You are on page 1of 6

Unified Solution for Heterogeneous Environments• Application Monitoring

Guardium 7
Guardium identifies potential fraud by tracking activities of end-users who access critical Managing the Entire Database Security & Compliance Lifecycle•
Broad DBMS Platform Support
tables via multi-tier enterprise applications rather than direct access to the database. This
Guardium’s cross-platform solution supports all major DBMS platforms and protocols running is required because enterprise applications typically use an optimization mechanism called More Global 1000 organizations trust Guardium to secure At the same time, our solution optimizes operational
on all major operating systems (Windows, UNIX, Linux, z/OS): “connection pooling.” In a pooled environment, all user traffic is aggregated within a few their critical enterprise data than any other technology efficiency with a scalable, multi-tier architecture that auto-
database connections that are identified only by a generic application account name, thereby provider. The fact is, we provide the simplest, most robust mates and centralizes compliance controls across your entire
Supported Platform Supported Versions masking the identity of end-users. Guardium supports application monitoring for all major off- solution for safeguarding financial and ERP information, application and database infrastructure.
Oracle 8i, 9i, 10g, 11g the-shelf enterprise applications. Support for other applications, including in-house applications, customer and cardholder data, and intellectual property
Microsoft SQL Server 2000, 2005, 2008 is provided by monitoring transactions at the application server level. But as remarkable as this solution is for what it does, it’s
stored in your enterprise systems.
IBM DB2 UDB 8, 9 equally remarkable for what it doesn’t do. It has virtually
IBM DB2 for z/OS 7, 8 Our enterprise security platform prevents unauthorized zero impact on performance, does not require changes to
Supported Enterprise • Oracle E-Business Suite
IBM Informix 7, 8, 10, 11 or suspicious activities by privileged insiders and potential your databases, and does not rely on native database logs
Applications • PeopleSoft
Sybase ASE 12, 15 hackers. It also monitors potential fraud by end-users of or auditing utilities.
• Siebel
Sybase IQ 12.6 • JD Edwards enterprise applications such as Oracle E-Business Suite,
My SQL 4, 5 • SAP PeopleSoft, SAP, Business Objects and in-house systems.
Teradata 6 • Business Objects Web Intelligence

Supported Application • IBM WebSphere Unified Solution
Server Platforms • BEA WebLogic Built upon a single unified
Host-Based Monitoring • Oracle Application Server (AS) console and back-end data
Unique in the industry, S-TAPs are lightweight software probes that monitor both network • Microsoft .NET store, Guardium offers a
• JBoss Enterprise Application Platform family of integrated mod-
and local database protocols (shared memory, named pipes, etc.) at the OS level of the
ules for managing the
database server. S-TAPs minimize any effect on server performance by relaying all traffic to
entire database security
separate Guardium appliances for real-time analysis and reporting, rather than relying on the and compliance lifecycle.
database itself to process and store log data. S-TAPs are often preferred because they eliminate
the need for dedicated hardware appliances in remote locations or available SPAN ports in
your data center.
About Guardium•
S-TAP Support by OS Version Guardium, the database security company, delivers the most widely-used solution for ensuring
Windows NT, 2000, 2003 the integrity of enterprise information and preventing information leaks from the data center.
Solaris - SPARC 6, 8, 9,10
The company's enterprise security platform is now installed in more than 350 data centers
Solaris - Intel/AMD 10
worldwide, including more than 60 Global 500 and Fortune 1000 companies in all major
IBM AIX 5.1, 5.2, 5.3, 6.1
industries. Customers include 3 of the top 4 global banks; one of the world's largest PC
HP-UX 11.00, 11.11 Guardium 7 is the only solution that addresses the entire
manufacturers; a global soft drink brand; a top 3 global retailer; one of the top cardholder • Monitor and enforce policies for sensitive data access,
11.23, 11.31 PA database security and compliance lifecycle with a unified
brands worldwide; and a leading supplier of business intelligence software. privileged user actions, change control, application user
11.23, 11.31 IA64 Web console, back-end data store and workflow auto- activities and security exceptions such as failed logins
Red Hat Enterprise Linux 2, 3, 4, 5
Guardium has partnerships with Oracle, Microsoft, IBM, Sybase, BMC, EMC, RSA, Accenture, mation system, enabling you to: • Automate the entire compliance auditing process –
SUSE Linux Enterprise 9, 10 NetApp, McAfee, and NEON, with Cisco as a strategic investor, and is a member of IBM's including report distribution to oversight teams, sign-
Tru64 5.1A, 5.1B prestigious Data Governance Council and the PCI Security Standards Council. • Locate and classify sensitive information in corporate
offs and escalations – with pre-configured reports for
databases
SOX, PCI-DSS and data privacy
Founded in 2002, Guardium was the first company to address the core data security gap by • Assess database vulnerabilities and configuration flaws
delivering a scalable enterprise platform that both protects databases in real-time and automates • Create a single, centralized audit repository for
• Ensure configurations are locked down after recom- enterprise-wide compliance reporting, performance
the entire compliance auditing process.
mended changes are implemented optimization, investigations and forensics
• Provide 100% visibility and granularity into all data- • Easily scale from safeguarding a single database to
base transactions – across all platforms and protocols – protecting thousands of databases in distributed data
with a secure, tamper-proof audit trail that supports centers around the world
230 Third Avenue • Waltham, MA 02451 USA • T: +1 781 487 9400 • F: +1 781 487 7900 • www.guardium.com
separation of duties
Copyright © 2008 Guardium. All rights reserved. Information in this document is subject to change without notice. Guardium,
Safeguarding Databases, and S-TAP are trademarks of Guardium. All other trademarks and service marks are the property
of their respective owners. 70PB0408
Discover & Classify• It provides a comprehensive library of preconfigured tests The solution can be managed by information security person- real-time to implement proactive controls and produce the Scalable for Your Enterprise•
based on industry best practices as well as platform-specific nel without requiring involvement by database administrators specific information required by auditors.
