Case Study


IBM Security Guardium solution monitors and protects databases from unusual and malicious activities but still need to 'learn' from admins which populates data and install policies. For example, if the Client IP of DBA which is connected to database is whitelisted, Guardium will allow all traffic but will do full audit on privileged users.


What will happen if there is unusual activity inside environment and Guardium is not aware of it? What if we want to 'instruct' Guardium to learn from other systems and correlate policies in order to prevent potential data leaks in real-time? QRadar SIEM collects multiple events from most log sources in environment. QRadar SIEM detects threat on one or more classified IP addresses from which is possible to make connection to database servers. QRadar SIEM admins and other security teams are immediately warned about current situation. Since QRadar SIEM detected possible threat, custom rules are created, fired and immediately forward information to Guardium system. On the Guardium side, in real-time, informations are updated and new policy to prevent possible damage is being installed. In this case, all connections to database from 'affected' IP address is blocked by Guardium and there is no possible way to connect to database until offense is investigated. Also, IBM Guardium logged Policy violation which has been distributed to DBA and security teams for further investigation. Direct connection between two systems provides more reliable and intelligent system.


 According to the requirements set by the client, the solution had to provide:

• Water level monitoring

• Temperature and relative humidity monitoring

• Automatic data transfer

• Alarm in case of reaching the threshold values

One of the additional requirements was that the solution be less noticeable, due to the location of the station.


The solution that we offered was monitoring system with OTT RLS device for water level monitoring. In addition, the system allows the calculation of the flow, and data transfer via GSM modem (hourly). The system provides current and accurate values of the measured parameters.


Monitoring of the water level at a given location can be an indicator of the growth of the water level of the entire basin, and therefore this monitoring station can be a sort of alarm to relevant institutions. Even though the location is near the offices of the Agency for the Sava River Basin, the measurement must be continuous and parameter values visualized on the LED display.


This robust monitoring solution provide accurate data with automatic data transfer and has very low maintenance needs. The station has been successfully working and the system can be upgraded depending on the client's needs in the future. The company ALEM system is responsible for the maintenance and technical support of the whole system.


Today, most of companies are using CRM applications for customer information consolidation into a single database, so other users can easily access and manage it. Therefore, a lot of sensitive information about customers, opportunities, opportunity stages can be accessed, edited or viewed. Regardless application itself, there is always a possibility to edit data inside a database. So, question is, how can we monitor all changes/transactions being made in those applications? How can we monitor all changes being made from application or from database clients? How can we achieve this with one single application and how to protect this kind of unwanted activities?


With IBM InfoSphere Guardium solution, we are able to track/audit/monitor and alert all these kind of changes no matter being made from application itself or on database side. For example, if someone from company as application user, tries to corrupt/change data and then clear log in CRM application, we are still able to monitor and prove that exact application user made irregular or unauthorized change. Also, if DBA or someone who has access to database tries to do similar thing, we will capture all activities being made on database and be alerted that there is some kind of unauthorized activities being executed in real time.


CRM applications, such as SugarCRM, generate huge amount of sensitive data related to customers and business operations, natural seem the need to protect and monitor all kind of changes being made not just from application users, but also from DBA’s who are customizing application. IBM Infosphere Guardium solution captures and monitor all unusual activities and enables audit not just for SugarCRM application but also for other applications such as DMS, SCADA system etc.


Let’s assume that application user wants to change amount of certain opportunity. Therefore, he will lower amount and compromise potential contract. CRM application has audit enabled. But, application user has agreement with DBA where DBA will clear audit table. At the end, no changes will be visible and managers won’t have any clue about data corruption.


In this case, it is difficult to track who made change and what was the previous value. How can IBM InfoSphere Guardium help? This solution enables user to generate report to audit opportunities table in CRM. Through these reports, it is visible that there was an update on table. Also, reports gives information about DB User Name, Source Program, etc… Using Guardium’s reports it is possible to determine which user is really ‘hiding’ behind these changes with detailed report’s information (What value was changed and when? Who did that?) Drilling down on report we can find out update but cannot know Old value. IBM Infosphere Guardium has also ability to track changes on sensitive tables. Choosing specific report to view Values changed in this period we have two columns: Audit Old Value and Audit New Value.

