see a demonstration of how the features are configured.

    Preventing and Reacting to Guardium Database Full Issues

    Guardium processes large amounts of information about database access. In this video, you will learn to take steps to prevent your Guardium internal database filling up, troubleshoot when it is filling up and take action to reduce the space when needed.

    The Case of the Missing Guardium DB Users

    In Guardium, when a database user name in a report is blank, the cause should be investigated by the Guardium administrator.  In this course, you will learn various causes and solutions for missing DB USER information, illustrated with specific examples. 

    Tips and tricks to keep Windows S-TAP healthy

    In this video, you will learn some tips and tricks for keeping your Windows S-TAP up and running with fewer issues.  You will investigate the following parameters and settings:

    • USE_TLS=1

    Troubleshooting Guardium S-TAP Severity 1 issues

    In this course, targeted for Guardium administrators, you'll learn about Severity 1 problems when the Database or Database Server might be effected, and be provided key troubleshooting recommendations and information to gather if necessary.

    Troubleshooting Missing Guardium Database User Problems

    In Guardium, you may have a situation where the database user name in a report is blank, or there is a question mark, or may be a string of random characters. In this course, you will learn how to import the new missing DB user dashboard and use it to troubleshoot and take actions to resolve the problem.

    Upgrading a Guardium appliance to version 11.0

    The correct approach for upgrading Guardium depends on multiple factors, which include the version you are upgrading from, the hardware of your system, and any special partitioning requirements you might have. A common way to upgrade Guardium to the latest version is the upgrade patch method. Use an upgrade patch to upgrade all systems in a managed environment. The upgrade patch preserves all data and configurations with the exception of UI customizations due to a new UI architecture.

    In this course, you learn how to plan a Guardium 11 upgrade, how to install the upgrade patch, and how to troubleshoot common installation failures.

    Franklin Almonte

    Use system alerts to monitor your Guardium environment

    In this course, you learn how to monitor your Guardium environment with system alerts. You will see how to set up the Inactive S-TAPs Since alert.

    Using Guardium to quarantine database access

    IBM Guardium provides powerful functions you can use to monitor and control database access. Guardium can terminate sessions performing suspicious database access commands and even quarantine suspicious users. In this lab, you explore the session termination and quarantine functionality.

    The lab environment reflects Guardium 10.5.

    Using IBM Guardium 10.1.4 for Cloud database service protection

    IBM Guardium 10.1.4 has new functionality to protect Oracle 11 databases that reside on Amazon AWS. In this video series, you will learn how to discover cloud databases. Then you will see how to classify and audit sensitive objects.

    Using IBM Guardium APIs to Speed Deployment and Automate Repetitive Tasks

    Regular upkeep of your data security environment is required to keep the system aligned with the ever-changing IT environment, including new data servers, new uses of sensitive data, new users, and new applications. Organizations that use IBM Guardium for data security and compliance can take advantage of a rich set of APIs to automate processes and maintain the system in a more efficient manner. 

    In this course, you learn how Guardium APIs can speed deployment and automate repetitive tasks such as creating a datasource, updating users, and modifying groups.

    The lab environment reflects Guardium 10.5.

    Franklin Almonte

    Using the Flat Log Policy

    Peak database traffic periods can overload monitoring solutions. The Guardium flat log policy provides a way to defer analysis and logging of traffic to off-peak periods. In this video series, you learn about the flat log policy and how it can help you avoid resource overload.

    What's new in Guardium 10.1.4

    In this Tech Talk, Guardium experts provide an overview of what is new in Guardium 10.1.4, including enhancements in compliance, ease of use, agents, and platform.

