System Integrations

This category contains integration scenarios that use IBM Data Security products.

System Integrations Courses:

Integrating Guardium with Active Directory

Active Directory provides central authentication and other services to Microsoft Windows networks. Organizations that use Active Directory for centralized authentication usually require that all applications integrate with it, so users can be centrally managed across the enterprise.

Guardium integrates with Active Directory in two ways:

  • Populate a Guardium group with Active Directory users and integrate into your security policies
  • Authenticate Guardium users with Active Directory

In this course, you learn how to integrate Guardium with Active Directory.

IBM Security Guardium On-Cloud Deployment Guides

IBM Security Guardium uses data activity monitoring, file activity monitoring, and vulnerability assessment to help ensure the security, privacy, and integrity of your data. Guardium can be deployed on various cloud environments, including Amazon AWS EC2, Microsoft Azure, Google, IBM Cloud, and Oracle Cloud Infrastructure. The following guides provide instructions that you can use to deploy a Guardium instance in a specific cloud.

Demo: Integration of IBM Cloud Pak for Security with Guardium Insights

A walk through of integration between IBM Cloud Pak for Security "Cases" and Guardium Insights

  • Map a ticket in Guardium Insights to the “Cases” application and assign to a user
  • Allow SOC analyst to view and respond through the Cloud Pak for Security console

Populating Guardium group members with Active Directory users

Active Directory provides central authentication and other services to Microsoft Windows networks. Guardium groups consolidate similar data and uses them in creating query, policy, and classification definitions. As a Guardium administrator, you can integrate both these functionalities to streamline the experience across products.

In this lab, you create a Guardium group and populate the members with Active Directory users.

Franklin Almonte

Integrating Guardium authentication with Active Directory

Active Directory provides central authentication and other services to Microsoft Windows networks. In order to maintain centralized authentication and access controls, organizations that use Active Directory often require applications to use this service. As a Guardium administrator, you can change the Guardium authentication to use Active Directory and import users directory from the Active Directory structure.

In this lab, you change the Guardium authentication to use Active Directory, import Active Directory users via Access Management, and validate that one of the users can log into the Guardium GUI.

Franklin Almonte

Integrating Guardium with ServiceNow

You can configure IBM Security Guardium to use an external ticketing system such as ServiceNow® to track incidents, problems, and tasks discovered by Guardium. The integration between these two products is useful because Guardium can create tickets manually or automatically within ServiceNow, which can aid in centralized and collaborative incident investigation. Your security team or Security Operations Center (SOC) staff can investigate the tickets that Guardium generates.

In order to take advantage of this integration, Guardium 11.1 or higher is required.
Franklin Almonte

Introduction to the Guardium app ecosystem

Use IBM Security Guardium apps to extend and enhance your current Guardium deployment with new data and ready-to-use use cases. The Guardium ecosystem is comprised of the IBM Security App Exchange, the apps, the SDK, and the Application Lifecycle in the Guardium UI. The apps are the centerpiece of the ecosystem. Guardium apps augment and enrich your current Guardium system with new data and functionality.

In this course, you explore the use of Guardium apps to extend and enhance your current deployment with new data and ready-to-use use cases. Also, a demonstration shows how you can enable the Guardium Ecosystem and install an app from the IBM Security App Exchange.

Requires Guardium version 10.5 or higher.

Franklin Almonte

Guardium Tech Talk: Making cloudy skies clear again: What can you do with Guardium Data Protection in the cloud?

This Tech Talk discusses how to use IBM Guardium Data Protection to address Cloud data security issues including:

  • IaaS Solution: Multi-Cloud Protection
  • Backup/Restore Additions
  • Amazon RDS: Discovery
  • Roadmap, Resources, and Questions

Guardium for z/OS overview

The IBM DB2 for z/OS platform stores mission critical data for companies. In this overview, you will learn how IBM Security Guardium can help monitor, audit, and protect DB2 z/OS environments.  Topics include best practices and approaches to protect your data using Guardium for DB2 z/OS S-TAP features and capabilities, and troubleshooting.

Guardium integration with Cloudera Distribution of Hadoop (CDH)

In this video, Leila Johannesen demonstrates a Guardium integration with Cloudera Distribution of Hadoop (CDH).

Deploying the external S-TAP on AWS EKS using the Guardium UI

This video demonstrates the process of deploying the Guardium external S-TAP on Amazon Web Services (AWS) Elastic Kubernetes Service (EKS) in order to monitor AWS cloud databases with Guardium.

