IBM Guardium

Fundamentals
Seller Presentation

Domenick DeCarlo
WW Technology Sales Enablement
[email protected]
Seller Slides in this presentation marked as
"IBM and Business Partner
References in this presentation to IBM
products, programs, or services do not

guidance Internal Use Only"

are for IBM and Business Partner use
imply that they will be available in all
countries in which IBM operates.

and legal
and should not be shared with clients Product release dates and/or
or anyone else outside of IBM or the capabilities referenced in this
Business Partners’ company. presentation may change at any time

disclaimer © IBM Corporation 2024.

at IBM’s sole discretion based on
market opportunities or other factors
All Rights Reserved. and are not intended to be a
commitment
The information contained in this to future product or feature
publication is provided for availability
IBM and Business Partner
informational purposes only. While in any way. Nothing contained in these
Internal Use Only efforts were made materials is intended to, nor shall
to verify the completeness and have
accuracy the effect of, stating or implying that
of the information contained in this any activities undertaken by you will
publication, it is provided AS IS result
without warranty of any kind, express in any specific sales, revenue growth,
or implied. or other results.
In addition, this information is based
on IBM’s current product plans and All client examples described are
strategy, which are subject to change presented as illustrations of how those
by IBM without notice. IBM shall not clients have used IBM products and
be responsible for the results they
any damages arising out of the use of, may have achieved. Actual
or otherwise related to, this environmental costs and performance
publication or any other materials. characteristics
Nothing contained in this publication may vary by client.
is intended to, nor shall have the
effect of, creating any warranties or
representations from IBM or its
suppliers
or licensors, or altering the terms and
conditions of the applicable license
Agenda Understand the
opportunity
Understand
the competition
– Marketplace – Competitive
landscape landscape
– Objection
Understand the handling
client – Differentiators
– Buyer and pain
points Key contacts
– Spotting an & resources
opportunity

Understand the
solution
– Offerings within the
portfolio
– Use case examples
– Competitive
landscape
Understand
the
opportunity
Covered in this section
– Market trends
and opportunity
– Analyst report
Hybrid cloud
environments
exacerbate key
data security Stop threats before Achieve regulatory Keep up with the
challenges for they disrupt business compliance sprawl of data

organizations

$5.52 M $255,626 $267,469

Average total cost of a Average cost Average cost increase
breach at enterprises of increase of a breach of a breach due to
more than 25,000 due to compliance extensive cloud
employees failure migration

280 days
Average time to detect
(207)
and contain (73) a data
breach
Market Market opportunity Key value
opportunity
$3.9 billion Risk
– Secure and protect high-value data stores
– Identify risk and provide prompt remediation

Data security market Market CAGR Compliance

opportunity snapshot
14%
– Enforce governance policies consistently
– Demonstrate compliance
– Lower costs and effort with no impact on business processes

Protection
– Protect sensitive data dynamically, on-premises and in the
cloud, from unauthorized access, theft, or changes
– Enable digital transformation by providing consistent
protection as the data environment evolves
Market landscape

Two macro trends driving the data security

market

Trend 1 Trend 2

As orgs grow, the rate of new data, Orgs are embracing hybrid multicloud to
applications and users being added gain agility, competitive advantage and
to the ecosystem is increasing drive their organizations forward

However However

Expanding data footprint increases Need to ensure data is protected,

an organization’s attack surface and handled in compliance, throughout
digital transformation and beyond
Client challenges
and requirements
Risk mitigation Secure data

Organizations add new data, IT and security leaders need

users, and applications to to provide their authorized
their IT landscape each day, users with easy access to
making it difficult to mitigate sensitive or regulated data
data security risk successfully while simultaneously keeping
in that data safe from exposure,
an ever-changing environment exfiltration or theft

– Vulnerability scanning based – Flexible encryption

on common vulnerabilities for data in all states
and exposures
– Simplified key management
– Data risk visualization for data stored in a
and management hybrid multicloud
– Data-centric security – Vulnerability scans to
harden IT infrastructure
– Data activity monitoring
with real-time controls
KuppingerCole
2023
Leadership
Compass
Database and big data security

OVERALL

LEADER
Key findings

IBM retains overall MICROSOFT COMFORTE

FOLLOWER
leadership in all categories DELPHIX THALES
AXIOMATICS IBM
from last year’s report
– Market leader ORACLE
IMPERVA
DATASUNRISE SECUPI
– Product leader
AWS
– Innovation leader

IBM graded full marks

in each dimension CHALLENGER
– Security
– Functionality
– Interoperability
– Usability
– Deployment

Figure 1: The Overall Leadership rating for the Database and Big Data Security market segment
Understand
the client
Covered in this section
– Who are the buyers
and influences their
specific pain points

