Automate compliance auditing and reporting, discover and classify data and data sources, monitor user activity and respond to threats in near real time

IBM Guardium® Data Protection is data security software in the Guardium family of IBM Security® products. It is comprehensive data protection software that guards on-premises and cloud data stores through features such as data activity monitoring and analytics, near real-time threat response workflows, and automated compliance auditing and reporting.

Data security for a cloud-driven world IBM Guardium Data Protection supports a modern, zero-trust approach to data security. No matter where your data resides you can have comprehensive security.

• Discover and classify sensitive data across major data repositories, from AWS, DBaaS, and unstructured data in files to on premise mainframes and structured data environments.
• Comprehensive activity monitoring and flexible deployment options for quick and intelligent response to advanced threats.
• Streamline and automate data compliance workflows using prebuilt templates for regulations including PCI DSS, SOX, HIPAA, GDPR, CCPA and many more.

Features

• **Dynamic risk assessment: **The Risk Spotter implements a dynamic risk assessment, which considers multiple risk factors, to identify risky users. Each user's overall risk score is calculated daily based on the audited data, which you can use to prioritize mitigating actions.
• **Active threat analytics: **The Active Threat Analytics dashboard shows potential security breach cases, based on an outlier mining process and identified attack symptoms. In this dashboard you can view and investigate cases, and also act on individual cases.
• **Smart assistant: **The Smart Assistant is a low-touch, guided, 4-step workflow feature. It helps you get up and running on compliance monitoring by defining custom policies, workflows and reports for global regulations such as PCI DSS, SOX, GDPR, CCPA, Basel, HIPAA and others.
• **Universal connector: **The Universal Connector is a lightweight open-source framework. It is used to develop plug-ins for Guardium to monitor cloud and on-premises data sources by using native audit logs. Customers and partners are encouraged to build their own plug-ins by using the Universal Connector framework.
• **Agentless or agent-based monitoring: **For agent-based monitoring, Guardium supports S-TAPs (installed at the data source) and External S-TAPs (installed inline for containerized and cloud data sources). Supported agentless options include Universal Connector plug-ins and cloud event streams (for example, AWS Kinesis and Azure Event Hubs).
• **Vulnerability assessment: **The IBM Guardium® Vulnerability Assessment scans data infrastructure such as databases, data warehouses and big data environments—both on premises and in the cloud—to detect vulnerabilities and suggest remedial actions based on benchmarks from STIG, CIS, CVE and other configurations.
• **Centralized, agile platform: **IBM Guardium Data Protection is built to scale seamlessly from one data source to tens of thousands with little to no impact on performance. To support this immense scalability and facilitate better management of load balancing, the platform automatically adapts to changes in the data center, an ideal feature when you need to support large deployments and frequent changes.

Benefits

• **Get faster compliance: **Preinstalled capabilities enable faster compliance and data security​. Compliance tagging, prebuilt policies, easy-to-use workflows and long-term data retention help speed time to value, so you can meet various compliance requirements such as PCI DSS, GDPR and CCPA in a shorter amount of time.
• **Centralize visibility and control: **A data protection strategy with centralized policy management and enforcement across hybrid multicloud environments helps organizations break down silos, accelerate response, and reduce risk to the business with actionable intelligence from a central location. 
• **Reduce noise to security operations centers: **Actionable, high-priority events are automatically shared with SIEM and SOAR solutions to reduce response times, remove the need for manual action and improve the quality of the data being analyzed, significantly reducing the cost of your SIEM.
• **Enforce security policies in near real time: **Enable your team to quickly discern and focus on the most significant threats with actionable intelligence. Quickly monitor security policies and sensitive data access control, privileged user actions, change control, application user activities and security exceptions for faster remediation.
• **Reduce costs and overhead​ with modernized infrastructure: **Containerized orchestration supports elastic scalability and flexible deployment options​. Evolve your data security as your data and IT infrastructure change and grow—while reducing costs.