Automatically locates, classifies and secures vulnerabilities, which are updated on a regular basis via (DBAs). You can also define granular access policies that • Non-Invasive: 100% visibility into all database trans- • Multi-Tier: Unique in the industry, Guardium automati-
sensitive information Guardium’s subscription service. You can also define custom restrict access to specific tables based on OS login, IP or The resulting reports demonstrate compliance by providing actions – including local access by privileged users – cally aggregates and normalizes audit information – from
As organizations create and maintain an increasing volume tests to match specific requirements. The assessment module MAC address, source application, time-of-day, network protocol detailed visibility into all database activities such as failed without performance impact or database changes. multiple systems and locations – into a single centralized
of digital information, they are finding it harder and harder to also flags compliance-related vulnerabilities such as unautho- and type of SQL command. logins, escalation of privileges, schema changes, access • DBMS-Independent: Cross-platform solution that audit repository.
locate and classify sensitive information. rized access to reserved Oracle EBS and SAP tables for com- during off-hours or from unauthorized applications, and access does not rely on native logging or auditing. • Centralized Management: Enterprise-wide manage-
pliance with SOX and PCI-DSS. Continuous contextual analysis of all database traffic to sensitive tables. For example, the system monitors all: ment of security policies via Web console.
• Appliance-Based: Modular software suite, built on a
This is especially challenging for organizations that have expe- Guardium continuously monitors all database operations in
• Security exceptions such as SQL errors and failed logins. hardened Linux kernel, for rapid deployment via “black • Scalable: As the number of monitored servers or traffic
rienced mergers and acquisitions, or environments where Assessments are grouped into two broad categories: real-time, using patent-pending linguistic analysis to detect box” appliances (self-contained storage, preinstalled volume increases, simply add appliances to handle the
legacy systems have outlasted their original developers. Even unauthorized actions based on detailed contextual information • DDL commands such as Create/Drop/Alter Tables that
• Vulnerability and configuration tests check for vulnerabilities applications, built-in management). increased load. Patented, intelligent storage algorithms
in the best of cases, ongoing changes to application and data- – the “who, what, where, when, where and how” of each change database structures, which are particularly impor-
such as missing patches, misconfigured privileges and • Flexible Monitoring: Via lightweight host-based probes, provide 100x better storage efficiency than traditional
base structures – required to support new business require- SQL transaction. This unique approach minimizes false posi- tant for data governance regulations such as SOX.
default accounts. SPAN ports, network TAPs or any combination. flat file-based approaches.
ments – can easily invalidate static security policies and leave tives and negatives while providing an unprecedented level • SELECT queries, which are particularly important for data
sensitive data unknown and unprotected. • Behavioral tests identify vulnerabilities based on the ways • Infrastructure-Ready: Supports SNMP,SMTP, Syslog, • Tamper-Proof Audit Repository: Strong authentication
of control, unlike traditional approaches that only look for pre- privacy regulations such as PCI.
in which databases are being accessed and manipulated – LDAP, Kerberos, RSA SecurID®, change ticketing with no root access and encrypted archives.
defined patterns or signatures. • DML commands (Insert, Update, Delete) including bind
Organizations find it particularly difficult to: such as an excessive number of failed logins, clients exe- systems such as BMC Remedy, CEF and integration • Role-Based: Access to modules and data is controlled
variables.
cuting administrative commands, or after-hours logins – Baselining to detect anomalous behavior and with all major SIEM platforms. according to organizational roles.
• Map out all database servers containing sensitive informa- • DCL commands that control accounts, roles and permis-
by monitoring all database traffic in real-time. automate policy definition
tion and understand how it is being accessed from all sions (GRANT, REVOKE).
sources (line-of-business applications, batch processes, ad By creating a baseline and identifying both normal business
In addition to producing detailed reports with drill-down capa- • Procedural languages supported by each DBMS platform
hoc queries, application developers, administrators, etc.) processes and what appear to be abnormal activities, the
bilities, the assessment module generates a security health such as PL/SQL (Oracle) and SQL/PL (IBM).
system automatically suggests policies you can use to prevent
• Secure information and manage risk when the sensitivity report card with weighted metrics (based on best practices) European
attacks such as SQL injection. Custom policies can easily be • XML executed by the database. Data Centers
of stored information is unknown and recommends concrete action plans to strengthen data-
added via intuitive drop-down menus.