– Conversation starters
Buyers

Buyer They want to secure IBM is a perennial market IBM Security™ Guardium®
CISO, CIO, their sensitive or regulated leader that can help any helps organizations achieve
VP of Security and IT, data and meet compliance size businesses transform their data security and
Line-of-business manager with regulations the way they support compliance goals through
users, apps, content, and its broad portfolio of robust
data across essentially encryption, data activity
Influencer
every type of device with monitoring, data threat
CDO, CRO, CPO
ease and affordability analysis, and compliance
Line-of-business owners
reporting tools
Database administrators
Data security analysts
Identifying a Guardium
portfolio opportunity

Discovery questions

Data discovery Data protection Encryption and key Regulatory

and classification and monitoring management compliance
Identifying a Guardium
portfolio opportunity

Data discovery and classification

What to ask Why it’s important

Do you know what sensitive data Organizations have data stored across their IT
you have and where it is located? landscape. Much of that data is regulated, and
unaccounted for by the teams responsible for
its security and/or compliance with
regulations.
Identifying a Guardium
portfolio opportunity

Data protection and monitoring

What to ask Why it’s important

– How much of your sensitive data are you – Not all vendors offer both cloud and on-prem
looking solutions, and the market as a whole is
to keep on premises? continuing
to support a shift toward the cloud.
– How are you monitoring privileged users’
Enterprises are commonly adopting a hybrid
access
combination of both,
to your sensitive data sources? Do you have
to enable a gradual migration over time.
a way to centrally control privileged user
access policy? – Insider threats are often harder to discover
and more disruptive to a company’s security.
– How do you currently detect risks within
Having solutions that can identify and block
your environment, including improper or
suspicious user activity can save the client’s
suspicious credential usage. What methods
time, money and reputation.
are you employing to bring together
context-aware data and apply analytics for
Identifying a Guardium
portfolio opportunity

Encryption and key management

What to ask Why it’s important

– How are you protecting sensitive data from Encryption is the most common way to
unauthorized access, theft, or changes protect data-at-rest, whether it’s stored on-
whether premises or
it’s archived, in-transit or at rest? in private or public cloud. For data stored in
– Do you have data hosted in 3rd party public cloud, concerns may arise as to who
cloud environments? How is your data being owns/controls and stores the encryption
protected in the cloud and are you in control keys. Without controlling the keys, a client
of that protection? can’t really be said to be in full control of
their data’s security.
– Do you have a way to apply security policy
and controls equally across all your data–
whether in the cloud, on-premises systems,
or elsewhere?
Identifying a Guardium
portfolio opportunity

Regulatory compliance

What to ask Why it’s important

Have you been struggling with decreased – Data encryption is required by several
productivity and are you looking to cut costs regulations.
associated with your compliance reporting?
– Auditing and reporting on compliance is a
time and resource intensive process and a
frequent pain
point for large enterprise.
– Many want to improve operational efficiencies.
Understand
the client
More conversation
starters
Prospecting: IBM Guardium
Data Security Center

Conversation starters
– How are you meeting challenges around long-term data storage
requirements for compliance mandates, such as the General
Data Protection Regulation (GDPR), Health Insurance Portability
and Accountability Act (HIPAA) or Sarbanes-Oxley (SOX)?

– How are you, your data security administrators, or database

administrators (DBAs) keeping up with the demands for rapidly
delivering data reports to key stakeholders, such as auditors?

– Does your infrastructure have the capacity and processing power

needed to store large data volumes?

– How are you addressing rising storage costs as data storage

requirements increase? Are you building a data lake, or do you
require an optimized data security hub? OK

– What methods are you employing to bring together context-

aware data and apply analytics for actionable insights?

– How are you monitoring privileged user access and behavior to

your databases deployed in cloud platforms such as Azure or
AWS?

– What are you using for an early warning system to prevent

breaches for data stored on cloud platforms?
Prospecting: Guardium Data
Protection

Conversation starters

– What are you using for an early warning system to prevent

breaches?
– How “real time” is your current solution in sending you alerts
or actively preventing undesired access to data?
– How do you know if internal staff and privileged users are
using data?
– How do you find and assess database vulnerabilities?
– How do you know where sensitive data resides and if it’s
copied?
– What are you doing about the escalating costs of
implementing additional security policies?
– How do you prevent someone from accessing data they
shouldn’t
be looking at?
– How do you ensure that authorized employees have access to

the right data?

Prospecting: Discover and Classify

Conversation starters
– What are the main challenges or business drivers you’re
trying to solve in sensitive data discovery and classification?

– How do you do sensitive data discovery today?

– What types of sensitive data do you store, share and

process?
How do you organize the data for business purposes? e.g.
California clients vs. European clients?

– How confident are you in the accuracy of your insights

derived from your current sensitive data discovery process?

