IBM Security

Guardium Insights

Seller Enablement Presentation

Level 2

Matt Simons
Product Manager
IBM Security Guardium Insights
matt.simons@ibm.com

Javaid Rajmohamed
WW Technology Enablement
IBM Security
javaid@ibm.com
Before you start
this seller
presentation,
review the
client presentation

The client
presentation discusses:

– Market and challenges

– Data security point of view

– Offering description

– IBM’s value

Click arrow to download the client presentation →

Agenda – Understand
the opportunity
• Market landscape
– Understand the solution
and client needs
• Offering description
• Analyst report • How it works
• Use case examples
– Understand the client • Pricing
• Target organizations
• Tactical entry points – Understand
• Buyers and influencers the competition
• Competitive
landscape
• Differentiators

– Key contacts
and resources
Understand the
Opportunity
and Competition

Covered in this section:

– Market trends and opportunity
– Analyst report
Market opportunity Key value

Data security market Risk

– Secure and protect high-value data stores
opportunity snapshot – Identify risk and provide prompt remediation

Compliance
– Enforce governance policies consistently
– Demonstrate compliance
– Lower costs and effort with no impact on business processes

Protection
– Protect sensitive data dynamically, on-premises and in the cloud,
Market opportunity Market CAGR from unauthorized access, theft, or changes
– Enable digital transformation by providing consistent protection as

$3.9 B 14%
the data environment evolves
KuppingerCole Key findings: OVERALL

LEADER
2023 Leadership

FOLLWER
IBM retains overall leadership
Compass:
MICROSOFT SECUPI
DATASUNRIS E IMPERVA
AXIOMATICS ORACLE

in all categories from last

Database and
DELPHIX IBM
AWS THALES

year’s report COMFORTE

– Market Leader
Big Data security – Product Leader CHALLENGER
– Innovation Leader Figure 1: The Overall Leadership rating for the Database and Big Data Security market segment

“IBM Security Guardium is a IBM graded full marks

data security platform that in each dimension:
provides a full range of data – Security
discovery, classification, – Functionality
entitlement reporting, near – Interoperability
real-time activity monitoring, – Usability
and data security analytics – Deployment
across different environments,
which has led us to recognize
IBM as the Product Leader.”

KuppingerCole Leadership Compass →

Data security
that creates value

The Total Economic Impact™

of IBM Security Guardium →

“I believe IBM Security Guardium does increase

our resistance to breaches. It gives us more
accountability and helps perform any kind of
breach investigation efficiently. It even would
help us be aware of a data breach, whereas
before we might get billing for six months and
never know it. I think it helps quickly resolve
any breach that might happen.”

IT security infrastructure engineer,

energy and utilities
IBM Security
Guardium Insights Update

Update :

• Guardium Insights now available as

Software-as-a-Service

• Acquisition of Polar Security (DSPM)

Guardium Insights SaaS
Essential and Standard editions provide novice
users with a guided experience
to help accelerate compliance and reporting

Gain guidance Improve visibility

Jumpstart your compliance Quickly begin monitoring CCPA
journey with clear milestones data in cloud environments, so
using guided compliance you can show auditors you know
workflow what’s happening
Establish control Create reports
Rely on a pre-built processes Use pre-built templates
to guide setting up compliance to quickly create reports
policies and access controls for stakeholders and auditors Available as SaaS

Essentials Standard Advanced

Prioritize risk
Compliance Compliance + Compliance +
Standard Edition customers can use risk-
Starter Security Advanced Security
based insights to start understanding (Risk and Threat)
threats and expand beyond compliance
GI SaaS personas

Jack, the IT administrator Scott, the data security administrator

Responsibilities: Responsibilities:
• Manage data security for his small or medium enterprise • Maintain the data security infrastructure in his medium or large enterprise
• Set up compliance programs to adhere to relevant regulations • Understand and manage the data security posture
• Other IT tasks • Use a risk-based approach to investigate anomalies
• Support compliance initiatives

Characteristics:
• Will spend approximately 20% of his time managing data security Characteristics:
• Doesn’t have a database background • Data security is his full-time job
• No experience setting up compliance programs and is unsure what the right steps are • Familiarity with databases and SQL
• Finds existing tools too complex and flexible • Takes advantage of advanced integration features for detection and response

Target Offerings: Target Offerings:

• Guardium Insights SaaS Essentials Edition • Guardium Insights SaaS Advanced Edition
• Guardium Insights SaaS Standard Edition

10
Multiple editions

Essentials Edition Standard Edition Advanced Edition

For whom • Jack • Jack • Scott

• Compliance
• Compliance
Use case • Compliance • Risk analytics
• Starter security
• Threat

• 1 Guided compliance journey • Guided compliance journeys

Capabilities • Automated reporting • Reporting & auditing • Full GI experience
• Audit trails • DIY reporting flexibility

• 2.5k-10k FTE • 10k+ FTE

Target buyers • 1k-2.5k FTE
• Retail, Comm/CSI, Distr. • GDP/GBDI base

• Marketplace • Upgrades from Essentials • Upgrades from Standard (land and expand)
RTM • Digital • Digital (w/DSRs) • Channel
• Channel • Channel • Direct

Security
Compliance

Easy checkbox compliance, Checkbox compliance with a desire Full Guardium Insights
no security goals to start down the data security path experience in SaaS
11
IBM Security Guardium Insights
SaaS DSPM

Cloud Data Visibility

Helping clients see, follow, Discover shadow data that is
rapidly expanding in the cloud
and protect their cloud data Powerful and frictionless way to find data that sprawls within
cloud providers and SaaS apps

Cloud Data Movement

Analyze potential and actual flow
of data in and across the cloud
Helps determine if data controls and policies produce
intended user and app entitlements

Cloud Data Protection

Uncover vulnerabilities in data and compliance controls and
posture
Risk-based prioritization of data vulnerabilities
and remediation recommendations
The problem

Data is exploding in the cloud

As a result, organizations are challenged by:

Lack of Visibility Data Flow & Entitlement

- Where is my data? - How is data being accessed?
- Is it sensitive or regulated? - How can it potentially flow?
- What resides in this data? - Is it properly entitled?