• Ensure compliance when it isn’t clear which information is base security. Best-in-Class Reporting
S-TAPs S-TAPs
subject to the terms of particular regulations Proactive, real-time security The Guardium solution includes more than 100 preconfig-
Configuration Lock-Down and Change Tracking
Guardium provides an arsenal of real-time controls for proac- ured policies and reports based on best practices and our S-TAPs
With Guardium, you use database auto-discovery and infor- Once you have implemented the recommended actions
tively responding to unauthorized or anomalous behaviors. experience working with Global 1000 companies, Big 4 Americas
mation classification to identify where confidential data is generated by the vulnerability assessment, you can now Remote Data Centers
Policy-based actions can include real-time security alerts auditors and assessors around the world. These reports help Locations
Internet Database
stored, and then use customizable classification labels to establish a secured configuration baseline. Using Guardium’s Firewall
(SMTP, SNMP, Syslog); blocking (via TCP reset or in-line data- address regulatory requirements such as SOX, PCI, and
automate enforcement of security policies that apply to change audit system (CAS), you can monitor any changes to S-TAPs
level firewall techniques); enable full logging; and custom data privacy laws, and streamline data governance and data
particular classes of sensitive objects. These policies ensure this baseline, and make sure that changes are not made out-
actions such as automated account lock-outs, VPN port shut- privacy initiatives. Customers,
that sensitive information is only viewed and/or changed by side of your authorized change control policies and processes. Partners,
Collector
downs and coordination with perimeter IDS/IPS systems. Outsourcers
S-TAPs Appliance
authorized users. In addition to prepackaged report templates, Guardium Z-TAPs

Monitor & Enforce• Tracking and resolving security incidents provides a graphical drag-and-drop interface for easily building
Sensitive data discovery can also be scheduled to execute on Master Aggregation Server &
Compliance regulations require organizations to demonstrate new reports or modifying existing reports. Reports can be auto- Collector Central Manager in HQ
a regular basis, in order to prevent the introduction of rogue Monitor and enforce policies for database security Appliance
that all incidents are recorded, analyzed, resolved in a timely matically e-mailed to users in PDF format (as attachments) or Asia Pacific
servers and ensure that no critical information is “forgotten.” and change control Data Centers
manner, and reported to management. Guardium provides a as links to HTML pages. They can also be viewed online via
Guardium provides granular, real-time policies to prevent business user interface and workflow automation for resolving the Web console interface, or exported to SIEM and other S-TAPs

Assess & Harden• unauthorized or suspicious actions by privileged database security incidents, along with a graphical dashboard for track- systems in standard formats.
accounts as well as attacks from rogue users or outsiders. ing key metrics such as number of open incidents, severity
Vulnerability, Configuration and Behavioral You can also identify application users that make unauthorized Compliance Workflow Automation Scalable Multi-Tier Architecture
levels, and length of time incidents have been open.
Assessment changes to databases via multi-tier applications that access Unique in the industry, Guardium’s Compliance Workflow
Guardium’s scalable architecture supports both large and small environments, with centralized aggregation and
normalization of audit data, and centralized management of security policies via a Web console – enterprise-wide.
Guardium’s database security assessment scans your entire databases via a common service account, such as Oracle Audit & Report• Automation application streamlines the entire compliance S-TAPs are lightweight, host-based probes that monitor all database traffic, including local access by privileged
database infrastructure for vulnerabilities and provides an EBS, PeopleSoft, Siebel, SAP and custom systems built on workflow process, helping to automate the process of audit users, and relay it to Guardium collector appliances for analysis and reporting. Collector appliances gather monitored
ongoing evaluation of your database security posture, using application servers such as IBM WebSphere, BEA WebLogic, Capturing a Granular Audit Trail report generation, distribution to key stakeholders, electronic data from S-TAPs and Z-TAPs (Z-TAPs are mainframe-resident probes) and/or by connecting directly to SPAN ports
both real-time and historical data. and Oracle AS. Guardium creates a continuous, fine-grained trail of all data- sign-offs, and escalations. in network switches. Aggregators automatically aggregate audit data from multiple collector appliances. For maximum
scalability and flexibility, you can configure multiple tiers of aggregators.
base activities which is contextually analyzed and filtered in
Discover & Classify• It provides a comprehensive library of preconfigured tests The solution can be managed by information security person- real-time to implement proactive controls and produce the Scalable for Your Enterprise•
based on industry best practices as well as platform-specific nel without requiring involvement by database administrators specific information required by auditors.
Automatically locates, classifies and secures vulnerabilities, which are updated on a regular basis via (DBAs). You can also define granular access policies that • Non-Invasive: 100% visibility into all database trans- • Multi-Tier: Unique in the industry, Guardium automati-
sensitive information Guardium’s subscription service. You can also define custom restrict access to specific tables based on OS login, IP or The resulting reports demonstrate compliance by providing actions – including local access by privileged users – cally aggregates and normalizes audit information – from
As organizations create and maintain an increasing volume tests to match specific requirements. The assessment module MAC address, source application, time-of-day, network protocol detailed visibility into all database activities such as failed without performance impact or database changes. multiple systems and locations – into a single centralized
of digital information, they are finding it harder and harder to also flags compliance-related vulnerabilities such as unautho- and type of SQL command. logins, escalation of privileges, schema changes, access • DBMS-Independent: Cross-platform solution that audit repository.
locate and classify sensitive information. rized access to reserved Oracle EBS and SAP tables for com- during off-hours or from unauthorized applications, and access does not rely on native logging or auditing. • Centralized Management: Enterprise-wide manage-
pliance with SOX and PCI-DSS. Continuous contextual analysis of all database traffic to sensitive tables. For example, the system monitors all: ment of security policies via Web console.
