- Solutions Overview
- Database Activity Monitoring
- • Privileged User Monitoring
- • Monitoring Applications for Fraud
- • Preventing SQL Injection Attacks
- Auditing & Compliance
- • Compliance Workflow Automation
- • SOX
- • PCI
- • Data Privacy
- Change Control
- Vulnerability Management
- Database Leak Prevention
- Mainframe Visibility
-
-
-
-
Enterprise Scalability
.
Unique in the industry, Guardium’s multi-tier architecture automatically aggregates and normalizes audit information—from multiple systems and locations—into a single centralized repository. This enables enterprise-wide compliance reporting, correlation, forensics, and advanced database-focused analytics.
A graphical Web console provides centralized management of policies, report definitions, compliance workflow processes, and appliance settings (such as archiving schedules). This scalable, multi-tier architecture can easily be scaled up to meet any mix of throughput and auditing policies, simply by adding appliances which work together in a federated model.
Scalable Multi-Tier Architecture: Guardium’s scalable architecture supports both large and small environments, with centralized aggregation and normalization of audit data, and centralized management of security policies via a Web console – enterprise-wide. S-TAPs are lightweight, host-based probes that monitor all database traffic, including local access by privileged users, and relay it to Guardium collector appliances for analysis and reporting. Collector appliances gather monitored data from S-TAPs and Z-TAPs (Z-TAPs are mainframe-resident probes) and/or by connecting directly to SPAN ports in network switches. Aggregators automatically aggregate audit data from multiple collector appliances. For maximum scalability and flexibility, you can configure multiple tiers of aggregators.
In order to support massive transaction volumes in enterprise data center environments, Guardium’s architecture incorporates patented, intelligent storage algorithms that provide 100x better storage efficiency than traditional flat file-based approaches. This allows you to significantly reduce storage costs while retaining more of your audit data online—in a centralized audit data warehouse that can be rapidly queried and mined for specific access patterns and transactions.
Enterprise Deployment
The Guardium architecture provides a range of non-intrusive deployment options to optimally match your environment. Database traffic is monitored using one of the following approaches:
- S-TAP™ (Software Tap): Unique in the industry, these lightweight, host-based software probes monitor both network and local database traffic (shared memory, named pipes, etc.) at the OS level of the database server. S-TAPs minimize any effect on server performance (typically 2-4%) by relaying all traffic to separate Guardium appliances for real-time analysis and reporting, rather than relying on the database itself to process and store log data. S-TAPs are often the preferred solution because they eliminate the need for dedicated hardware appliances in remote locations and outsourcing facilities (or access to available SPAN ports in your data center)
- SPAN port or hardware tap: In this configuration, the Guardium appliance is deployed as a non-inline, passive network monitor that captures a mirrored copy of the network stream by connecting to a SPAN port in your network switch, or a network tap.
- Combination S-TAP and SPAN port: For maximum flexibility, you can use a combination of host-based and network-based collection, depending on your network topology and relative ease of access to database servers and/or network switches.
Modular Architecture: Guardium’s architecture supports multiple data collection options (host-based probe, SPAN port, and/or network TAP) with a suite of robust applications for analyzing database and application traffic in real-time, storing and analyzing all transaction data for auditing/compliance and forensics, and automating compliance reporting and workflow
