Guardium

The Guardium track at Virtual Master Skills University features new and refreshed live sessions focused on topics like architecture, deployment types, and automation; agent-based and agent-less approaches to database activity monitoring; Guardium Insights and reporting in Guardium today; analytics, security analytics, and predictive analytics; and more. It also features all-new labs on topics like monitoring data sources on the Cloud with Guardium External TAP and Guardium Insights. If you've attended the Guardium track at Master Skills University in the past, join us again to sharpen your skillset with these new sessions and labs!

Click roadmap title to expand/collapse roadmap

Master Skills University 2020 - Guardium

The total time required to complete this roadmap is 25h 47m.

Welcome to Virtual Master Skills University 2020! This is IBM Security's very first virtual Master Skills event, and we're thrilled that you've chosen to spend part of your week with us. Each day, you'll experience advanced-level knowledge transfer from our top subject matter experts, get hands-on with self-paced virtual labs, and have opportunities to chat live with our experts. Here on Security Learning Academy, you'll find replays of the live Master Skills University sessions, all of the hands-on virtual Master Skills University labs, a virtual Escape Room game, additional relevant courses to help you continue your learning, and more.

To join the live sessions each day, use the “Attendee Catalog” link in your event confirmation and reminder emails. When they are available, recordings of the live sessions will become available here on Security Learning Academy. You cannot access the live sessions from Security Learning Academy.


Day 1: Monday, Sept 21, 2020


Day 2: Tuesday, Sept 22, 2020


Day 3: Wednesday, Sept 23, 2020


Day 4: Thursday, Sept 24, 2020 (Cloud Pak for Security)


Additional Learning


Getting started with Guardium Database Entitlement Reports

Employees in organizations need access to various assets to perform their job. Managing this access can be a challenge as requirements change. For example, new applications are added or existing users need additional access rights. This gets more complex when you collaborate with outside organizations  and you might not know who in the other organization needs access to your organization's resources and vice versa.

IBM Security Guardium can aid you with entitlement management. You can use Guardium Database Entitlement Reports to verify that users only have access to the appropriate data. Your IBM Security Guardium system includes predefined database entitlement reports for several database types. Database entitlement reports provide up-to-date snapshots of database users and access privileges.

In this lab, you learn how to prepare and run these reports to validate and ensure that users only have the privileges required to perform their duties.

Franklin Almonte


Discovering sensitive data with IBM Guardium

The task of securing sensitive data begins with identifying it. IBM Security Guardium uses a sensitive data discovery application to scan database tables for data that matches certain parameters, such as personal identification number formats or bank card formats.

This lab illustrates how to create a new classification policy that searches for credit card numbers and populate the group with the table name and column name for each detected object.

Guardium database auto-discovery

There are many scenarios where databases can exist undetected on your network and expose your network to potential risk. Old databases might be forgotten and unmonitored, or a new database might be added as part of an application package. A rogue DBA might also create a new instance of a database to conduct malicious activity outside of the monitored databases.

Auto-discovery uses scan and probe jobs to ensure that no database goes undetected in your environment:

  • A scan job scans each specified host (or hosts in a specified subnet), and compiles a list of open ports that are specified for that host.
  • A probe job uses the results of the scan to determine whether there are database services that are running on the open ports. A probe job cannot be completed without first running a scan. View the results of this job in the Databases Discovered predefined report.
In this virtual lab, you:

  1. Create an Auto-discovery process to search specific IP addresses or subnets for open ports.
  2. Run the Auto-discovery process on demand or on a scheduled basis.
  3. View the results of the process with the Discovered Databases report.
Franklin Almonte

Guardium Active Threat Analytics and Risk Spotter

The IBM Security Guardium Active Threat Analytics dashboard shows potential security breach cases based on the outlier mining process and on identified attack symptoms. In this dashboard, you can view and investigate cases, and take actions on individual cases.

As Guardium monitors data activity, the outlier mining engine also works in the background every hour to identify attack symptoms. You use the Active Threat Analytics dashboard to view cases, investigate cases and take actions, and minimize the chances of an attack or malicious activity.

Risk Spotter is a first of its kind technology, changing the security paradigm to an artificial intelligence data protection policy. It uses a holistic algorithm to dynamically assess risk factors and it uses a smart algorithm to identify potential risks across your entire system.

In this lab, you explore the Active Threat Analytics and Risk Spotter dashboards to:

  • Investigate existing and new threats
  • Analyze risky users
  • Create a ticket in ServiceNow
Franklin Almonte

External S-TAP deployment on AWS clusters

With organizations moving their data to the cloud, there is a fundamental shift in the way IT is deploying and using database management services. Traditional agent-based architectures used to protect on-premises data sources cannot provide the same level of visibility and protection for cloud-based data sources that are fully managed by cloud vendors, or deployed in containers. 

In this lab, you explore the new agentless approach in IBM Security Guardium by deploying and configuring an external S-TAP.