Data Vulnerabilities
- Are my data controls sufficient?
- Is data being exposed due to posture issues?
- How do I prioritize and remediate these vulnerabilities?
DSPM differentiates itself in Cloud Data Security
Cloud stack Data flow Easy to deploy with
support and lineage quick time-to-value

Supports major cloud Unique ability to map both Cloud-native and simple user
providers (e.g., AWS, Azure, potential and actual flows of experience means customers are
Google Cloud Platform), and data, allowing the customer up-and-running quickly. With
also SaaS applications to not only see what policy only the need for enterprise-level
(e.g., Slack) and data lake and configuration would cloud credentials, Polar Security
services (e.g., Snowflake), allow, but also what is begins crawling cloud accounts
providing superior coverage actually occurring within minutes of deployment
IBM Security Guardium Insights DSPM
Quick and easy Automated data Data movements Continuous
deployment inventory and access monitoring
No agents needed. Deploying Automate discovery and
Track potential and actual Detect data security
minimum cloud assets in your classification of cloud data in
data movement based on vulnerabilities and potential
cloud workload, having Zero- your Cloud workloads or
access and permissions compliance violations
performance impact for your SaaS applications
critical business applications
Deployment architecture
Fast and automated Data residency
DSPM takes only minutes The DSPM Analyzer ensures data remains resident in the
to provision, with insights customer’s cloud, while only metadata is retrieved;
beginning within hours of Analyzers are deployed regionally to ensure geographic
data discovery sovereignty of data

Customer Cloud Accounts

Log Ingestion Role Cloud logs

Collects log data across various DSPM Analyzer Role
hybrid cloud environments
Used for data classification

Cross Account Role DSPM Analyzer Data stores

Ingests metadata only about data Containerized and automated
discovered in the environment gateway
Rubber meets the road
Risks Risks
Publicly facing PCI records in AWS GDPR Data Transfer Violation
Full transaction information (CC, Name, CVV, Data flow discovered allowing PII
what was ordered, etc.) found in a forgotten web server from EU to India

Risks Risks
PII in OneDrive exposed to 3rd party PII leaked from Production to Development
PII and IP data copied from OneDrive to S3 which had Database with PII was leaked from a production
a data flow exposed to a 3rd party account to a development account

Risks Risks
Plaintext Passwords in Slack Publicly facing PII in Postman
AWS tokens and plaintext passwords were API development environment was publicly facing
found in a shared slack channel with thousands of driver licenses and passwords
Better together
As a part of the GI SaaS platform, DSPM is powered by the GI
SaaS platform and leverages some of GI SaaS capabilities:
• Tenant creation (including AWS marketplace*)

• User management & Role assignment

• Subscription and billing

18

This integration can be beneficial for new, as well as

existing, GI SaaS customers
• New customers: DSPM can be a "foot in the door" for new customers that would
then expand to include one of the monitoring editions of GI SaaS when they
already have more knowledge on what data stores hold the most sensitive data
that needs monitoring

• Existing customers: DSPM can be an add-on for existing customers, showing

them more on their cloud provider accounts or adding more context when
adding SaaS applications

*AWS Marketplace coming 1H24

Sample use cases – Land & Expand

DSPM customer wants to add monitoring Monitoring customer wants to add DSPM

Problem Problem
I installed DSPM and found 10 super I am monitoring 50 databases with
sensitive data stores that needs advanced 19 Advanced Edition but I'm concerned there's
monitoring more out there I don't know about

Solution Solution
Add-on GI SaaS monitoring for these Add DSPM (as an independent component) to
specific 10 data stores to get the bigger scan your cloud accounts and locate shadow
advantage of GI SaaS data and hidden sensitive objects
DSPM Learning more & next steps

Get enabled on DSPM Opportunity Qualification / Lead Passing: How to earn money:

Seismic Page Slack Channel: Polar special incentive

#polar-sales-ama program. Payout is 15% of ACV
Polar website on Security Workspace per deal on Polar- and, once
GAed, also on IBM paper!
IBM Focal Points:
Ian Wight - Ianw@ibm.com See details on Incentive
Ww Data Security Sales Leader Workplace once published.

Sally Fabian - sefabian@us.ibm.com

Ww Technical Sales, IBM Security

Nick Gibson - gibsonn@uk.ibm.com

Polar Integration Executive
Understand
the Client
Covered in this section:
– Target buyers
– Target organizations
Target Existing New Insights- New Guardium clients
organizations, Guardium clients only clients requiring GDP + GI
entry points,
value to clients
– Amplify existing Guardium investment – Create and manage custom compliance – Support for the end-to-end data security
Risk-based scoring and analysis to help policies to explicitly define what audit lifecycle
prioritize and investigate threats data is collected – Extensive data protection capabilities—
– Direct streaming of security and audit – Automatically detect and alert when encryption,
data from DBaaS sources compliance rules are or are not being met masking, tokenization, and
– Open integration with IBM Cloud Pak for – Leverage advanced analytics to detect, key lifecycle management
Security and other security and IT tools analyze, and score risks – Robust vulnerability
to boost collaboration – Connect to DBaaS and on-premises assessment to detect misconfigurations
– Long-term data retention to enrich sources and sources supported by open- and other database and user
investigations and source Universal Connector vulnerabilities
support compliance – Retain audit and security data for years to – Real-time monitoring, data discovery, and
– Custom compliance meet compliance and enrich classification across on-premises and
policy creation investigations DBaaS sources
– Health dashboards to stay aware of – Generate pre-built and custom reports in
collector health seconds, visualize data graphically, and
– Prebuilt and custom reports generated in share with stakeholders
seconds with the ability to graphically – Open a ticket, block suspicious users, and
visualize data integrate with security tools to share
event data and orchestrate a response