IBM Guardium Data Protection for Files, NAS, and SharePoint

IBM Guardium Data Protection for Files discovers and classifies unstructured sensitive file repositories on various platforms, including Network Attached Storage (NAS) and Microsoft SharePoint. These videos cover:
  • Data-centric security approach
  • Partnership with STEALTHbits
  • Data Protection for Files, NAS, and SharePoint
  •  File Discovery, Entitlement, and Classification (FDEC)
  • File Activity Monitoring (FAM)

Guardium in AWS

In this video, you will see the steps to create an IBM Guardium instance in Amazon Web Services (AWS).

Build Your First Guardium App Using the New Ecosystem Technologies

Guardium 10.5 includes an ecosystem to extend and enhance your current Guardium deployment with new capabilities. Guardium apps are the centerpiece of the ecosystem, allowing you to augment and enrich your current Guardium system. You can create your own Guardium apps or download and install shared apps created by IBM, business partners, or other Guardium customers.

In this tech talk, John Haldeman from Information Insights will share his experiences using the Guardium Ecosystem and demonstrate how to:

- Create a Guardium app using the Software Development Kit (SDK)

- Deploy your app on your Guardium appliance

- Share your app on the IBM Guardium App Exchange

Guardium in Azure

In this video, you will see how to set up an IBM Guardium instance in Microsoft Azure.

Guardium Universal Connectors

Are you looking for a quick and simple way to add support for new data sources?  The Guardium Universal Connector creates an easy to use, robust mechanism to add new data sources to Guardium. The Universal Connector supports filtering and parsing capabilities, on-premise and cloud platforms, and many data source types. 

This session, led by IBM experts, includes the following topics:

  • Universal Connector flow and architecture
  • A demonstration 
  • Configuring Universal Connectors
  • Installing plugins
  • GIM Bundles
  • Universal Connector APIs
  • Implementation considerations
  • Diagnostic procedures

Universal Connectors are supported by Guardium 11.3 and higher.

Protecting sensitive data from privileged users

This self-paced learning content represents an integration scenario that uses IBM Privileged Identify Manager (PIM), IBM Guardium, IBM Network Protection (XGS), IBM QRadar, and IBM Directory Integrator (IDI). The course includes three videos that depict a database administrator interacting with the system. Watch the videos in the following order:

1)     Testing Initial PIM and Guardium Setup – This video shows the basic functionality of PIM and Guardium without implementing integration between them.

2)     Testing PIM and Guardium Integration – This video shows the benefits of integrating PIM and Guardium. There is no direct integration path between the two products. QRadar and IDI are used to bridge integration gaps between PIM and Guardium.

3)     Testing a Complete Integration Solution– This video shows a fully integrated security solution. It includes the XGS appliance that terminates any existing connection from the database administrator workstation to the database server.

This course also includes an Integration Guide that documents the configuration steps necessary to integrate the products. It also includes the file that contains the custom files, including developed IDI assembly lines, necessary to successfully implement this integration scenario.

Guardium and Resilient integration: Email Connector

In this video, you will see how to set up IBM Guardium email alerts in an IBM Resilient incident response workflow using the Resilient Email Connector.

IBM Guardium and IBM QRadar SIEM Closed Loop integration

This lab demonstrates bidirectional integration of IBM® QRadar® SIEM and IBM® Guardium®.  QRadar SIEM collects the logs from various devices in enterprise networks.  The logs are received through connectors called Device Support Module (DSM).  QRadar has a DSM for Guardium. That DSM enables QRadar to receive and process logs from Guardium.

Alternatively, Guardium has an API that provides an option for QRadar to react to certain events detected by QRadar, and send Guardium those commands to adjust the database policy to properly react to the event.  For example, if QRadar detects that the source IP from an internal network is communicating with an IP address classified as the Botnet Server, it can send a command to Guardium to block any access to the database from the same IP address.  The call from QRadar to Guardium can be done using the Custom Actions feature of QRadar or using IBM Security Directory Integrator® (IDI) that acts as the proxy; transforming various events from QRadar into Guardium API calls.

This IDI solution uses custom developed code that IBM provides as-is without any support and maintenance commitments. You can download the code from the Security Learning Academy in the Additional Resources section of this course.

Integrating IBM Guardium and IBM Identity Governance and Intelligence to support the GDPR initiative on structured data

This learning module demonstrates the integration of IBM Guardium and IBM IGI products to support the GDPR compliance initiative on structure data. The solution provides a custom developed AssemblyLine that runs in IBM Directory Integrator (IDI), and an IBM Identity Governance and Intelligence (IGI) Custom Adapter that requires IBM Directory Server and IDI to run.

The integration goal is to identify GDPR sensitive data using a provided sample database using IBM Guardium. Guardium then exports a report that contains users who have access to tables with GDPR relevant data. Then, the IGI Custom Adapter imports these reports into IGI for further compliance and access management.

The course provides a lab environment where the integration can be tested and demonstrated.