• Appliance-Based: Modular software suite, built on a
This is especially challenging for organizations that have expe- Guardium continuously monitors all database operations in
• Security exceptions such as SQL errors and failed logins. hardened Linux kernel, for rapid deployment via “black • Scalable: As the number of monitored servers or traffic
rienced mergers and acquisitions, or environments where Assessments are grouped into two broad categories: real-time, using patent-pending linguistic analysis to detect box” appliances (self-contained storage, preinstalled volume increases, simply add appliances to handle the
legacy systems have outlasted their original developers. Even unauthorized actions based on detailed contextual information • DDL commands such as Create/Drop/Alter Tables that
• Vulnerability and configuration tests check for vulnerabilities applications, built-in management). increased load. Patented, intelligent storage algorithms
in the best of cases, ongoing changes to application and data- – the “who, what, where, when, where and how” of each change database structures, which are particularly impor-
such as missing patches, misconfigured privileges and • Flexible Monitoring: Via lightweight host-based probes, provide 100x better storage efficiency than traditional
base structures – required to support new business require- SQL transaction. This unique approach minimizes false posi- tant for data governance regulations such as SOX.
default accounts. SPAN ports, network TAPs or any combination. flat file-based approaches.
ments – can easily invalidate static security policies and leave tives and negatives while providing an unprecedented level • SELECT queries, which are particularly important for data
sensitive data unknown and unprotected. • Behavioral tests identify vulnerabilities based on the ways • Infrastructure-Ready: Supports SNMP,SMTP, Syslog, • Tamper-Proof Audit Repository: Strong authentication
of control, unlike traditional approaches that only look for pre- privacy regulations such as PCI.
in which databases are being accessed and manipulated – LDAP, Kerberos, RSA SecurID®, change ticketing with no root access and encrypted archives.
defined patterns or signatures. • DML commands (Insert, Update, Delete) including bind
Organizations find it particularly difficult to: such as an excessive number of failed logins, clients exe- systems such as BMC Remedy, CEF and integration • Role-Based: Access to modules and data is controlled
variables.
cuting administrative commands, or after-hours logins – Baselining to detect anomalous behavior and with all major SIEM platforms. according to organizational roles.
• Map out all database servers containing sensitive informa- • DCL commands that control accounts, roles and permis-
by monitoring all database traffic in real-time. automate policy definition
tion and understand how it is being accessed from all sions (GRANT, REVOKE).
sources (line-of-business applications, batch processes, ad By creating a baseline and identifying both normal business
In addition to producing detailed reports with drill-down capa- • Procedural languages supported by each DBMS platform
hoc queries, application developers, administrators, etc.) processes and what appear to be abnormal activities, the
bilities, the assessment module generates a security health such as PL/SQL (Oracle) and SQL/PL (IBM).
system automatically suggests policies you can use to prevent
• Secure information and manage risk when the sensitivity report card with weighted metrics (based on best practices) European
attacks such as SQL injection. Custom policies can easily be • XML executed by the database. Data Centers
of stored information is unknown and recommends concrete action plans to strengthen data-
added via intuitive drop-down menus.
• Ensure compliance when it isn’t clear which information is base security. Best-in-Class Reporting
S-TAPs S-TAPs
subject to the terms of particular regulations Proactive, real-time security The Guardium solution includes more than 100 preconfig-
Configuration Lock-Down and Change Tracking
Guardium provides an arsenal of real-time controls for proac- ured policies and reports based on best practices and our S-TAPs
With Guardium, you use database auto-discovery and infor- Once you have implemented the recommended actions
tively responding to unauthorized or anomalous behaviors. experience working with Global 1000 companies, Big 4 Americas
mation classification to identify where confidential data is generated by the vulnerability assessment, you can now Remote Data Centers
Policy-based actions can include real-time security alerts auditors and assessors around the world. These reports help Locations
Internet Database
stored, and then use customizable classification labels to establish a secured configuration baseline. Using Guardium’s Firewall
(SMTP, SNMP, Syslog); blocking (via TCP reset or in-line data- address regulatory requirements such as SOX, PCI, and
automate enforcement of security policies that apply to change audit system (CAS), you can monitor any changes to S-TAPs
level firewall techniques); enable full logging; and custom data privacy laws, and streamline data governance and data
particular classes of sensitive objects. These policies ensure this baseline, and make sure that changes are not made out-
actions such as automated account lock-outs, VPN port shut- privacy initiatives. Customers,
that sensitive information is only viewed and/or changed by side of your authorized change control policies and processes. Partners,
Collector
downs and coordination with perimeter IDS/IPS systems. Outsourcers
S-TAPs Appliance
authorized users. In addition to prepackaged report templates, Guardium Z-TAPs

Monitor & Enforce• Tracking and resolving security incidents provides a graphical drag-and-drop interface for easily building
Sensitive data discovery can also be scheduled to execute on Master Aggregation Server &
Compliance regulations require organizations to demonstrate new reports or modifying existing reports. Reports can be auto- Collector Central Manager in HQ
a regular basis, in order to prevent the introduction of rogue Monitor and enforce policies for database security Appliance
that all incidents are recorded, analyzed, resolved in a timely matically e-mailed to users in PDF format (as attachments) or Asia Pacific
servers and ensure that no critical information is “forgotten.” and change control Data Centers
manner, and reported to management. Guardium provides a as links to HTML pages. They can also be viewed online via
Guardium provides granular, real-time policies to prevent business user interface and workflow automation for resolving the Web console interface, or exported to SIEM and other S-TAPs

Assess & Harden• unauthorized or suspicious actions by privileged database security incidents, along with a graphical dashboard for track- systems in standard formats.
accounts as well as attacks from rogue users or outsiders. ing key metrics such as number of open incidents, severity
Vulnerability, Configuration and Behavioral You can also identify application users that make unauthorized Compliance Workflow Automation Scalable Multi-Tier Architecture
levels, and length of time incidents have been open.
