IBM Security® Guardium® Data Protection is data security software in the Guardium family of IBM Security® products. It is comprehensive data protection software that guards on-premises and cloud data stores through features such as data activity monitoring and analytics, near real-time threat response workflows, and automated compliance auditing and reporting.

Data security for a cloud-driven world

IBM Security Guardium Data Protection supports a modern, zero-trust approach to data security. No matter where your data resides you can have comprehensive security.

  • Discover and classify sensitive data across major data repositories, from AWS, DBaaS, and unstructured data in files to on premise mainframes and structured data environments.
  • Comprehensive activity monitoring and flexible demployment options for quick and intelligent response to advanced threats.
  • Streamline and automate data compliance workflows using prebuilt templates for regulations including PCI DSS, SOX, HIPAA, GDPR, CCPA and many more.

Why Guardium

Guardium Data Protection delivers meaningful results. Read the IBM-commissioned 2023 Forrester Consulting Total Economic Impact™ study to learn more about the benefits our clients have realized.


The study found a 406% ROI with benefits of USD 5.86 million over 3 years.


The study revealed a 70% reduction in time spent on auditing.


The study calculated that 25% of data security analysts’ time was saved.


Get faster compliance

Preinstalled capabilities enable faster compliance and data security. Compliance tagging, prebuilt policies, easy-to-use workflows and long-term data retention help speed time to value, so you can meet various compliance requirements such as PCI DSS, GDPR and CCPA in a shorter amount of time.

Centralize visibility and control

A data protection strategy with centralized policy management and enforcement across hybrid multicloud environments helps organizations break down silos, accelerate response, and reduce risk to the business with actionable intelligence from a central location. 

Reduce noise to security operations centers

Actionable, high-priority events are automatically shared with SIEM and SOAR solutions to reduce response times, remove the need for manual action and improve the quality of the data being analyzed, significantly reducing the cost of your SIEM.

Enforce security policies in near real time

Enable your team to quickly discern and focus on the most significant threats with actionable intelligence. Quickly monitor security policies and sensitive data access control, privileged user actions, change control, application user activities and security exceptions for faster remediation.

Protect data across the hybrid multicloud

Enforce security policies that protect data across the enterprise—for all data access, change control and user activities. Guardium supports deployment on several cloud platforms, including Amazon AWS, Google, IBM Cloud, Microsoft Azure and Oracle OCI.

Reduce costs and overhead with modernized infrastructure

Containerized orchestration supports elastic scalability and flexible deployment options. Evolve your data security as your data and IT infrastructure change and grow—while reducing costs.


Dynamic risk assessment

The Risk Spotter implements a dynamic risk assessment, which considers multiple risk factors, to identify risky users. Each user’s overall risk score is calculated daily based on the audited data, which you can use to prioritize mitigating actions.

Active threat analytics

The Active Threat Analytics dashboard shows potential security breach cases, based on an outlier mining process and identified attack symptoms. In this dashboard you can view and investigate cases, and also act on individual cases.

Smart assistant

The Smart Assistant is a low-touch, guided, 4-step workflow feature. It helps you get up and running on compliance monitoring by defining custom policies, workflows and reports for global regulations such as PCI DSS, SOX, GDPR, CCPA, Basel, HIPAA and others.

Universal connector

The Universal Connector is a lightweight open-source framework. It is used to develop plug-ins for Guardium to monitor cloud and on-premises data sources by using native audit logs. Customers and partners are encouraged to build their own plug-ins by using the Universal Connector framework.

Agentless or agent-based monitoring

For agent-based monitoring, Guardium supports S-TAPs (installed at the data source) and External S-TAPs (installed inline for containerized and cloud data sources). Supported agentless options include Universal Connector plug-ins and cloud event streams (for example, AWS Kinesis and Azure Event Hubs).

Vulnerability assessment

The IBM Security® Guardium® Vulnerability Assessment scans data infrastructure such as databases, data warehouses and big data environments—both on premises and in the cloud—to detect vulnerabilities and suggest remedial actions based on benchmarks from STIG, CIS, CVE and other configurations.

Centralized, agile platform

IBM Security Guardium Data Protection is built to scale seamlessly from one data source to tens of thousands with little to no impact on performance. To support this immense scalability and facilitate better management of load balancing, the platform automatically adapts to changes in the data center, an ideal feature when you need to support large deployments and frequent changes.