– *all other capabilities defined in previous

columns
Target buyers

Senior Security or IT End users,

executive Junior executive practitioners

Primarily the influencers These middle tier executives Key influencers and validators
in a large organizations but are the most frequent buyers of the technology during the
can be the buyer in a small of the technology but can also buying process
to medium enterprise influence a purchase – Database Administrator,
– CIO/CISO – SVP / VP of IT Database Manager
– CCO/CGO/CPO/CRO – SVP / VP of Security – Data Security Administrator
– CTO/CDO – Compliance or Risk Manager – IT Manager
– CEO/President – Security Analyst
(commercial clients)
IBM Security For Guardium Data For cloud-first For organizations
Guardium Insights Protection customers organizations new to Guardium
(Amazon Web Service
Kinesis or Azure)

Note to seller: There are three

navigator slides shown below
that describe a specific client
use case or entry point for
Insights super-charges GDP Selling Guardium Selling “IBM Security
Guardium Insights. Click on the
capabilities and reduces Insights without Guardium” (GDP + GI
relevant slide to learn how to
overall TCO the need for GDP under the hood)
pitch Guardium Insights for
that customer segment. Only
one section should be used
when presenting in an actual
client setting
Business priorities Users and Endpoints Applications and Data Infrastructure
are driving digital
transformation

... the resulting Accessing from anywhere Data is a shared resource Servers and networks distributed
using any device for users and applications across hybrid cloud environments
complexity degrades
security and trust
Zero trust offers a
framework for securing
through the complexity

...but without context of how

or where to apply it, most
frameworks become just a
checklist of investments
Zero trust offers a
framework for securing
through the complexity

...but without context of how

or where to apply it, most
frameworks become just a
checklist of investments

Security remains siloed,

lacking visibility and context,
and not setup to drive
business outcomes
IBM delivers zero trust expertise, integrated products
and services on an extended partner ecosystem

Align
your security Assess | Prioritize | Plan
strategy to
your business
IBM Security Zero Trust Acceleration Services | IBM Security Risk Quantification Services

Protect IBM Security Implementation, Integration, and Managed Services Manage

digital users, defenses against
assets, and data growing threats

Enforcement Detection and response

– Access controls IBM Security Verify – Threat visibility
– Risk scoring – Detection
– Policy orchestration – Investigation
– Response

Insights IBM Cloud Pak for Security

– Resource visibility IBM Security Guardium
– Risk assessment
– Compliance

Modernize
your security with Open collaboration | Unify tools and connect data | Take action quickly with AI-infused analytics
an open, hybrid IBM Cloud Pak for Security
cloud platform
Data and tool sprawl
create security challenges

Data security teams need help… Industry

Hybrid multicloud
regulations
data & infrastructure
– Discovering sensitive data
and centralizing data security Data Audit &
Data
retention
across diverse cloud and privacy compliance

on-premises environments

– Complying with current and

future data regulations such as
GDPR, CCPA, SOX, HIPAA, Data
analytics
Data
or others Protection

Vulnerability
– Responding to threats more Management
Reporting
efficiently across security teams
to boost collaboration and Threat detection
& remediation
reduce alert fatigue
What problems are
you facing today?

Data security teams need help… How do you know where sensitive data
lives in your organization?
– Discovering sensitive data
and centralizing data security
How do you know how data is utilized
across diverse cloud and
on-premises environments
across all of your data sources?

– Complying with current and

future data regulations such as
GDPR, CCPA, SOX, HIPAA,
or others

– Responding to threats more

efficiently across security teams
to boost collaboration and
reduce alert fatigue
What problems are
you facing today?

Data security teams need help… How do you meet compliance and
privacy regulations?
– Discovering sensitive data
and centralizing data security
How do you communicate between
across diverse cloud and
on-premises environments
security and compliance teams today?

– Complying with current and

future data regulations such as
GDPR, CCPA, SOX, HIPAA,
or others

– Responding to threats more

efficiently across security teams
to boost collaboration and
reduce alert fatigue
What problems are
you facing today?

Data security teams need help… How do you identify risky users and
control data access?
– Discovering sensitive data
and centralizing data security
How do you respond to an insider
across diverse cloud and
on-premises environments
threat today?

– Complying with current and

future data regulations such as
GDPR, CCPA, SOX, HIPAA,
or others

– Responding to threats more

efficiently across security teams
to boost collaboration and
reduce alert fatigue
IBM Security Guardium
A modern and comprehensive
data security hub for safeguarding
your critical data

Modern Data Adaptive Connected Intelligent

Security To help future-proof your To break down silos To empower users
data security program while and reduce the risk to make smarter decisions
reducing costs to the business using advanced analytics
Data and tool sprawl
create security challenges

But why do you even need data security?

– “I encrypt all of my data, and that’s enough.”

– “We have the data monitoring and logging tools

that came with our cloud subscription.”

– “We have a SIEM, and that does enough.”

– “Data governance belongs to the data owners in

other departments. Not my problem.”

– “We’re in an unregulated industry. We don’t

need to do anything.”
Data and tool sprawl
create security challenges

But why do you even need data security? Encryption is a powerful tool but not
enough to ensure critical assets are
– “I encrypt all of my data, and that’s enough.” protected from attacks or exposure
– “We have the data monitoring and logging tools
that came with our cloud subscription.”