– How are you using your discovered sensitive data today?

Prospecting: Guardium Data
Encryption

Conversation starters
– How are you using data encryption today? Do you use
native encryption options? What is your strategy for
protecting data-at-rest?

– Are you facing any regulatory requirements that recommend

you protect, hide, pseudonymize, or encrypt data? How do
you provide that data protection today?

– How are you protecting your data in light of regulatory

requirements, such as General Data Protection Regulation
(GDPR)?

– How are you protecting sensitive data from unauthorized

access, theft, or changes?

– Do you have data that’s hosted in third-party cloud

environments? How is your data being protected in the
cloud and are you in control of that protection?

– How do you prevent someone from accessing data they

shouldn’t
be looking at?

– How do you prevent unwanted changes to your data?

Prospecting: IBM Security
encryption key offerings

Conversation starters – Guardium Key Lifecycle

Manager (GKLM)
– Are you planning on adding or replacing storage? If so, how
is your data protected against loss? Do you need to ensure
that critical data is protected and always available?
– Are you aware of the requirements for privacy and
protection from disclosure that are required for your
industry?
– Do you collect and store client information and are you,
therefore, subject to data privacy breach laws?
– Do you maintain high-value intellectual property?
– Are you being asked to consolidate encryption key
management and are you aware of the new Key
Management Interoperability Protocol (KMIP) standard and
IBM’s support for that standard?

Conversation starters – Guardium Cloud Key

Manager (GCKM, part of Guardium Data
Encryption)
– Cloud service providers (CSPs) have unfettered access to
the sensitive data they host. Are you able to keep CSPs out
of your data?
– Do you control the keys to the data stored and encrypted by
Understand
the solution
Covered in this
section
– IBM Security
Guardium portfolio
overview

– Guardium offering
descriptions

– Pricing

– Use cases
IBM Guardium portfolio
IBM Guardium Data Protection IBM Guardium Data Security Center
Real-time data activity monitoring, Powerful data security platform with common
IBM Guardium offers protection, compliance reporting shared services and integration between modules
a comprehensive
portfolio to protect IBM Guardium Data Protection IBM Guardium Data compliance
data across its
lifecycle IBM Guardium Vulnerability Assessment IBM Guardium DDR (Data Detection and Response)

IBM Guardium DSPM (Data Security Posture Management)

IBM Guardium Discover and Classify

IBM Guardium Data Encryption IBM Guardium AI Security

IBM Guardium Key Lifecycle Manager IBM Guardium Quantum Safe

How Guardium can help Unified data security controls
One platform to manage the full
Protect your data. Manage
Guardium Data the full data security
data security lifecycle for all
Security Center lifecycle. Empower security
enterprise data

teams to collaborate. Protect data everywhere

Flexible and widest approach to
IBM’s data apply data controls across
security platform current and emerging threat
vectors

Empower security teams

Collaborate more effectively
across multidisciplinary teams
with a common view of data
assets, integrated workflows,
analytics dashboards,
centralized compliance policies
ticketing and reporting.

Flexible deployments and

licensing
Reduce operational costs and
efficiently scale, whether
through SaaS or on-premises
deployment with a modular
platform and
bidirectional ecosystem
integrations.
Guardium Data Security Center Shared experiences
A data security platform truly becomes powerful once
A powerful data security platform intelligence and workflows can traverse modules to create an
outcome that’s more than the sum of its parts.

Common services Common standards

At the heart of our data security Standards, accessibility and
platform exist common common design are at the heart
services: – Globalization standards
– Identity and access – External certifications
Shared Experiences: integration across modules

– Risk engine – Accessibility standards

– Policy engine – Digital marketplaces
– Data ingestion and warehouse – Trials and demos
Examples
– API gateway – Common design language Common asset view: Discover
Vulnerability management hub
– And more and classify

Shared experiences
Shared experiences bring
intelligence and workflows
together across modules:
– Sharing data, events and
insights between modules
– Contributing and consuming
data, events and insights
between modules and the
platform
Guardium Data Security Center

Guardium Data Compliance

Run your data compliance program
effectively and at scale to minimize cost
and risk
Programmatic Cross-platform
Manage the lifecycle of Manage data compliance
your data compliance with across existing instances of
programmatic reports, Guardium Data Protection
workflows, tasks, schedules (GDP), modules within
and notifications. Data Security Center (DSC)
or both.
Compliance journeys
Quickly comply to
regulatory requirements
Activity monitoring 1,000s Programmatic journey to
manage the lifecycle of
Monitor privileged activity of hours spent a year by data compliance with
with compliance journeys to on-premises and cloud reports, workflows, tasks,
organizations to help
that help automate SOX,
data stores, collecting facilitate audits schedules and notifications
GDPR, HIPAA and others.
necessary information to
raise violations, provide
evidence and produce
auditor reports.
Guardium Data Security Center