Assessment changes to databases via multi-tier applications that access Unique in the industry, Guardium’s Compliance Workflow
Guardium’s scalable architecture supports both large and small environments, with centralized aggregation and
normalization of audit data, and centralized management of security policies via a Web console – enterprise-wide.
Guardium’s database security assessment scans your entire databases via a common service account, such as Oracle Audit & Report• Automation application streamlines the entire compliance S-TAPs are lightweight, host-based probes that monitor all database traffic, including local access by privileged
database infrastructure for vulnerabilities and provides an EBS, PeopleSoft, Siebel, SAP and custom systems built on workflow process, helping to automate the process of audit users, and relay it to Guardium collector appliances for analysis and reporting. Collector appliances gather monitored
ongoing evaluation of your database security posture, using application servers such as IBM WebSphere, BEA WebLogic, Capturing a Granular Audit Trail report generation, distribution to key stakeholders, electronic data from S-TAPs and Z-TAPs (Z-TAPs are mainframe-resident probes) and/or by connecting directly to SPAN ports
both real-time and historical data. and Oracle AS. Guardium creates a continuous, fine-grained trail of all data- sign-offs, and escalations. in network switches. Aggregators automatically aggregate audit data from multiple collector appliances. For maximum
scalability and flexibility, you can configure multiple tiers of aggregators.
base activities which is contextually analyzed and filtered in
Discover & Classify• It provides a comprehensive library of preconfigured tests The solution can be managed by information security person- real-time to implement proactive controls and produce the Scalable for Your Enterprise•
based on industry best practices as well as platform-specific nel without requiring involvement by database administrators specific information required by auditors.
Automatically locates, classifies and secures vulnerabilities, which are updated on a regular basis via (DBAs). You can also define granular access policies that • Non-Invasive: 100% visibility into all database trans- • Multi-Tier: Unique in the industry, Guardium automati-
sensitive information Guardium’s subscription service. You can also define custom restrict access to specific tables based on OS login, IP or The resulting reports demonstrate compliance by providing actions – including local access by privileged users – cally aggregates and normalizes audit information – from
As organizations create and maintain an increasing volume tests to match specific requirements. The assessment module MAC address, source application, time-of-day, network protocol detailed visibility into all database activities such as failed without performance impact or database changes. multiple systems and locations – into a single centralized
of digital information, they are finding it harder and harder to also flags compliance-related vulnerabilities such as unautho- and type of SQL command. logins, escalation of privileges, schema changes, access • DBMS-Independent: Cross-platform solution that audit repository.
locate and classify sensitive information. rized access to reserved Oracle EBS and SAP tables for com- during off-hours or from unauthorized applications, and access does not rely on native logging or auditing. • Centralized Management: Enterprise-wide manage-
pliance with SOX and PCI-DSS. Continuous contextual analysis of all database traffic to sensitive tables. For example, the system monitors all: ment of security policies via Web console.
• Appliance-Based: Modular software suite, built on a
This is especially challenging for organizations that have expe- Guardium continuously monitors all database operations in
• Security exceptions such as SQL errors and failed logins. hardened Linux kernel, for rapid deployment via “black • Scalable: As the number of monitored servers or traffic
rienced mergers and acquisitions, or environments where Assessments are grouped into two broad categories: real-time, using patent-pending linguistic analysis to detect box” appliances (self-contained storage, preinstalled volume increases, simply add appliances to handle the
legacy systems have outlasted their original developers. Even unauthorized actions based on detailed contextual information • DDL commands such as Create/Drop/Alter Tables that
• Vulnerability and configuration tests check for vulnerabilities applications, built-in management). increased load. Patented, intelligent storage algorithms
in the best of cases, ongoing changes to application and data- – the “who, what, where, when, where and how” of each change database structures, which are particularly impor-
such as missing patches, misconfigured privileges and • Flexible Monitoring: Via lightweight host-based probes, provide 100x better storage efficiency than traditional
base structures – required to support new business require- SQL transaction. This unique approach minimizes false posi- tant for data governance regulations such as SOX.
default accounts. SPAN ports, network TAPs or any combination. flat file-based approaches.
ments – can easily invalidate static security policies and leave tives and negatives while providing an unprecedented level • SELECT queries, which are particularly important for data
sensitive data unknown and unprotected. • Behavioral tests identify vulnerabilities based on the ways • Infrastructure-Ready: Supports SNMP,SMTP, Syslog, • Tamper-Proof Audit Repository: Strong authentication
of control, unlike traditional approaches that only look for pre- privacy regulations such as PCI.
in which databases are being accessed and manipulated – LDAP, Kerberos, RSA SecurID®, change ticketing with no root access and encrypted archives.
defined patterns or signatures. • DML commands (Insert, Update, Delete) including bind
Organizations find it particularly difficult to: such as an excessive number of failed logins, clients exe- systems such as BMC Remedy, CEF and integration • Role-Based: Access to modules and data is controlled
variables.
cuting administrative commands, or after-hours logins – Baselining to detect anomalous behavior and with all major SIEM platforms. according to organizational roles.
