A Fresh Look at Database Security

Abstract

In September 2015, IBM released Guardium 10, the latest version of its flagship enterprise database security suite. IBM Guardium is relevant to any organization wishing to improve its database security management and is becoming the de facto standard for database activity monitoring and database vulnerability assessment for IBM DB2, IBM Informix, Oracle and SQL Server.

This article is a quick glance at some of the more obvious operational improvements with Guardium 10, comparing the installation and configuration process and taking a look at the new interface. This article is aimed at those already familiar with Guardium or those who may have evaluated earlier versions and would like to start to explore the capabilities of the new version.

Content

Before we look at the software product itself, it might be useful to note some changes with the “packaging”.

  • The product name has changed. What used to be called "IBM InfoSphere Guardium" is now "IBM Security Guardium". We actually see this as quite significant as the product is now officially part of the extensive and popular IBM Security software portfolio. It almost goes without saying that IBM Security Guardium is much more descriptive as to the purpose of the product, emphasizing the focus on database security.
  • The product licensing terms have been simplified.

In terms of operational improvements with Guardium 10, we’ll be taking a look at the following areas:

Installation
User Interface
Notifications
Licenses
Patches
Search
Product Documentation

Installation

There are some subtle yet important differences with the Guardium 10 installation yielding a quicker, simpler and more reliable installation process than Guardium 9.

The installation time has been reduced by more than 50%. In our initial testing we used a VM configured with 4 virtual processors and 16GB memory. The underlying storage was SSD. The total time from the point of booting the VM from the ISO image to first time login at the CLI was clocked at ~13 minutes. The longest step in this process appears to be the configuration of the underlying MySQL database. Installation of V9 on an identical environment takes ~30mins.

Guardium 10 now sits on a more current operating system – RHEL 6 (6.5 Santiago as confirmed once booted). We notice this from the VMWare auto OS detection (see below). This may help to make the installation process more reliable and will undoubtedly make the operation of the software more efficient.

Substitution: Image 1

The installation process itself has been simplified. In previous versions of the product, the installation user was required: to specify the installation method (Collector, Aggregator or Central Manager); to specify the type of unit; and to enter the initial passwords for the default Guardium users (cli, admin and accessmgr). In the case of the password entry, we felt this step was actually redundant as the passwords for these users all need to be changed before the environment is configured.

This has now been improved, whereby the installation method is chosen at the start of the process and by default (unless interrupted) will install as a Collector. The need to choose the initial passwords has also been removed and in fact no user interaction is required at all if going with the default Collector installation.

Substitution: Image 2

Initial passwords remain unchanged from previous versions.

The configuration remains the same. We have documented the configuration steps in more detail in a previous article – see here. In summary, the following commands were run to set the configuration:

store network interface ip 
store network interface mask 
store network resolver 1 
store network route default 
restart network
store system hostname 
store system domain 
store system clock timezone 
store system ntp server (point servers, double Enter confirms the inputted values)
store system ntp state on
store unit type standalone
restart system

As with previous versions, it is recommended to verify the settings above after restart – with particular attention to the network. Again, see previous article here which describes these steps in greater detail.

Once verified, it's time to log into the portal - enter the IP address of your appliance and port 8443: https://your-guardium-ip:8443. Note make sure to use HTTPS.

User Interface

Guardium 10 has a completely redesigned interface and this is a very significant and welcome improvement over previous versions making it easier to navigate the application and find data quickly.

Even at first glance, the portal login page looks refreshed and more polished.

Substitution: Image 3

Substitution: Image 4

Notifications

As seen from above we are presented with a welcome screen which is always present showing some of the new features of the interface - the first of these i'd like to complement is the "Banner" bar along the top, with particular focus on the notifications (pictured as a bell above). This highlights if there are any notifications, in the above example I have 2 outstanding notifications and clicking on the icon shows more details:

Substitution: Image 5

A further click on each item expands the area to show more details and remedial actions:

Substitution: Image 6

Licenses

Here, Guardium has detected the product is not yet licensed and provides a jump link to the setup and licensing screen normally found here:

Substitution: Image 7

Upon entering the license key, a license agreement prompt will appear:

Substitution: Image 8

And once accepted, will return to the previous screen and list the products licensed. This is an improvement on the previous versions whereby it was unclear what was licensed and if the license key had been accepted.

Substitution: Image 9

A few more licenses are entered in the same manor to unlock functionality of Guardium V10 - all clearly identified which products have been licensed:

Substitution: Image 10

Patches

Going back to the notification section, now that Guardium has been licensed, another nice feature is that it checks for any applicable patches and provides the link to Fix Central to download.

Substitution: Image 11

Search Bar

Another strong new feature of V10 is the search bar - this allows quick look up to navigate Guardium, which in my opinion was one of the hardest things to do in the previous versions if not familiar with the product. This search bar can be set to search specific areas of Guardium (Data, File, User Interface) as seen below:

Substitution: Image 12

For example, searching for the license setup:

Substitution: Image 13

The search is also fuzzy, and therefore will match parts of words - to demonstrate an example of the flexibility of the search, see below:

Substitution: Image 14

Or:

Substitution: Image 15

Or:

Substitution: Image 16

This is a strong, welcome (and overdue) feature which makes the navigation of Guardium V10 much simpler and intuitive.

Lastly, a few screenshots showing the System Monitor page - whereby the graphs graphics and tables have also been revamped, and act as tiles which can be dragged and dropped:

Substitution: Image 17

Substitution: Image 18

Product Documentation

One of the more significant improvements with Guardium V10 is the wealth of product information emerging which simply wasn't available for the previous versions.

There is an informative article available on IBM Developer Works which goes into greater detail about the new features that Guardium 10 brings: http://www.ibm.com/developerworks/library/se-guardium-v10/index.html

Conclusion

This article is a quick glance at some of the more obvious operational improvements with Guardium 10. Guardium delivers powerful database security capabilities that are important for many of our enterprise customers and making the technology easier to install, manage and use is a big step forward from IBM.

Disclaimer

The above is provided "as is" without warranty of any kind, either express or implied, including without limitation any implied warranties of condition, uninterrupted use, merchantability, fitness for a particular purpose, or non-infringement.