Data Detection & Response (DDR)

Detect and respond to data security
events at speed while reducing noise in
your SOC
Hybrid monitoring GenAI
Monitor critical data stores Generative AI helps by
across your hybrid summarizing risks and
environment, including transforming data, such as
traditional on-premises-to- SQL commands, into
cloud data services running natural language to
across AWS, Azure and expedite the analyst’s

$4.88M
GCP. response. Generative AI assistant to
streamline risk
Detection SOC integration Average cost of a data investigation (case
Use AI and configurable Pushing just the actionable summarization, translation
breach, up 9.2% from
rules to identify threats, intelligence into your SOC 20231 of SQL statements into
from singular events to
reduces noise, analyst natural language), SOC
complex orchestrated
attacks, while reducing response times and costs integration
noise. for SIEM and SOAR
licenses.
Guardium Data Security Center

Guardium Data Security

Posture Management (DSPM)
Uncover vulnerabilities across the hybrid
cloud and remediate issues quickly
Shadow data Data movement
Rapidly discover sensitive Analyze entitlements and
structured and audit logs to see where
unstructured data that your data can move versus
lives across where it’s actually moving,
cloud, SaaS, and DBaaS identifying proliferation
environments. risks.

Vulnerabilities
Remediation 1 in 3 Rapidly find shadow data
in structured and
Use automated tools like breaches found to involve unstructured cloud data,
Highlight risks like open S3 Terraform and console SaaS, and
elements of shadow data1
buckets, regulated data in
scripts that give you ready- DBaaS environments; gain
insecure log files or third
to-execute fixes for many visibility into actual data
parties with access to PII,
and raise them for action. types of vulnerabilities. flow; and detect
vulnerabilities
such as data leakage and
third-party risks.
Guardium Data Security Center

Guardium AI Security
Protect AI data, models and applications
across many deployment platforms

Shadow AI Uncover vulnerabilities

Discover hidden AI Identify vulnerabilities in
deployments, including the data and models, such as
models, the apps they’re poisoning, exfiltration and
integrated with, and manipulation, mapped to
training and RAG data. the OWASP framework.

76%
Drill down and monitor Govern with watsonx Discover shadow AI models
Analyze training data, Import discovered AI into in cloud, map
understand classification watsonx.governance to of current Gen AI projects vulnerabilities to OWASP
and sensitivities, and Top 10 for LLMs and govern
fully manage the lifecycle are not secured 1
monitor ongoing access
of the model, including with watsonx.governance.
and entitlements to data
that’s supporting AI bias, drift, tolerance and
models. more.
Guardium Data Security Center

Guardium Quantum Safe

Prepare your organization to be quantum
safe by addressing vulnerable
cryptography
Crypto inventory Evaluate posture
Build a comprehensive Assess risk posture based
cryptographic inventory by upon findings such as
scanning and ingesting library types, versions,
data such as source cipher strengths, endpoints
repositories and and protocols employed.
vulnerability scanners.
Track progress
Policy and vulnerabilities
Drill down into specific
Monitor progress on
cryptographic posture and
4-7 Comprehensive view of
cryptographic inventory,
vulnerabilities and policy number of years after evaluation of posture
the closure of open
violations, with remediation which asymmetric progress over time,
recommendations, and vulnerabilities and policy
violations over time. encryption, used widely in remediation
open tickets to initiate recommendations
software, is estimated to
fixes.
become unsafe 1
How IBM Guardium can help

Guardium Data Protection

The gold standard for real-time data
activity monitoring and protection

Centralize Visibility Accelerate compliance

Define data-centric Simplify compliance with
security policies and apply policies, workflows and
them consistently across reporting while producing
the tamper-proof audit trails.
hybrid cloud.
Driving efficient outcomes
Manage threats to your
Dynamic data protection data
Protect data in real time Use AI to uncover and
with dynamic masking,
redaction, quarantining
respond to insider and
external threats to your
70% 25%
data. reduction in time spent on Overall time saved for data
and blocking. responding to regulatory security analysts with
audits automated processes
How IBM Guardium can help

Guardium Vulnerability Assessment

Harden your infrastructure with the
market’s broadest vulnerability
assessment tool
Uncover vulnerabilities Precise recommendations
Identify security gaps with Remediate with
scans for a wide range of recommendations based
database types and on benchmarks from STIG,
versions. CVE, CIS and other
standards.