– “We have a SIEM, and that does enough.”

– “Data governance belongs to the data owners in

other departments. Not my problem.”

– “We’re in an unregulated industry. We don’t

need to do anything.”
Data and tool sprawl
create security challenges

But why do you even need data security? Many cloud monitoring tools lack risk
analytics and lead to fragmented
– “I encrypt all of my data, and that’s enough.” visibility if multiple cloud vendors
are in one environment
– “We have the data monitoring and logging tools
that came with our cloud subscription.”

– “We have a SIEM, and that does enough.”

– “Data governance belongs to the data owners in

other departments. Not my problem.”

– “We’re in an unregulated industry. We don’t

need to do anything.”
Data and tool sprawl
create security challenges

But why do you even need data security? The SIEM does not provide visibility into
activity at the database level and can
– “I encrypt all of my data, and that’s enough.” become overloaded with excess event
noise, slowing threat response times
– “We have the data monitoring and logging tools
that came with our cloud subscription.”

– “We have a SIEM, and that does enough.”

– “Data governance belongs to the data owners in

other departments. Not my problem.”

– “We’re in an unregulated industry. We don’t

need to do anything.”
Data and tool sprawl
create security challenges

But why do you even need data security? While it is important for data
responsibility to be shared, security is
– “I encrypt all of my data, and that’s enough.” typically the first to blame for a breach—
not a careless line of business owner
– “We have the data monitoring and logging tools
that came with our cloud subscription.”

– “We have a SIEM, and that does enough.”

– “Data governance belongs to the data owners in

other departments. Not my problem.”

– “We’re in an unregulated industry. We don’t

need to do anything.”
Data and tool sprawl
create security challenges

But why do you even need data security? Even in an unregulated industry,
customers expect responsibility data
– “I encrypt all of my data, and that’s enough.” handling—and business-to-business
customers still present third-party risk
– “We have the data monitoring and logging tools
that came with our cloud subscription.”
if data is shared

– “We have a SIEM, and that does enough.”

– “Data governance belongs to the data owners in

other departments. Not my problem.”

– “We’re in an unregulated industry. We don’t

need to do anything.”
Data and tool sprawl
create security challenges

But why do you even need data security? Do you have other concerns?
– “I encrypt all of my data, and that’s enough.”

– “We have the data monitoring and logging tools

that came with our cloud subscription.”

– “We have a SIEM, and that does enough.”

– “Data governance belongs to the data owners in

other departments. Not my problem.”

– “We’re in an unregulated industry. We don’t

need to do anything.”
IBM Security Guardium
Insights to supercharge
your Guardium investment
Adaptive

Flexibly deploy.
Flexibly monitor. Maintain oversight of your data security deployment
Health dashboards to understand the health of
Guardium Data Protection central managers and agents

Enhance your Gain visibility only into the data you care about

Guardium power.
Fully customizable monitoring dashboards tailor the
user interface to customers’ unique data security needs

Data security that’s deployable anywhere

Red Hat OpenShift architecture means flexible deployment—
on-premises, in the cloud (Azure, AWS)—to extend and scale

Simplify connections and monitor all data sources

Go agentless, connect to Guardium agents, and use Guardium
Universal Connector framework to streamline monitoring
Connected

Automate cloud
compliance and
streamline data
Automate to meet and maintain compliance
Define what and how monitoring data is collected with
compliance policy creation, and result-set policy

communication Keep auditors happy, and stakeholders notified

Specify data security tasks to streamline and take control of the
full audit lifecycle, import and export data (IBM Security Discover
and Classify, GBDI), and generate and share custom and prebuilt
reports in seconds

Query and respond to the alerts that really matter

Send contextual, actionable insights to the SOC (IBM Cloud Pak
for Security, IBM Security SOAR), SIEM (Splunk via SplunkBase
App, QRadar), and other critical tools
Intelligent

Retain, train, and

get greater context
around threats
Retain data for years to comply and streamline
Long-term data retention stores audit and event data for years
to meet regulations, feed analytics, and help cut collector costs

and vulnerabilities Get to the root of the issue faster

Use predictive dynamic user behavior analytics at the data
source level to identify, analyze, and score anomalies

Ingest contextual data to enhance risk insights

Integration with IBM Security Verify Privilege and Guardium
Vulnerability Assessment enriches analytics with insights into
risky privileged users and data source vulnerabilities

IBM Security Discover and Classify (1touch.io)

Gain greater understanding of where sensitive data lives and
moves with advanced discovery and classification
Adaptable for the
hybrid multicloud

Guardium Insights and Guardium

Data Protection deliver flexibility
through choice:

— Agent-based monitoring embedded in

your data sources for real-time insight
into highly sensitive data

— Agentless monitoring to quickly deploy

and begin streaming audit and
compliance data directly from
data sources

— Any major data source can be supported

natively or with the Guardium Universal
Connector framework
Guardium Insights
supercharges your
Guardium investment

Cut down on costly collectors Reduce the hours needed for Decrease data storage costs Minimize the need for
with long-term data storage to full time employees to run with contextual analytics, aggregators, freeing up
quickly and cost-effectively audits and reports sending less, but more computing resources
meet compliance actionable event data to
the SIEM
Protect cloud data
with IBM Security
Guardium Insights
With all this in mind, Consolidate audit data Better contextualize Create an audit process
let’s talk about… and activity from many user data interactions, so teammates and
types of data sources understanding which stakeholders can
Define compliance policy users are accessing quickly receive and sign
around monitoring and which data sources off on recurring reports
suspicious behaviour and why