• Map out all database servers containing sensitive informa- • DCL commands that control accounts, roles and permis-
by monitoring all database traffic in real-time. automate policy definition
tion and understand how it is being accessed from all sions (GRANT, REVOKE).
sources (line-of-business applications, batch processes, ad By creating a baseline and identifying both normal business
In addition to producing detailed reports with drill-down capa- • Procedural languages supported by each DBMS platform
hoc queries, application developers, administrators, etc.) processes and what appear to be abnormal activities, the
bilities, the assessment module generates a security health such as PL/SQL (Oracle) and SQL/PL (IBM).
system automatically suggests policies you can use to prevent
• Secure information and manage risk when the sensitivity report card with weighted metrics (based on best practices) European
attacks such as SQL injection. Custom policies can easily be • XML executed by the database. Data Centers
of stored information is unknown and recommends concrete action plans to strengthen data-
added via intuitive drop-down menus.
• Ensure compliance when it isn’t clear which information is base security. Best-in-Class Reporting
S-TAPs S-TAPs
subject to the terms of particular regulations Proactive, real-time security The Guardium solution includes more than 100 preconfig-
Configuration Lock-Down and Change Tracking
Guardium provides an arsenal of real-time controls for proac- ured policies and reports based on best practices and our S-TAPs
With Guardium, you use database auto-discovery and infor- Once you have implemented the recommended actions
tively responding to unauthorized or anomalous behaviors. experience working with Global 1000 companies, Big 4 Americas
mation classification to identify where confidential data is generated by the vulnerability assessment, you can now Remote Data Centers
Policy-based actions can include real-time security alerts auditors and assessors around the world. These reports help Locations
Internet Database
stored, and then use customizable classification labels to establish a secured configuration baseline. Using Guardium’s Firewall
(SMTP, SNMP, Syslog); blocking (via TCP reset or in-line data- address regulatory requirements such as SOX, PCI, and
automate enforcement of security policies that apply to change audit system (CAS), you can monitor any changes to S-TAPs
level firewall techniques); enable full logging; and custom data privacy laws, and streamline data governance and data
particular classes of sensitive objects. These policies ensure this baseline, and make sure that changes are not made out-
actions such as automated account lock-outs, VPN port shut- privacy initiatives. Customers,
that sensitive information is only viewed and/or changed by side of your authorized change control policies and processes. Partners,
Collector
downs and coordination with perimeter IDS/IPS systems. Outsourcers
S-TAPs Appliance
authorized users. In addition to prepackaged report templates, Guardium Z-TAPs

Monitor & Enforce• Tracking and resolving security incidents provides a graphical drag-and-drop interface for easily building
Sensitive data discovery can also be scheduled to execute on Master Aggregation Server &
Compliance regulations require organizations to demonstrate new reports or modifying existing reports. Reports can be auto- Collector Central Manager in HQ
a regular basis, in order to prevent the introduction of rogue Monitor and enforce policies for database security Appliance
that all incidents are recorded, analyzed, resolved in a timely matically e-mailed to users in PDF format (as attachments) or Asia Pacific
servers and ensure that no critical information is “forgotten.” and change control Data Centers
manner, and reported to management. Guardium provides a as links to HTML pages. They can also be viewed online via
Guardium provides granular, real-time policies to prevent business user interface and workflow automation for resolving the Web console interface, or exported to SIEM and other S-TAPs

Assess & Harden• unauthorized or suspicious actions by privileged database security incidents, along with a graphical dashboard for track- systems in standard formats.
accounts as well as attacks from rogue users or outsiders. ing key metrics such as number of open incidents, severity
Vulnerability, Configuration and Behavioral You can also identify application users that make unauthorized Compliance Workflow Automation Scalable Multi-Tier Architecture
levels, and length of time incidents have been open.
Assessment changes to databases via multi-tier applications that access Unique in the industry, Guardium’s Compliance Workflow
Guardium’s scalable architecture supports both large and small environments, with centralized aggregation and
normalization of audit data, and centralized management of security policies via a Web console – enterprise-wide.
Guardium’s database security assessment scans your entire databases via a common service account, such as Oracle Audit & Report• Automation application streamlines the entire compliance S-TAPs are lightweight, host-based probes that monitor all database traffic, including local access by privileged
database infrastructure for vulnerabilities and provides an EBS, PeopleSoft, Siebel, SAP and custom systems built on workflow process, helping to automate the process of audit users, and relay it to Guardium collector appliances for analysis and reporting. Collector appliances gather monitored
ongoing evaluation of your database security posture, using application servers such as IBM WebSphere, BEA WebLogic, Capturing a Granular Audit Trail report generation, distribution to key stakeholders, electronic data from S-TAPs and Z-TAPs (Z-TAPs are mainframe-resident probes) and/or by connecting directly to SPAN ports
both real-time and historical data. and Oracle AS. Guardium creates a continuous, fine-grained trail of all data- sign-offs, and escalations. in network switches. Aggregators automatically aggregate audit data from multiple collector appliances. For maximum
scalability and flexibility, you can configure multiple tiers of aggregators.
base activities which is contextually analyzed and filtered in
Unified Solution for Heterogeneous Environments• Application Monitoring
Guardium 7
Guardium identifies potential fraud by tracking activities of end-users who access critical Managing the Entire Database Security & Compliance Lifecycle•
Broad DBMS Platform Support
tables via multi-tier enterprise applications rather than direct access to the database. This
Guardium’s cross-platform solution supports all major DBMS platforms and protocols running is required because enterprise applications typically use an optimization mechanism called More Global 1000 organizations trust Guardium to secure At the same time, our solution optimizes operational
on all major operating systems (Windows, UNIX, Linux, z/OS): “connection pooling.” In a pooled environment, all user traffic is aggregated within a few their critical enterprise data than any other technology efficiency with a scalable, multi-tier architecture that auto-
database connections that are identified only by a generic application account name, thereby provider. The fact is, we provide the simplest, most robust mates and centralizes compliance controls across your entire
Supported Platform Supported Versions masking the identity of end-users. Guardium supports application monitoring for all major off- solution for safeguarding financial and ERP information, application and database infrastructure.