Track progress over time Set and manage

See databases’ pass/fail exceptions
history over time and track Assign exceptions by
progress toward database, data source
group
remediation.
or type.
More than 25 database types and their associated versions
are supported—more than double the data source support of
the closest alternative.1
Guardium portfolio

Guardium Discover and Classify

Uncover your sensitive data to speed up
security, compliance and privacy use
cases
Identify unknown data Classify sensitive data with
at scale AI
A network-based approach AI & ML classify both
to discover and map structured and
sensitive data, both at rest unstructured data with
and 96% accuracy out
in motion. of the box. “I don't have to plead with “It tells me what I don’t
my DBAs for access now know. With other
Automate insights, because solutions, I have to first
playbooks Integrate with Guardium I have evidence of PII point them in the direction
Understand data subjects, Ready-to-use integration flowing in and out of of our sensitive data. That
data lineage, stakeholders with Guardium Data specific systems.” doesn’t help me.”
and processes to assess
risk, assist breach
Protection for stronger data
classification, database
10% 99% 3x
budget savings due reduction in false faster time to
investigations, speed monitoring and to automated positive and value over
compliance and remove vulnerability assessment. discovery of critical negative during the competitive
unnecessary PII. data stores data classification approaches to
1
Based on IBM Data
process discovery
Guardium portfolio

Guardium Data Encryption

Unified suite of encryption solutions to
secure your data and your business
Encryption where it matters Centralized policy
Granular encryption at the file, Enforce a consistent and
database and application layers centralized policy for
for data stored both on premise encryption keys and user
and in the cloud. access control.
$4.88M $237K Delivered in
Advanced data masking Average cost of a data Average cost
Obscure data at rest with breach, up 9.2% from avoidance after a partnership with
tokenization or specific parts 2023 1 data breach by leading encryption
of data fields with data-masking organizations vendor Thales
technology. employing
encryption 2
File and DB
Data encryption Container data encryption
key management encryption with live data
transformation

Cloud key
management File and
CipherTrust database
CM
Manager encryption
Batch data
transformation

Teradata Application
Guardium for encryption encryption
tokenization
Guardium portfolio

Guardium Key Lifecycle Manager

A leader in advanced enterprise
encryption
key management for hybrid cloud
Central key management Robust Key Storage
Guardium Key Lifecycle For IBM and non-IBM
Manager centralizes, products alike, KLM
simplifies and automates provides a robust means of
all aspects of encryption storing and
key management. serving keys. “In the domain of comprehensive data security, few names
carry as much weight as IBM. IBM Security’s Guardium Key
Standard/Open protocols Future Area: Quantum Safe Lifecycle Manager (GKLM) provides a centralized key
Guardium Key Lifecycle Guardium Key Lifecycle management solution for all encryption demands.”1
Manager unifies key Manager is a key
management with open component
standard such as KMIP, IPP of our post-quantum crypto
and REST. strategy for modernizing
encryption.
>1,000 #1
customers relying on Ranked the 2022 leader for
Guardium Key Lifecycle enterprise key
Manager management
by Omdia
Understand
the solution –
use cases
Use Case Benefits Challenges Solutions

Enabling The goal of any security team is to

stop threats before they disrupt the
– Removing manual processes with
automation and unified workflows
– Data risk-based analytics
and anomaly detection

smarter business and damage the brand

reputation, but the rapid adoption of
and tools (Guardium Data Security Center)

– Handling and correlating years of – Data activity monitoring,

data threat cloud technologies has made this a
greater challenge to address.
security data to proactively policy management,
uncover potential threats and vulnerability assessments
response Guardium can help adapt with AI-
based analytics that surface – Enabling teams and stakeholders
(Guardium Data Protection)
potential threats and score risky to collaborate in addressing cases – Real-time response to
users. Guardium can help block user within appropriate timeframes threats, investigation, and case
access and kick off threat management (Guardium Data
investigations with data security and Security Center, Guardium Data
compliance insights that enrich Protection)
cases
for more rapid remediation.

Sample
scenario
Automatically Review suggested Adjust policies
open a case remediation based on and
for predetermine business configurations
investigation risk as needed

Incident of Review correlated data Remediate risk in a cross- Deliver reports and
compromise activity and user team collaborative dashboard views,
access manner, sharing case and store audit and
to compromised data information compliance data
Use Case Benefits Challenges Solutions

Simplifying With data security and privacy

regulations growing in scale and
– Overseeing large volume of data
spread across a variety of data
– Data discovery and classification
for sensitive personal data

regulatory complexity, organizations need to

track changes and automate
stores on disparate environments (Guardium Discover and Classify,
Guardium
– Addressing the manual and
compliance processes in
order to address compliance,
disconnected nature of surveying
Data Protection)

and monitoring data that would – Data activity monitoring and

preserve client privacy, and grow
be difficult to scale policy management (Guardium
the business. Guardium can simplify
Data Security Center, Guardium
regulatory compliance by increasing – Maintaining the linkage of the
Data Protection)
visibility into which repositories data
contain sensitive data. With out-of- to the data subject to fulfill data – Compliance and audit reporting
the-box policy creation and rules privacy requirements (Guardium Data Security Center,
tagging for compliance monitoring, Guardium Data Protection)
automated audit processes, and
reporting in seconds, Guardium
reduces the manual challenges of
compliance.