Scott
Data security specialist

Rubi
Compliance specialist
After performing poorly Consolidate audit data Better contextualize Create an audit process
at an audit, Scott and and activity from many user data interactions, so teammates and
Rubi need to create a types of data sources understanding which stakeholders can
plan to support Define compliance policy users are accessing quickly receive and sign
compliance reporting
around monitoring and which data sources off on recurring reports
suspicious behaviour and why
With limited data
security tooling
currently, Scott
struggles to…
After performing poorly Consolidate audit data Better contextualize Create an audit process
at an audit, Scott and and activity from many user data interactions, so teammates and
Rubi need to create a types of data sources understanding which stakeholders can
plan to support Define compliance policy users are accessing quickly receive and sign
compliance reporting
around monitoring and which data sources off on recurring reports
suspicious behaviour and why
With limited data
security tooling
currently, Scott
struggles to…
After performing poorly Consolidate audit data Better contextualize Create an audit process
at an audit, Scott and and activity from many user data interactions, so teammates and
Rubi need to create a types of data sources understanding which stakeholders can
plan to support Define compliance policy users are accessing quickly receive and sign
compliance reporting
around monitoring and which data sources off on recurring reports
suspicious behaviour and why
With limited data
security tooling
currently, Scott
struggles to…
How do you discover
and protect sensitive
data across multiple
data sources?
Retain data for years to inform and comply
Long-term data retention stores audit and event data for years
to meet regulations and feed analytics

Gain visibility only into the data you care about

Fully customizable monitoring dashboards tailor the user
interface to customers’ unique data security needs

IBM Security Discover and Classify (1touch.io)

Gain greater understanding of where sensitive data lives and
moves with advanced discovery and classification
How do I meet
compliance goals
and streamline the
reporting process?
Automate to meet and maintain compliance
Define what and how monitoring data is collected with
compliance policy creation, and result-set policy

Keep auditors happy, and stakeholders notified

Specify data security tasks to streamline and take control of the
full audit lifecycle, import and export data (IBM Security Discover
and Classify, GBDI), and generate and share custom and prebuilt
reports in seconds
How do I identify
insider threats and
make sure stakeholders
are aware?
Get to the root of the issue faster
Use predictive dynamic user behavior analytics at the data
source level to identify, analyze, and score anomalies

Query and respond to alerts that really matter

Send contextual, actionable insights to the SOC (IBM Cloud Pak
for Security, IBM Security SOAR), SIEM (Splunk via SplunkBase
App, QRadar), and other critical tools
How do I reduce
my total cost of
ownership while
meeting audit
requirements?
Data security that’s deployable anywhere
Containerized architecture means flexible deployment—
on-premises and in the cloud (Azure, AWS)

Simplify connections and monitoring

Streamline monitoring with agentless support for Azure, AWS,
Snowflake and more—natively and with the Guardium Universal
Connector framework
Adaptable for the
hybrid multicloud

Modern data security means

adaptability as your environment
and requirements change:

— Agentless monitoring to quickly

deploy and begin reporting on
cloud data sources without the
need to install an agent

— Support for any major cloud

source natively or with the
Universal Connector*

— Deploy anywhere and scale at-will

The benefits of modern
data security with
Guardium Insights

Automation and pre-built Pre-built compliance Reduce the cost of your SIEM Monitor modern and traditional
integrations help clients templates mean security team by only sharing relevant, data sources in a lightweight,
cost-effectively support don’t have to be experts in data high-risk data security agentless way to support
compliance requirements security to get started on the monitoring events that audit requirements
audit journey are more actionable
IBM Security Guardium
A modernized, end-to-end
data security platform
Adaptive

Flexibly deploy.
Flexibly monitor. Maintain oversight of your data security deployment
Health dashboards to understand the health of Guardium Data
Protection central managers and agents

Strengthen your Gain visibility only into the data you care about
Fully customizable monitoring dashboards tailor the user
interface to customers’ unique data security needs

data security. Data security that’s deployable anywhere

Red Hat OpenShift architecture means flexible deployment—
on-premises, in the cloud (Azure, AWS)—to extend and scale

Simplify connections and monitor all data sources

Go agentless, connect to Guardium agents, and use Guardium
Universal Connector framework to streamline monitoring
Connected

Open new lines of

data security and Automate to meet and maintain compliance

compliance Define what and how monitoring data is collected with

compliance policy creation, and result-set policy

communication Keep auditors happy, and stakeholders notified

Specify data security tasks to streamline and take control of the
full audit lifecycle, import and export data (IBM Security Discover
and Classify, GBDI), and generate and share custom and prebuilt
reports in seconds

Query and respond to the alerts that really matter

Send contextual, actionable insights to the SOC (IBM Cloud Pak
for Security, IBM Security SOAR), SIEM (Splunk via SplunkBase
App, QRadar), and other critical tools
Intelligent

Get context where

it counts, ensuring Retain data for years to comply and streamline

your first response Long-term data retention stores audit and event data for years
to meet regulations, feed analytics, and help cut collector costs

is the right one Get to the root of the issue faster

Use predictive dynamic user behavior analytics at the data
source level to identify, analyze, and score anomalies

Ingest contextual data to enhance risk insights

Integration with IBM Security Verify Privilege and Guardium
Vulnerability Assessment enriches analytics with insights into
risky privileged users and data source vulnerabilities

IBM Security Discover and Classify (1touch.io)

Gain greater understanding of where sensitive data lives and
moves with advanced discovery and classification
Use case across data security and SOC teams
Mitigate against insider threats

Investigate Determine Apply policies

data sets business risk & configurations

Traditional approach
Incident of Correlate Remediate risk Close issue Manual process across siloed views
compromise user data across silos and store audit &
Takes days or weeks to complete
compliance data