Use Guardium Data Protection with your choice of data sources


Guardium Data Protection for Databases provides automated data discovery and classification, near real-time activity monitoring, and machine learning analytics to discover unusual activity around sensitive data stored in databases, data warehouses and other structured data environments. The solution supports data on IBM Db2®, Oracle, Teradata, Sybase, Microsoft® SQL Server, Windows®, UNIX®, Linux®, AS/400 and z/OS®, and Hadoop NoSQL. It also supports key enterprise resource planning, CRP and custom applications.

Big data

Guardium Data Protection for Big Data provides full visibility on data activity, detecting unusual activity around sensitive data with near real-time data monitoring and machine learning analytics. The solution learns user access patterns to detect suspicious activity, giving administrators the option to block access or quarantine users to defend against internal and external threats. It accelerates compliance workflows through a prebuilt regulation template and supports both Hadoop and NoSQL environments.


Guardium Data Protection for Files provides automated discovery and classification of unstructured data in files and file systems, including NAS, SharePoint, Windows, Unix and Linux, to help you better understand and control unstructured data risks. Machine learning analytics detect unusual activity around sensitive data with intelligent access management and file activity monitoring across files and file systems.


Guardium Data Protection for z/OS enables you to deploy on-premises mainframes, including IBM z Systems®  with data protection built in. The solution protects against threats by automating data discovery and classification, with near real-time activity monitoring and machine learning analytics. Alerts are sent to SIEM solutions for correlating threats and streamlining response. You can also proactively assess vulnerabilities and misconfigurations in your Db2, information management system and data sets.


Guardium Data Protection for Database Services is optimized to provide automated data discovery and classification, near real-time activity monitoring, and machine learning analytics to sensitive data stored in database-as-a-service (DBaaS) platforms and cloud-native platforms, such as IBM Cloud Pak for Data. The solution supports databases consumed as a service from the cloud, including AWS RDS and Azure Database-Platform-as-a-Service.


Guardium Data Protection enables you to scale and innovate in AWS while safeguarding sensitive data. You will quickly achieve smarter, more unified data protection across your hybrid AWS cloud environment with a unified set of powerful security controls, including discovery and classification, vulnerability and risk assessments, near real-time monitoring and alerting, security policy controls, advanced analytics, and integration across the security stack.

Use Cases

Data protection across the hybrid cloud

Whether you recently experienced a breach or you’re in need of stronger controls, data security should be top of mind and simple to execute. With Guardium Data Protection, you can discover and classify sensitive data and protect data in real time with dynamic masking, redaction, quarantining and blocking. It provides centralized visibility and control so you can protect modern and legacy data environments simultaneously, apply policies from a single location, and understand how users are accessing data. Enforce a least privileged access approach so that data is accessed only on a need-to-know basis.

Flexible database monitoring

As most organizations are moving IT infrastructure to the cloud, they must the protect structured and unstructured data that’s multiplying across public clouds, data warehouses and popular SaaS apps. Guardium Data Protection is built on a scalable architecture that provides full visibility into all data types and their data activity across all major data repositories. Organizations have the option to use at-source monitoring for sensitive data by using Guardium agents and can also monitor non-sensitive and internal data sources through Universal Connector plug-ins, making it fast and easy to connect Guardium to modern, cloud-based data environments.

Find and respond to threats faster

Should an organization need to respond to threats, Guardium can block access and redact data in real time, open tickets efficiently and share insights with other security tools. It also provides detailed threat and user insights through at-a-glance risk views with click-through and drill-down features to investigate further. These views are powered by AI and machine learning algorithms that detect advanced attack vectors such as SQL injection, data leakage, service account abuse, denial of services, account takeover and more.

Simplify compliance

Manual audits are time-consuming and new regulatory compliance requirements make it difficult to keep track of what data needs to be protected, especially in the cloud. Guardium Data Protection helps to address security and privacy regulatory compliance with preinstalled and customizable policies, streamlined audit workflows and fast reporting. Take advantage of predefined templates for policies, groups and reports to meet various compliance requirements such as PCI DSS, GDPR and CCPA in a short amount of time.

Scroll to Top