Oracle 8i, 9i, 10g, 11g the-shelf enterprise applications. Support for other applications, including in-house applications, customer and cardholder data, and intellectual property
Microsoft SQL Server 2000, 2005, 2008 is provided by monitoring transactions at the application server level. But as remarkable as this solution is for what it does, it’s
stored in your enterprise systems.
IBM DB2 UDB 8, 9 equally remarkable for what it doesn’t do. It has virtually
IBM DB2 for z/OS 7, 8 Our enterprise security platform prevents unauthorized zero impact on performance, does not require changes to
Supported Enterprise • Oracle E-Business Suite
IBM Informix 7, 8, 10, 11 or suspicious activities by privileged insiders and potential your databases, and does not rely on native database logs
Applications • PeopleSoft
Sybase ASE 12, 15 hackers. It also monitors potential fraud by end-users of or auditing utilities.
• Siebel
Sybase IQ 12.6 • JD Edwards enterprise applications such as Oracle E-Business Suite,
My SQL 4, 5 • SAP PeopleSoft, SAP, Business Objects and in-house systems.
Teradata 6 • Business Objects Web Intelligence

Supported Application • IBM WebSphere Unified Solution
Server Platforms • BEA WebLogic Built upon a single unified
Host-Based Monitoring • Oracle Application Server (AS) console and back-end data
Unique in the industry, S-TAPs are lightweight software probes that monitor both network • Microsoft .NET store, Guardium offers a
• JBoss Enterprise Application Platform family of integrated mod-
and local database protocols (shared memory, named pipes, etc.) at the OS level of the
ules for managing the
database server. S-TAPs minimize any effect on server performance by relaying all traffic to
entire database security
separate Guardium appliances for real-time analysis and reporting, rather than relying on the and compliance lifecycle.
database itself to process and store log data. S-TAPs are often preferred because they eliminate
the need for dedicated hardware appliances in remote locations or available SPAN ports in
your data center.
About Guardium•
S-TAP Support by OS Version Guardium, the database security company, delivers the most widely-used solution for ensuring
Windows NT, 2000, 2003 the integrity of enterprise information and preventing information leaks from the data center.
Solaris - SPARC 6, 8, 9,10
The company's enterprise security platform is now installed in more than 350 data centers
Solaris - Intel/AMD 10
worldwide, including more than 60 Global 500 and Fortune 1000 companies in all major
IBM AIX 5.1, 5.2, 5.3, 6.1
industries. Customers include 3 of the top 4 global banks; one of the world's largest PC
HP-UX 11.00, 11.11 Guardium 7 is the only solution that addresses the entire
manufacturers; a global soft drink brand; a top 3 global retailer; one of the top cardholder • Monitor and enforce policies for sensitive data access,
11.23, 11.31 PA database security and compliance lifecycle with a unified
brands worldwide; and a leading supplier of business intelligence software. privileged user actions, change control, application user
11.23, 11.31 IA64 Web console, back-end data store and workflow auto- activities and security exceptions such as failed logins
Red Hat Enterprise Linux 2, 3, 4, 5
Guardium has partnerships with Oracle, Microsoft, IBM, Sybase, BMC, EMC, RSA, Accenture, mation system, enabling you to: • Automate the entire compliance auditing process –
SUSE Linux Enterprise 9, 10 NetApp, McAfee, and NEON, with Cisco as a strategic investor, and is a member of IBM's including report distribution to oversight teams, sign-
Tru64 5.1A, 5.1B prestigious Data Governance Council and the PCI Security Standards Council. • Locate and classify sensitive information in corporate
offs and escalations – with pre-configured reports for
databases
SOX, PCI-DSS and data privacy
Founded in 2002, Guardium was the first company to address the core data security gap by • Assess database vulnerabilities and configuration flaws
delivering a scalable enterprise platform that both protects databases in real-time and automates • Create a single, centralized audit repository for
• Ensure configurations are locked down after recom- enterprise-wide compliance reporting, performance
the entire compliance auditing process.
mended changes are implemented optimization, investigations and forensics
• Provide 100% visibility and granularity into all data- • Easily scale from safeguarding a single database to
base transactions – across all platforms and protocols – protecting thousands of databases in distributed data
with a secure, tamper-proof audit trail that supports centers around the world
230 Third Avenue • Waltham, MA 02451 USA • T: +1 781 487 9400 • F: +1 781 487 7900 • www.guardium.com
separation of duties
Copyright © 2008 Guardium. All rights reserved. Information in this document is subject to change without notice. Guardium,
Safeguarding Databases, and S-TAP are trademarks of Guardium. All other trademarks and service marks are the property
of their respective owners. 70PB0408
Unified Solution for Heterogeneous Environments• Application Monitoring
Guardium 7
Guardium identifies potential fraud by tracking activities of end-users who access critical Managing the Entire Database Security & Compliance Lifecycle•
Broad DBMS Platform Support
tables via multi-tier enterprise applications rather than direct access to the database. This
Guardium’s cross-platform solution supports all major DBMS platforms and protocols running is required because enterprise applications typically use an optimization mechanism called More Global 1000 organizations trust Guardium to secure At the same time, our solution optimizes operational
on all major operating systems (Windows, UNIX, Linux, z/OS): “connection pooling.” In a pooled environment, all user traffic is aggregated within a few their critical enterprise data than any other technology efficiency with a scalable, multi-tier architecture that auto-
database connections that are identified only by a generic application account name, thereby provider. The fact is, we provide the simplest, most robust mates and centralizes compliance controls across your entire
Supported Platform Supported Versions masking the identity of end-users. Guardium supports application monitoring for all major off- solution for safeguarding financial and ERP information, application and database infrastructure.