Automatically Execute automated

generate ticket enrichment and
remediation actions

Incident of Issue is closed

compromise and audit data with Guardium Insights
Review
is retained An enriched and integrated approach
suggested
automatically Complete in minutes or hours
remediation
Data security in an integrated platform

Guardium Insights with IBM Cloud Pak for Security, an open

multi-cloud approach to unify security insights and response

Modular security capabilities

Threat Data Identity & Access Open Security

Management Security Management Ecosystem

Platform services
– Data connections – Case management – Automation
– Asset enrichment – Orchestration – Development tools

Open and integrated hybrid multicloud platform

On premise Hybrid Cloud Multicloud

What customers say about
IBM Security Guardium

360° visibility All-inclusive Effortless scalability Peace of mind

“Guardium is a huge product “We can take advantage “Our old solution did not scale “Because we are using
for us to utilize… prior to of that built-in as well. Now, we add more Guardium and it’s
having that, there was a lot of functionality to give databases and the same monitoring 24x7,
mystery around what was us a faster start, size team can absorb that I sleep a lot better
happening with our data. without having to into their daily workload, at night—and
What we’ve gained is a view build up things without us having to hire so does my
into where our data’s going from scratch.” new people.” management team.”
and what it’s being used for”
Vice president, Data security engineer,
Senior governance specialist,
cyber security management, insurance provider
IT security domain architect, insurance company
financial services institution
insurance provider
End-to-end data security services
to accelerate your journey toward
smarter data security

Data Discovery Classification Protection Monitoring Remediation

A continuous approach to achieve data security and compliance

Regulatory Compliance

One 50+ 50+ 2,800

Seamless global delivery and Global team of advisors across Certifications with Worldwide Managed Security
support team fifty countries from a security- strategic advisors for Services experts with
certified talent pool consultancy services 400+ T1 triage and
T2 investigation analysts
Why customers
choose IBM
Security Guardium
Smarter data Quicker Reduced cost
Insights
threat response compliance of ownership
AI-based analytics proactively Custom compliance policy, audit Easy to use, deploy, and adapt
hunt and score data threats, workflows, and reporting — to the hybrid multicloud —
and contextual insights can be as well as long-term data and to connect to an open
shared across teams to storage — help meet compliance ecosystem of 3rd party security
orchestrate response goals faster tools, data, and clouds
Get 01 02 03
started
today Learn more
about Guardium →
Take the
Zero Trust maturity
See Guardium
Insights in action →
assessment →
Thank you
© Copyright IBM Corporation 2021. All rights
reserved. The information contained in these
materials is provided for informational purposes only,
and is provided AS IS without warranty, of any kind,
express or implied. Any statement of direction
represents IBM’s current intent, is subject to change
or withdrawal, and represent only goals and
objectives. IBM, the IBM logo, and other IBM products
and services are trademarks of the International
Business Machines Corporation, in the United States,
Follow us on: other countries or both. Other company, product, or
service names may be trademarks or service marks
ibm.com/security → of others.

securityintelligence.com → Statement of Good Security Practices: IT system

security involves protecting systems and information

ibm.com/security/community → through prevention, detection and response to

improper access from within and outside your

xforce.ibmcloud.com → enterprise. Improper access can result in information

being altered, destroyed, misappropriated or misused

@ibmsecurity → or can result in damage to or misuse of your systems,

including for use in attacks on others. No IT system or

youtube.com/ibmsecurity → product should be considered completely secure and

no single product, service or security measure can be
completely effective in preventing improper use or
access. IBM systems, products and services are
designed to be part of a lawful, comprehensive
security approach, which will necessarily involve
additional operational procedures, and may require
other systems, products or services to be most
effective. IBM does not warrant that any systems,
products or services are immune from, or will make
your enterprise immune from, the malicious or illegal
conduct of any party.
Understand
the competition
IBM Guardium Guardium’s direct
The Recognized Market Leader competitors in
the market

OVERALL

LEADER
FOLLOWER

MICROSOFT SECUPI
DATASUNRISE IMPERVA
AXIOMATICS ORACLE

DELPHIX IBM
AWS THALES
COMFORTE

CHALLENGER
Figure 1: The Overall Leadership rating for the Database and Big Data Security market segment
Imperva Weakness Probing question Show in demo

Imperva is strongly biased on Lack of comprehensive data How many real monitoring How all the next generation
protection process and vision. They customers do they have? Ensure data security functions fit
their Web Application Firewall
business is strongly biased on their they do not quote the WAF install together and protect for the
install base. Monitoring is Web Application Firewall (WAF) base as their market presence. Do future. Show Guardium
secondary and receives install base. Monitoring is secondary they have all functions to fill the Data Protection
less focus. and receives less focus. data security journey? and Insights.

In October 2020, Imperva Analytics support is new and Do I get full visibility of threats across Showcase quick search, data
does not cover all data sources. all my data sources? Can I customize threat analytics use cases,
acquired jSonar to bring
Counterbreach does not allow for analytics to fit my environment outlier detection, risky user
additional cloud offering, more customization on the data threats requirements or my policy scope? spotter, Insights reporting
automation and integrations, models. Weak analytics tools. How do I get insights into and analytics.
and agentless monitoring. my audit data?

They have gaps in portfolio How do you ensure consolidating of Show GDE function and
like, encryption or data you data security journey? How do value. Show DRM function
risk management. you prioritize and socialize risk to your and value.
data resources to all stakeholders?

Limited data source support How do you support NoSQL systems Show Guardium Data Protection
(breadth and depth). Limited and all their protocols? What audit for z, and Big Data, DBaaS
protection for Cloud data sources. volumes do you handle from monitoring options,
Unstable mainframe support. mainframe? Support for DBaaS is reports and dashboards.
just collecting logs?