    What's New in Guardium 10.5

    The IBM Security Guardium Data Protection v10.5 platform continues to evolve to support a wider variety of use cases, both by adding new functionality and by opening up the platform to support application integration.  In this tech talk, you will get an overview of the new and updated Guardium features, including:

    • An apps ecosystem that enables integration of your own functionality into Guardium 
    • An expansion of file discovery and classification to more deployment models 
    • Updates to Vulnerability Assessment, including support for SAP HANA 
    • Enhanced integration to support Guardium Big Data Intelligence use cases 
    • Platform enhancements for currency, security, and manageability

    Bookmarks in the video take you to the following topics:

    • Guardium App Exchange (Ecosystem)
    • File Access Monitoring (FAM) for SharePoint and NAS
    • Platform / OS changes
    • CyberArk integration
    • Currency updates
    • Sniffer updates
    • Guardium Big Data Intelligence (GBDI) integration
    • STAP, ATAP, and GIM updates
    • Vulnerability Assessment (VA)
    • IBM License Metric Tool (ILMT)

    What's new in Guardium 10.6

    In this Tech Talk, Shay Harel discusses several new IBM Guardium 10.6 enhancements that improve usability, core functionality and enable greater extensibility to new types of data environments. In the area of usability, there is a new policy builder user interface, as well as easier to use query report builder. There are new monitoring capabilities for Database as a Service. In addition, Guardium performance has been enhanced. Vulnerability assessment has improved accuracy and scan granularity. File access management with NAS and SharePoint enables consistent data protection across unstructured as well as structured data.

    What's new in Guardium 11.0

    In this video, Shay Harel, Director of Data Security Engineering, explores the new features and updates in IBM Guardium v11. 

    Topics include:

    • Upgrade
    • Active threat analytics
    • Risk spotter
    • Policy analyzer
    • Smart Assistant
    • CyberArk integration
    • Data protection for files (Sharepoint and NAS)       
    • Vulnerability Assessment enhancements
    • External STAP with Kubernetes
    • Monitor DBaaS without STAP
    • New platform support database
    • Miscellaneous updates

    What's new in Guardium 11.1

    In this video, Shay Harel, Director of Data Security Engineering, explores the new features and updates in IBM Guardium v11.1. 

    • Mapping applications
    • Active threat analytics                         
    • Risk spotter
    • ServiceNow integration
    • Auto create inspection engine
    • IPv6 support
    • Cloud database updates  
    • Vulnerability Assessment enhancements  
    • S-TAP updates 
    • Mainframe updates
    • Sankey diagram for advanced investigations

    Windows S-TAP debug log changes from Guardium v10 to v11

    In this video, you learn about the Windows S-TAP debug log changes that were implemented in Guardium versions 10 to 11.

    Working with Guardium Certificates

    This Open Mic covered different aspects of IBM Guardium certificates, including the prerequisite for installing certificates, how to create request certificates, converting certificates in the format that Guardium supports, and the hierarchy of certificates.

    Updating Guardium from 11.0 to 11.1

    IBM Security Guardium Patch Updates (GPUs) update the subversion of Guardium. It is common practice to install the latest GPU for both code fixes and feature/function enhancements.

    In this lab, you upgrade a Central Manager appliance from subversion 11.0 to version 11.1 by first installing the Health Check Patch p9999 and then installing GPU p100.

    Upgrading Guardium from 10.6 to 11.0

    The correct approach for upgrading IBM Security Guardium depends on multiple factors, which include the version you are upgrading from, the hardware of your system, and any special partitioning requirements you might have. A common way to upgrade Guardium to the latest version is the upgrade patch method. Use an upgrade patch to upgrade all systems in a managed environment. The upgrade patch preserves all data and configurations with the exception of user interface (UI) customizations due to a new UI architecture.

    In this lab, you upgrade a Central Manager appliance from version 10.6 to version 11.0 by first installing the Health Check Patch p9998 and then installing upgrade patch p11001. Along the way, you encounter a couple of common error conditions that you must remediate in order to perform a successful upgrade.

    Guardium and Resilient integration: Email Connector

    In this video, you will see how to set up IBM Guardium email alerts in an IBM Resilient incident response workflow using the Resilient Email Connector.