Sample
scenario
Detect data, Track consent
understand its and other data
history, and tag subject
appropriately requests

New personal Place data under appropriate Access to data is Continuously

data policy group for risk and approved for specified monitor
generated compliance monitoring purposes, according to user behavior and
given consent remain context-
aware
Use Case Benefits Challenges Solutions

Protecting data Organizations are embracing cloud

services such as cloud databases
– Maintaining control and visibility
into the data sprawl as larger
– Data discovery and
classification (Guardium Discover

in the cloud and storage to embed flexibility and

agility into how their businesses
volumes of data live in the cloud and Classify, Guardium Data
Protection)
– Protecting sensitive data
(and on- operate to grow. Modern data
security solutions such as Guardium
without compromising business – Cloud data sources monitoring
agility, employee productivity, and policy management
premises) help clients to keep pace with the
cloud migration of data and the new
and client experience (Guardium Data Security Center,
Guardium Data Protection)
data generated in the cloud with – Maintaining a unified data
centralized insights into sensitive security platform that scales with – Data encryption and
data, simplified reporting on cloud a modern data landscape cloud key management
data sources, cloud data encryption (Guardium Data Encryption)
and key management, and more.

Sample
scenario
Database is located, along Data is de-
with risk and compliance identified for safe
context about the data sharing and
limiting risk

Analyst User access to Data activity is User riskiness and

requests database contents is monitored for entitlements are
access to verified against suspicious regularly audited
cloud current policies behavior and scored
database
Understand
the solution –
pricing
Guardium Data Security Center Packaging

Packaging highlights flexible deployment

options for growing data security portfolio
Resource Unit metric allows for flexible consumption of modules within hybrid delivery models, enabling clients to purchase
RUs and consume them across various modules in Guardium Data Security Center, while retaining their investment in
Guardium

Client-Managed
IBM IBM
(on-prem) Guardium Guardium
Software Data Vulnerability
Package Protection Assessment
SaaS only SaaS only
 1 Orderable
Package
 RUs can be used Legend
across all Guardium Data Security Center
capabilities modules
SaaS Package  Available for hybrid delivery via single
 1 Orderable UI, common services, shared
Package experiences
 RUs can be used coming soon  Try before you buy available
across all Guardium portfolio products
capabilities
 Available as stand-alone installation
General Availability: Nov 13, 2024  RUs compatible with client-managed
(on-prem software) package only
Guardium Pricing and packaging
Data Security Available via 2 deployment models:
Center pricing • client-managed software
• software as a service (SaaS)
model
– Simplifies the purchase process
Guardium Data Security Center is a platform that secures and protects
– Protects the client investment as on-premise and cloud data sources. Pricing is based on the number of
data sources that we will be protecting (called assets).
workloads and IT infrastructure shift to
cloud
Single part number includes access to all the modules and products in
– Enables flexible adoption of capabilities each deployment model:
based on use cases • Guardium Data Compliance
• Guardium DDR
• Guardium Quantum Safe
• Guardium AI Security
• Guardium DSPM
• Guardium Data Protection
• Guardium Vulnerability Assessment

• Pricing is based on a variable metric called a Resource Unit (RU)

which is
measured by the the number of assets using a ratio table for
counting each module / product.
Guardium Data Security Center Packaging

Sizing Guardium Data Security

Center
Step 1 Step 2 Step 3 RU ratios by module / product and
Determine client’s Find out the
environment size.
Launch the
Resource Unit (RU)
deployment model
use case and
Examples of what calculator → and Deployment model: Client-managed SaaS
which module will
best solve their to ask your client: input the asset/ Allocate RUs to use:
pain points. app user quantities
“Tell me about Guardium AI Security — 1 Asset : 400 RU
into the tool. The
your
Understand environment” tool will convert — 1 Asset : 15 RU
deployment asset and/or app Guardium DSPM 1 App User : 15
options available: “What types of users to RU’s. RU
SaaS or client- data sources do
you want Guardium Quantum Safe 5 Asset : 1 RU —
managed A total Guardium
Guardium to
software. protect? And how DSC price will be Guardium Data Compliance Included in 1 Asset : 200 RU
many do you derived based on GDP
have?” discount level and
license term. Guardium DDR 1 Asset : 100 1 Asset : 200 RU
“How many AI RU
models are
deployed Guardium Data Protection 1 Asset : 300 —
(approximately)?” RU

Guardium Vulnerability 1 Asset : 40 —

Assessment RU

RU Calculator on Seismic –
link
 Step 1
Guardium Data Module / Product RU Ratio

Work with client to determine

Security Center which data sources they want
Guardium Data Protection 1 Asset : 300 RU

client-managed to protect with Guardium DSC.