Higher resource usage, lack What do you do to be able to analyze Show Insights for
of correlation, and scalability volume of long term retention of audit long term retention
issues due to flat file collection logs? Can you easily get analysis of reporting/analytics.
of audit data. insights from your data collection? Show GDP footprint.
Oracle Weakness Probing question Show in demo

Oracle offers a cloud Oracle security solutions Does your long-term IT architecture Show how Guardium can centralize
are tightly integrated into consist of multi-cloud, hybrid security controls, scanning, and
solution, with cloud-based
Oracle’s cloud and solutions or can it truly be risk reporting across multiple
security offerings. application solutions. Oracle-only? clouds and platforms.

Oracle’s security tools are Oracle is limited in data Where is your data stored? Do you Show how a data discovery scan
designed for Oracle databases discovery, security scanning, have backups, duplicate copies, can identify risks from uncontrolled
and applications, and do not and risk reporting transient data, etc.? data stores. Show how security
integrate across other across platforms. scanning and reporting will provide
Do you even know how much there an integrated risk analysis in
platforms and applications.
may be? How will you manage a single tool. Show DRM as
security controls across all these a dashboard approach
locations, and report on the to managing and
effectiveness of these controls? reporting issues.

Oracle is limited in Ask about their IT architecture – Show Guardium’s data activity
data activity monitoring. how will they recognize improper monitoring and reporting.
data usage/movement across
multiple platforms, clouds, etc.?

*These chart also apply to AWS and Azure since they only support native monitoring
Google* Weakness Probing question Show in demo

Google security tools are Google security solutions Does your long-term IT architecture Show how Guardium can centralize
are tightly integrated into consist of multi-cloud, hybrid security controls, scanning, and risk
designed for Google cloud and
Google’s cloud and solutions or can it truly be Google- reporting across multiple clouds
G Suite, and do not integrate G Suite. only? Can your data security solution and platforms. Show Guardium
across other platforms properly be limited to only the capabilities which are not in
and applications. functions which G Suite offers? G Suite, such as data discovery.

Data discovery, classification, Google is limited in data How much of your data is in Show how Guardium can:
and encryption do not cover discovery, security scanning, locations such as backups, 1) perform data discovery scan
and risk reporting across duplicate copies, transient can identify risks from uncontrolled
other platforms beyond theirs.
heterogenous data sources. data, etc.? Do you even know data stores, 2) Guardium can
how much? How will you handle unstructured data sources,
manage security controls 3) security scanning and reporting
across all of these locations, will provide an integrated risk
and report on the analysis in a single tool, and
effectiveness of these 4) DRM as a dashboard approach
security controls? to managing and reporting.

Google is limited in data activity Ask about their IT architecture – Show Guardium’s data activity
monitoring, being able to monitor how will they recognize improper monitoring and reporting. Show how
email, attachments, and phishing. data usage/movement across this enable data security for a class
multiple platforms, clouds, etc.? of risks (improper data movement)
not covered by G Suite.

*These charts also apply to AWS and Azure since they only support native monitoring
IBM Guardium’s
Competitive Differentiators

Top 10 Competitive Differentiators for Guardium

1 Broadest range of platform support across databases, 6 Insights Data Security hub that can collect logs from
data warehouses, Big Data, Database Services, and Z/OS other third-party solutions

2 Only solution providing clients three alternative methods 7 Only Guardium has the largest market share with
to monitor nearly any data source – via lightweight agent, highest number of clients in nearly every market
proxy-based tap, or agentless connectors
8 Only IBM Guardium can also provide complementary data
3 Only solution flexible and scalable for the hybrid cloud encryption, tokenization, and key management solutions
supporting management frameworks such as
Kubernetes and OpenShift 9 Only IBM Security Services and Expert Labs provide the most
advanced capabilities for installations, consultancy and
4 Most comprehensive Database Vulnerability managed services to meet clients’ business objectives
Assessment available
10 Only Guardium has active Guardium User Groups
5 Most advanced security analytics and communities in nearly every market enabling clients
threat detection capabilities to interact and provide advice
Understand the
solution: Pricing
Guardium Data Protection
pricing models over the years

Licensing Processor Resource Value Resource Value Units / Resource

metric Value Units Units / MVS MVS & MAPC Units
Version GDP v9 GDP v10 GDP v11, GI v2 GDP v11.3, GI v3
Licensing Strategy
– Retire PVU & RVU
May 2021
– Motivate clients to move to RUs
Year 2012 2015 2019
to simplify pricing and licensing

Processor Value Unit With Resource Value Unit (RVU) based With Resource Unit
(PVU) licensing is licensing, Guardium products are licensed (RU) based licensing,
estimated to be the same using either count of data sources - Managed Guardium offerings are
as the count of processor Virtual Servers (MVS) or Managed Activated made available under
cores referred to as CPU, Processor Core (MAPC) - used by data Cloud Pak for Security
vCPU or CPU cores. sources that are under active production (CP4S) licensing model
monitoring. MAPC metric was adopted as data using a singe part
PVUs have been around started to shift to cloud and clients needed a number that can be
for a long time. Many way to count what Guardium was monitoring. used flexibly with
clients have them, and Guardium portfolio and
they don’t know how RVUs provide a special discount table to other offerings built on
to count them. PVUs help reduce the list prices and allow for Cloud Pak for Security.
are tied to on-prem bulk-purchase discounting to reduce the
deployments. need for special bidding.
In 2021, new licensing
was adopted to align with
Cloud Pak for Security

