IBM Guardium vs. Symantec Content & Malware Analysis

IBM Guardium DP is suitable for monitoring, auditing, data discovery, vulnerability analysis, and risk detection and investigation in relational and non-relational databases, cloud database services, indexed databases, and non-relational databases as well. IBM Guardium DPR is appropriate for supporting the process of detecting anomalous behavior in accessing sensitive data, helping to optimize the work of cybersecurity analysts or data team analysts by providing the data officer within our organization with insight into compromised users, compromised databases, or file servers containing sensitive data.

If you have Symantec based environment including Symantec proxy and endpoints, Content and Malware Analysis is the obvious choice. You can't run the CAS-MAS as a standalone deployment, you need proxies or ICAP supported devices capable to send the files/URLS. It's not a network security device where you can flow/direct the traffic to C/MAS. It does not have UBA, NBA or NTR features, it is just working for analyzing files as expected.

• Provides complete monitoring of data access and usage activities.
• Provides customizable security controls and policies that help us meet compliance and regulatory requirements.
• Uses advanced algorithms and machine learning to detect abnormal behavior patterns.
• Helps us protect sensitive and confidential data by controlling access.
• Integrates easily with other security systems and tools.

Incentivized

• 0 day detection and prevenion
• Flawless integration with Symantec Ecosystem
• Integration with other vendors supporting ICAP is also working
• Custom and golden image support
• High performance on busy environments
• Many threats are already detected and prevented through the CAS, it improves the performance drastically.
• Already builtin virustotal integration
• Reference to updates and updates information where I can see the product/service detecting which APTs
• Multiple Antivirus engines which you can select/subscribe
• Manual submission of file is supported through the gui
• URL manual submission is also supported

• Cleanup the menu bar- way too many items.
• Ktap support for newer O/S. Recently, I have had to open support tickets to get the most recent support for the RHEL Kernel.
• Also, upgrading agents to V12 doesnt not have the same Flex or exact match for KTAP as 11.5. You would think V12 would have the same Kernel support as 11.5. Clients are moving to V12.

Incentivized

• API support is lacking
• Symantec/Broadcom security vision in general
• Symantec support is not perfect
• You can't run the product as a standalone network device
• No packet capture capabiliy or work in span mode
• You need a dedicated hardware to make it run
• You need to buy

It is a perfect system to detect problems that we do not see manually, it is light, with a very simple learning curve and with great protection of our data, we will use it forever.

Incentivized

This software is not the easiest to use in all work environments, each department has some difficulties accessing and managing some functions, it can be considered a complex softy, but I consider it necessary to have it in the company due to its security qualities of warm cans, it offers exactly what it promises but with a little difficulty in its configuration.

Incentivized

There has been great support coming from IBM. It is easy to use and a great way to keep our data secure. I would recommend this to other possible users and if I were to move companies, I would recommend we use this there too. Thank you

Incentivized

IBM Security Guardium has extended capabilities of automatically locating databases and assessing the vulnerabilities and configuration flaws in them. IBM Security Guardium stacks up against other products due to the additional features that can be easily added to your IT systems after installation. Additionally, Guardium has the ability to monitor a mainframe database environment which makes it the best choice!

Incentivized

We have been using many solutions even tested nearly all available 0day sandbox solutions in the market. We choose Symantec CMA as we have already Symantec endpoint protection/EDR on the client, Symantec proxy for the web access, SCMA fits our environment. We have a big bargain when we puchase lots of equipment from the Symantec. Detection and prevention is very good at SCMA but some constant issues; like the product is not designed for heterogeneous environments, we can not integrate the SCMA with WAFs, it's lacking in api and request/reply calls. There's no file scanning, discover the option. SIEM integration is not smooth. I can not run some of the SOAR playbooks through the SCMA.

Only a few users in our shop for now

Incentivized

• Security and monitoring are important in a financial institution
• Constant visibility and auditing of companies is easy with IBM Guardium.
• la seguridad y monitored es important en una entidad financiera
• la visibilidad y auditoria constante de empresas es facil con IBM Guardium

Incentivized

• 0-day and APT risk is covered by the SCMA
• As the SSL is inspected and analyzed at Bluecoat proxy servers, hidden threats, malicous files are passed to SCMA to be analyzed.
• Getting full visibility at file trajectory level
• As it's a full proxy and ICAP integration, we are sure that the files are to analyzed and scanned for malicious activity. This is a big plus compared to NGFW analyze concept, as the NGFWs have special failsafe mechanisms allowing bypass of file analysis. SCMA fully catches the hidden threats.
• Flawless integration with Bluecoat systems is a big plus, customers are getting the same type of messages within their browsers.
• A negative impact is the standardization when I deploy SCAM to one of our locations. Then the auditors demand the same coverage within other areas and it comes with the cost. Especially maintaining these devices on premise environment has a significant cost.