Friday, April 29, 2016

Don't Ignore More Than You Expect - Notes On Whitelisting Objects in Policies

by John Haldeman, Enterprise Architect

We had a customer using DB2/z that was receiving a lot of events from SYSIBM.SYSDUMMY1. So, they wanted to implement a rule as shown in Figure 1:
Figure 1: Policy Rule to SKIP LOGGING on SYSIBM.SYSDUMMY1 - Click to Enlarge
This seemingly simple and innocuous rule has some unintended consequences. That's what this blog post is all about.

Wednesday, April 20, 2016

Why Outlier Detection Won't Save You

by John Haldeman, Enterprise Architect

Now that it's been out for awhile, I feel like it's time for some hard truths on Guardium Outlier Detection. Before I get into some of it's limitations, I want say that it does indeed work, and it is indeed useful and powerful. This post is meant to serve as a healthy discussion on the practical problems of using it. To be clear, I would rather use the function than not - ie: it provides more value than what it costs to deal with the issues below.