Benefits to the client Cloud Pak licensing models

Cloud Pak for Security Gen 3
Clients can choose Enterprise or Usage
Establishes a consistent pricing model Threat Data licensing models
(Resource Units) for all IBM Security components: components:
offerings (Threat and Data) built on Enterprise – Predictable pricing at
Cloud Pak for Security Data Explorer GDP enterprise scale
– For clients connecting
Simplifies the purchase process since it’s a Threat Intel. on-premises data sources
VA
single part number for all data offerings Insights to Guardium
– Managed Virtual Server (MVS)
Protects the client’s investment as workloads SOAR GI
and IT infrastructure shift from on-premises Usage – Consumption-based pricing
SOAR Breach
to cloud designed for cloud deployments
Response
– For clients connecting cloud-based
Enables flexible adoption of capabilities based data sources to Guardium
QRadar EA
on use cases, allowing clients to mix and – Managed Virtual Processor Core (VPC)
match pricing based on where the data lives
QRadar FA

QRadar Data
Store
Cloud Pak for
Security (GEN 3)
Make it easy for customers to buy and expand
Ratio Table Objective: deployments for cross portfolio use cases

Cloud Pak for Security (Gen 3)

Resource Unit List Price = $43.80
(Sold in packs of 100)
Enterprise Usage
(on-premises) (cloud)
Guardium Data Protection 1 MVS : 360 RU 1 VPC : 36 RU
Guardium Vulnerability Assessment 1 MVS : 40 RU 1 VPC : 4 RU
Guardium Insights 1 MVS : 100 RU 1 VPC : 10 RU
Each offering has a
Data Explorer (DE) 1 MVS : 1 RU 1 AU : 250 RU different value relative to
Threat Intelligence Insights (TII) 1 MVS : 1 RU 1 AU : 250 RU the other offerings. Ratio
conversions are used to
SOAR 1 MVS : 5 RU 1 AU : 1,250 RU
get the specific offering
SOAR Breach Response 1 MVS : 2 RU 1 AU : 500 RU RU value from the
QRadar Event Analytics (EA) number of on-premise
1 MVS : 12 RU 100 EPS : 120 RU
(includes Data Store) and cloud resources the
QRadar Flow Analytics (FA) 1 MVS : 7 RU 10K FPM : 300 RU
client needs.

QRadar Data Store

1 MVS : 2 RU 1 AU: 500 RU
(required if licensing Flows only)
Cloud Pak for Step 1 Step 2 Example:
Work with client to determine Launch the Resource Unit A medium sized bank is
Security pricing: which licensing metric to use calculator → and input the moving to the cloud. They
calculating RUs based on which data sources server quantities into the tool. have 40 database servers on
they want to monitor and The tool will convert MVS premises and 6 Azure data sets
where they ‘live’. and/or VPC to RU’s. A total totaling 16 vCPUs, and they
– On-premises = solution cost will be derived need Guardium Data Protection
MVS = Enterprise based on client’s discount level and Guardium Insights to
– Cloud = VPC = Usage and license term. monitor and protect data. What
is the total RUs and list price for
the solution?

License Metric RU Ratio Customer Profile Total RU

GDP MVS 1 360 40 MVS 14,400

(40*360)
On-premises
GI MVS 1 100 40 MVS 4000
(40*100)

GDP VPC 1 36 16 VPC 576

(16*36)
Cloud
GI VPC 1 10 16 VPC 160
(16*10)

Total RUs 19,136 RUs Total ($) List $838 M @ $43.80/RU

Key sales resources

– Key assets on Seismic – Webinars

• Guardium Landing Page → • Digital Trust Sales Talks
– Guardium Insights Series → (IBM)
Sales Kit → • Security Enablement
• IBM Security Strategy → Talks → (Business Partners)
• Security Demo Central →

– Client References
• IBM Client Success
Central → (IBM only)
Contacts Ian Wight
Worldwide Guardium
Matt Simons
Product Manager,
IBM Security Data Security Segment Leader IBM Security Guardium Insights
ianw@ibm.com matt.simons@ibm.com
Guardium Insights
Leslie Wiggins Javaid Rajmohamed
Program Director, Learning Content Development,
Data Security Product Management BM Security Guardium
wigginsl@us.ibm.com javaid@ibm.com
For more information

Slack channels

– General sales questions

#guardium-general

– Guardium Insights questions

#guardium-insights

– Guardium technical questions

#guardium-advocates
Guardium Insights to
Support Zero Trust

– Take smarter access control

actions with greater context
around risky users

– Accelerate, then automate,

compliance with granular
policy and workflows

– Visualize and enrich risk

analysis with actionable
insights, and take
intelligent action
Guardium Insights
to Support Zero Trust

– Take smarter access control – Accelerate, then automate,

actions with greater context compliance with granular
around risky users policy and workflows
• Integration with IBM
Security Verify Privilege – Visualize and enrich risk
allows Guardium Insights analysis with actionable
administrators to identify insights, and take
specific users accessing intelligent action
privileged credentials
when a risk is identified
Guardium Insights
to Support Zero Trust

– Take smarter access control – Accelerate, then automate,

actions with greater context compliance with granular
around risky users policy and workflows
• Granular control over what
and how monitoring data is
collected, the ability to
define rules and
notifications based on
matching criteria, and out
of the box policies to
streamline creation
• Ability to define full
lifecycle audit processes,
including scheduling and
task definitions

– Visualize and enrich risk

analysis with actionable
insights, and take
intelligent action
Guardium Insights
to Support Zero Trust

– Take smarter access control – Accelerate, then automate,

actions with greater context compliance with granular
around risky users policy and workflows

– Visualize and enrich risk

analysis with actionable
insights, and take
intelligent action
• Advanced analytics allow
administrators to identify
anomalous behaviors and
patterns then score risks
to prioritize which users
to take action against