Guardium Vulnerability Assessment 1 Asset : 40 RU

software pricing Guardium DDR 1 Asset : 100 RU

Step 2
example Guardium Quantum Safe 5 Assets : 1 RU
Determine the total number of RUs
required based on the ratio table,
using the Resource Unit (RU)
calculator.

Monthly
Perpet Subscrip
Client use case Resourc Client Environment ual tion
(module/product) e metric Ratio Size Total RU License License

Guardium Quantum 25000 objects

Asset .2 5000
Safe scanned

Guardium Data $2.7M $90K

Asset 300 100 data sources 30000
Protection

Guardium DDR Asset 100 100 data sources 10000

Total RUs 45,000

Guardium DSC Client-managed software – client is interested in Quantum Safe, GDP
and DDR
• Part is sold in packs of 100 RU; quantity = 450
• No discounting applied

Prices in USD and are for reference only; please use IBM Quoting tools for latest pricing

RU Calculator on Seismic –
link
 Step 1
Guardium Data Module RU Ratio

Work with client to

Security Center determine which data
Guardium AI Security 1 Asset : 400 RU

SaaS pricing sources they want to

protect with Guardium DSC.
Guardium DSPM
1 Asset : 15 RU
1 App User : 15 RU

example Step 2 Guardium Data Compliance 1 Asset : 200 RU

Determine the total number of

Guardium DDR 1 Asset : 200 RU
Resource Units (RU) required
based on the ratio table, using the
RU calculator
Resourc Client Environment Total Monthly
Client use case (module) e metric Ratio Size RU Subscription

100 deployed AI
Guardium AI Security Asset 400 46000
models

100 cloud data

Asset 15 1725
sources
$60.7K
Guardium DSPM
App
15 500 SaaS app users 8625
User

Guardium DDR Asset 200 50 data sources 10000

GDSC Client-managed software – client is interested inTotal RUs 66,350

AI Security, DSPM and DDR
• AI Security & DSPM find “shadow data” so assume approximately 10-25% more when sizing (used
15% here)
• DDR requires storage not included here
• Part is sold in packs of 100 RU; quantity = 664
• Total price includes price tiering
• No discounting applied
Prices in USD and are for reference only; please use IBM Quoting tools for latest pricing
RU Calculator on Seismic –
link
Guardium pricing model Pricing and packaging
Guardium Data Protection, Guardium Vulnerability
Assessment
and Guardium Data Security Center
– Simplifies the purchase process
– Guardium offerings secure and protect different types of on-premise
– Protects the client investment as and
cloud data sources. Our pricing is based on the size and transaction
workloads and IT infrastructure shift to
volumes
cloud of the data sources that we will be protecting
– Enables flexible adoption of capabilities
– Pricing is based on a variable metric called a Resource Unit (RU)
based on use cases which is
defined as the number of managed servers or the number of virtual
processor
cores that the data sources depend on
• Enterprise - Predictable pricing at enterprise scale

– Works best for clients connecting on-premises data sources to

Guardium
• Usage - Ability to Scale seamlessly

– Pay only for what you need

– Works best for clients connecting cloud-based data sources to
Guardium

– $4,380 per 100 pack of RUs

– Single part number includes Guardium Data Security Center, Data

Protection and Vulnerability Assessment
Guardium Data Pricing and packaging
Encryption – Guardium Data Encryption (GDE) encrypts both on-premises
and cloud-based resources
pricing model – GDE consists of twelve individually priced applications
based on the client’s encryption needs

– Pricing is based on a metric called a Resource Value Units

(RVU) which is derived by knowing the number of managed
virtual
servers (MVS) to be managed or encrypted

– MVS is converted to RVU using the IBM Security Assistant &

Solution Center tool (SASC) tool which calculates the
extended entitled price

– Per unit pricing for GDE is built into the SASC tool

Pricing example MVS RVU

Extended Entitled
Price (USD)
A client needs to protect
GDE 300 103 $2,132,100
unstructured files and structured
database files on 100 Linux S&S Renewal (Yr
300 103 $426,420
servers and 200 Windows 2)

Servers. They also want support S&S Renewal (Yr

300 103 $426,420
3)
of
Prices in USD and are for reference only; please find the latest list pricing in the IBM quoting
the solution for two additional tools.

years beyond the initial year of

support that comes with the
entitlement.
Understand
the
competition
Guardium competition

IBM Security Guardium Imperva / Sonar Native monitoring tools

(Azure, Google, AWS, Oracle)