Oracle 8i, 9i, 10g, 11g the-shelf enterprise applications. Support for other applications, including in-house applications, customer and cardholder data, and intellectual property
Microsoft SQL Server 2000, 2005, 2008 is provided by monitoring transactions at the application server level. But as remarkable as this solution is for what it does, it’s
stored in your enterprise systems.
IBM DB2 UDB 8, 9 equally remarkable for what it doesn’t do. It has virtually
IBM DB2 for z/OS 7, 8 Our enterprise security platform prevents unauthorized zero impact on performance, does not require changes to
Supported Enterprise • Oracle E-Business Suite
IBM Informix 7, 8, 10, 11 or suspicious activities by privileged insiders and potential your databases, and does not rely on native database logs
Applications • PeopleSoft
Sybase ASE 12, 15 hackers. It also monitors potential fraud by end-users of or auditing utilities.
• Siebel
Sybase IQ 12.6 • JD Edwards enterprise applications such as Oracle E-Business Suite,
My SQL 4, 5 • SAP PeopleSoft, SAP, Business Objects and in-house systems.
Teradata 6 • Business Objects Web Intelligence

Supported Application • IBM WebSphere Unified Solution
Server Platforms • BEA WebLogic Built upon a single unified
Host-Based Monitoring • Oracle Application Server (AS) console and back-end data
Unique in the industry, S-TAPs are lightweight software probes that monitor both network • Microsoft .NET store, Guardium offers a
• JBoss Enterprise Application Platform family of integrated mod-
and local database protocols (shared memory, named pipes, etc.) at the OS level of the
ules for managing the
database server. S-TAPs minimize any effect on server performance by relaying all traffic to
entire database security
separate Guardium appliances for real-time analysis and reporting, rather than relying on the and compliance lifecycle.
database itself to process and store log data. S-TAPs are often preferred because they eliminate
the need for dedicated hardware appliances in remote locations or available SPAN ports in
your data center.
About Guardium•
S-TAP Support by OS Version Guardium, the database security company, delivers the most widely-used solution for ensuring
Windows NT, 2000, 2003 the integrity of enterprise information and preventing information leaks from the data center.
Solaris - SPARC 6, 8, 9,10
The company's enterprise security platform is now installed in more than 350 data centers
Solaris - Intel/AMD 10
worldwide, including more than 60 Global 500 and Fortune 1000 companies in all major
IBM AIX 5.1, 5.2, 5.3, 6.1
industries. Customers include 3 of the top 4 global banks; one of the world's largest PC
HP-UX 11.00, 11.11 Guardium 7 is the only solution that addresses the entire
manufacturers; a global soft drink brand; a top 3 global retailer; one of the top cardholder • Monitor and enforce policies for sensitive data access,
11.23, 11.31 PA database security and compliance lifecycle with a unified
brands worldwide; and a leading supplier of business intelligence software. privileged user actions, change control, application user
11.23, 11.31 IA64 Web console, back-end data store and workflow auto- activities and security exceptions such as failed logins
Red Hat Enterprise Linux 2, 3, 4, 5
Guardium has partnerships with Oracle, Microsoft, IBM, Sybase, BMC, EMC, RSA, Accenture, mation system, enabling you to: • Automate the entire compliance auditing process –
SUSE Linux Enterprise 9, 10 NetApp, McAfee, and NEON, with Cisco as a strategic investor, and is a member of IBM's including report distribution to oversight teams, sign-
Tru64 5.1A, 5.1B prestigious Data Governance Council and the PCI Security Standards Council. • Locate and classify sensitive information in corporate
offs and escalations – with pre-configured reports for
databases
SOX, PCI-DSS and data privacy
Founded in 2002, Guardium was the first company to address the core data security gap by • Assess database vulnerabilities and configuration flaws
delivering a scalable enterprise platform that both protects databases in real-time and automates • Create a single, centralized audit repository for
• Ensure configurations are locked down after recom- enterprise-wide compliance reporting, performance
the entire compliance auditing process.
mended changes are implemented optimization, investigations and forensics
• Provide 100% visibility and granularity into all data- • Easily scale from safeguarding a single database to
base transactions – across all platforms and protocols – protecting thousands of databases in distributed data
with a secure, tamper-proof audit trail that supports centers around the world
230 Third Avenue • Waltham, MA 02451 USA • T: +1 781 487 9400 • F: +1 781 487 7900 • www.guardium.com
separation of duties
Copyright © 2008 Guardium. All rights reserved. Information in this document is subject to change without notice. Guardium,
Safeguarding Databases, and S-TAP are trademarks of Guardium. All other trademarks and service marks are the property
of their respective owners. 70PB0408