Also, if you do not have time to run the lab, you can review the videos that demonstrate all steps in the lab.

The additional learning section provides a custom AssemblyLine and a custom IGI adapter as-is with no IBM support. You can provide feedback to the Security Learning Academy if you have any issues with the code.

Guardium integration with Cloudera Distribution of Hadoop (CDH)

In this video, Leila Johannesen demonstrates a Guardium integration with Cloudera Distribution of Hadoop (CDH).

Deployment Guide for InfoSphere Guardium

This IBM Redbooks® publication provides a guide for deploying the Guardium solutions.

This book also provides a roadmap process for implementing an InfoSphere Guardium solution that is based on years of experience and best practices that were collected from various Guardium experts. We describe planning, installation, configuration, monitoring, and administrating an InfoSphere Guardium environment. We also describe use cases and how InfoSphere Guardium integrates with other IBM products.

External S-TAP deployment on AWS clusters

With organizations moving their data to the cloud, there is a fundamental shift in the way IT is deploying and using database management services. Traditional agent-based architectures used to protect on-premises data sources cannot provide the same level of visibility and protection for cloud-based data sources that are fully managed by cloud vendors, or deployed in containers. 

In this lab, you explore the new agentless approach in IBM Security Guardium by deploying and configuring an external S-TAP.

Using IBM Guardium for Cloud database service protection

IBM Guardium 10.1.4 has new functionality to protect Oracle 11 databases that reside on Amazon AWS. In this video series, you will learn how to discover cloud databases. Then you will see how to classify and audit sensitive objects.

Integrating Guardium with Active Directory

In this demonstration, you learn how to populate Guardium group members with Active Directory users. You can integrate this group into your Guardium policies like any other group. You also learn how to import Active Directory users with Access Manager so that those users can log in to Guardium.

Configuring Guardium Universal Connectors

In this video, Nataliya Geimakher demonstrates how to enable and configure Universal Connectors and run queries that pull data from a variety of sources into Guardium. You also learn how to view data from Universal Connectors in Guardium's QuickSearch and reports. 

Universal Connectors are supported by Guardium 11.3 and higher.

Configuring the Guardium Universal Connector for MongoDB

New in IBM Security Guardium 11.3, the universal connector allows you to configure a connection from native database activity logs to the Guardium collector. This allows Guardium to monitor data sources such as cloud database implementations that are not suited to running an S-TAP agent.  The Guardium Universal Connector includes support for MongoDB®, MySQL, and Amazon S3, requiring minimal configuration. Users can easily develop plug-ins for other data sources.

In this course, you learn to use the Guardium Universal Connector functionality to monitor activity from a MongoDB data source. 

Tech Day Replay: Continuously monitor and protect sensitive data across your mainframe environments

This tech talk provides a comprehensive overview of the continuous and adaptive approach to mainframe data protection offered by Guardium for z/OS. We deep dive into Guardium and Z security, see Guardium Data Protection at work during an interactive demo, and get answers from experts to questions on protecting data on z/OS.

Tech Day Replay: Cloud Pak for Data and Guardium Data Protection: Better Together

IBM's best-of-breed data security solution with its modern, governed data analytics and AI platform allows enterprises to realize the innovative potential of their data.  Learn how Cloud Park for Data and Guardium Data Protection work together to provide you a better, safer data experience.

This workshop held on October 29, 2020 includes:

    • IBM Cloud Pak for Data with Guardium Data Protection overview and deep-dive with data and security experts
    • Solution demonstrations
    • Live Q&A throughout

: 2 hours, 39 minutes (Total)

Sending Guardium events to IBM QRadar

IBM Security Guardium is a data security and data privacy solution that helps ensure the integrity of data that is stored on servers. Guardium uses policies to monitor data servers and act when it detects suspicious database activity, such as:

  • Failed logins
  • Unauthorized access
  • SQL Error codes such as SQL injection attacks
  • Users trying to escalate their privileges
  • Users trying to indirectly access sensitive data

The Guardium S-TAP agent monitors the data servers that host the sensitive data and report database activity to a Guardium Collector. The Guardium Collector applies policies to the database activity. When a policy rule is triggered, the Guardium Collector can use the system log to send an alert to IBM Security QRadar security information and event management (SIEM). QRadar receives the alert through a connector, which is called the Guardium device support module (DSM), and displays it in a console. 

In this lab, you integrate Guardium and QRadar to display an event in the QRadar SIEM console when a suspicious user attempts to read or manipulate sensitive data.

Tech Day: Data Security and the SIEM: A Partnership for the Future with Guardium and QRadar

Watch a replay of the Tech Day exploring not only the individual components and capabilities of Guardium and QRadar, but also how the two can integrate to refine visibility and understanding of data security threats and boost cross-security collaboration and response.