Strength A modern, comprehensive data security Fairly comprehensive portfolio and can support Embedded into the data sources from their
suite to support the entire end-to-end agentless deployment via jSonar respective vendors, immediately
data security lifecycle compatible

Weakness Often a lengthy deployment depending Made up of point solutions that do not interoperate Gives fragmented visibility as monitoring
on the solutions selected by the client well. tools for Azure cannot monitor AWS.
Often requires clients to learn specialized coding Similarly, these tools typically just generate
languages log data that data security teams then
to create reports and integrate with other tools need to analyze themselves

How we win Highlight ease of use, automation for Highlight the fact that even with one vendor it creates Guardium can centralize data security and
compliance policy and audit reporting, new siloes and requires additional time and resources normalize datasets across sources, saving
advanced analytics, security and IT to support something as simple as compliance time and enriching analysis. Guardium Data
integration, depth of data protection reporting Protection also partners with AWS to
support security in AWS cloud

How we improve our competitive position

1. Containerized, modernized architecture allows us to tell an effective hybrid multicloud deployment, scaling, and maintenance story. New offerings available as Software
as a Service (SaaS).

2. Integrates with IBM software portfolio and 3rd party solutions.

3. Agent-based and agentless support for major data sources natively and streaming support for any data source through Guardium Universal Connector
Common objections

You don’t really need agents for data security: One-size fits all and Flexibility is essential when it comes to monitoring, and it’s
agentless monitoring is sufficient important
to understand your use cases before selecting a monitoring
mechanism. You should go with the vendor that provides the
Guardium doesn’t really provide support for agentless monitoring most choice
Guardium has been providing an array of monitoring options for
years – from agentless API streaming advanced agents. In 2020,
we introduced the Universal Connector Framework to help support
agentless monitoring for more sources

Guardium is complex to set up and difficult to use Guardium introduced a new GUI that allows for easy operations and
automated deployments and upgrades with Guardium Install
Manager
Guardium perpetual licenses are too expensive versus Only IBM offers perpetual licenses; a better value for long-term
Imperva low-cost term license project like data monitoring

Guardium’s architecture is overly complicated – you don’t Guardium Data Security Center’s modernized architecture
need that much flexibility allows clients the flexibility to deploy on premise or in public or
private clouds – and to shift as their needs change

Guardium Data Security Center has barely been in market. It’s IBM is investing heavily in data security. Guardium Data Security
immature and can’t compete with jSonar’s maturity who has been Center provides a fully functional data security hub today in
in the market for 5 years which clients can retain data, create reports in seconds, perform
advanced analytics, deliver risk-based scoring, and more
IBM Security Guardium
differentiators

Secured modern Proactive Connected Simplified compliance,

data environments security controls data security auditing, and reporting
– Platform agnostic data security – Centrally define and manage – Open ecosystem of APIs and – Retain and analyze years-worth
and compliance reporting data access policies for users technology partnerships,
capabilities are extensible across and groups including automated integration of security data for faster and
on-premises, DBaaS, and hybrid with multiple commonly used enriched investigation
– Real-time and near real-time
multicloud data sources security tools, IT ticketing
security controls use behavioral – Prebuilt compliance templates
systems, and modern platforms
– Agent-based and agentless data analysis and advanced analytics accelerate auditing and
collection options provide to stop or contain data threats – Collaborate across the security reporting from months to weeks
flexibility operation center (SOC) by sharing
in connecting to data sources
data security event data with SOC
– Encrypt data in data sources,
applications, containers, and
tools and opening cases on IBM
in all states
Cloud Pak® for Security
Key sales resources

Key assets
Data Security Homepage on Seismic

Guardium Data Security Center Sales Kit

Security Demo Central

Analyst Reports
2023 Forrester Total Economic Impact Report

2023 Kuppingercole Data Security Platforms Re

port
 Where to go for help:
Resource Roles Contacts

WW Sales Leader Ian Wight, [email protected]​

Sally Fabian, [email protected]

WW Tech Sales Polly Lau, [email protected]
Liher Elgezabal, [email protected]

Matt Simons, [email protected]

WW PM
Nancy Miskowiec, [email protected]

Sales Leader - EMEA Brian Flasck​, [email protected]

Sales Leader - APAC Ajay Cherian, [email protected]
Sales Leader - LATAM Alexandre Brandi Pattara​, apatarra

Sales Leader – North America Scott McNeil, [email protected]

North America SaaS Sales Leader Bob O'Connor, [email protected]

Product Marketing Anshul Garg , [email protected]

Competitive Intelligence Sanara Marsh, [email protected]

WW GTM Sales Campaigns Jody Menard, [email protected]

Joseph Daw, Tech Sales Americas
[email protected]
Workshop Information
Alecia Ramsay, Expert Labs,
[email protected]
IBM and Business Partner Join slack #gdsc-sales-ama
Internal Use Only