Now, we have solved puzzle. Only thing left is to determine what happened with audit log, who deleted it. We have to go back to Guardium and run report with DELETE statements in condition during this period and the answer will be shown through this report.

Using IBM Infosphere Guardium solution, we are able to monitor all changes made on databases no matter if those changes came from applications such as ERP, CRM, DMS or custom-made apps; or DBA or SQL injections. Since it is a ‘Database Activity Monitor’ solution, we are able to provide transparent audit of all transactions being executed on database (Oracle, MySQL, Teradata, MSSQL, Postgresql, DB2, Informix etc.). All transactions are being stored in Guardium repository and cannot be deleted in any way. Using security policies and custom report capability, it is always possible to find any kind of ‘unusual’ activities or to investigate database traffic.


Even though ALEM Sistem Ltd. Company has extensive experience in implementation of solutions focusing on database security and monitoring in complex and heterogeneous environments, this project for Elektroprivreda BH was one of the most challenging ones.


The specificity of this project is primarily reflected in the fact that the database monitoring and security solution considered monitoring of SCADA systems flat-file databases.


Solution that we offered to our client was IBM InfoSphere Guardium that is scalable and can be adapted to meet all specific requirements. One of the main characteristics of this solution is that it does not affect the performance of the server on which the database resides.


Specifically for this project adaptation was related to creation of special patches. IBM InfoSphere Guardium solution enabled our client detailed monitoring and behavior of application privileged users through functionality of translation of application users and their reading from connection-pool web based applications. Also, this solution offers broad pallet of parameters that define every session on database such as client IP address, source program, start and end time of session etc.


Besides monitoring, Guardium solution offers tools for data protection, such as session termination that are potential risk and/or prohibited, alarming responsible persons in protection system in case of suspicious behavior of system users and creating of quarantine for potential suspicious behaviors with detailed recording of all activities of the person performing suspicious actions.


In line with our strategic commitment to protect and preserve the environment, we are extremely proud of the project that we have done in collaboration with the Federal Institute of Agriculture, with the aim of reducing the use of harmful chemicals in agricultural production and cost optimization.


Client needed a solution, hardware and software, that could help optimize the use of chemicals in agricultural production and cost optimization. Client request was installation of 15 agrometeorological stations and data collection for air temperature and humidity, precipitation and leaf wetness. Also, client wanted to generate alerts for recommended treatments for monitored crops.


The solution that company ALEM Sistem offered to the client was Adcon Telemetry, an Austrian manufacturer, agrometeorological stations and their software, addVANATAGE Pro 6.3., for data processing in the context of agrometeorology. This software is a combination of knowledge and best practices of agronomy and meteorology with the mission to optimize the use of harmful chemicals in agriculture. By optimizing the use of chemicals in agricultural production end product is healthier, the production is environmentally more friendly and production costs are smaller.


Agrometeorological stations collect data on all required parameters (air temperature and relative humidity, precipitation and leaf wetness) and Addvantage Pro 6.3 software process this data in the context of agriculture, and keeps track on plant growth, warns users about the occurrence of certain crop diseases, recommended time and amount of crop treatments, and warns about reached thresholds. Software taking into account the specificities of growth, development and the sensitivity of crops to certain plant diseases, and it is necessary to define thresholds for each crop.


This project, in terms of volume and the required settings, enabled the 150 farmers the ability to optimize their agricultural production. They receive alerts via SMS about thresholds reached and recommendations about crop treatments.


One of the most interesting projects, regarding Document Management System, we have had the opportunity to implement is archives digitization for JP „Komunalno Brčko“ d.o.o. Brčko distrikt BiH.


Existing DMS solution that the client had, IBM Lotus Notes, could not solve the problem of archives digitizing. In addition to archives digitization, the client wanted to unite all documents into a single database, create adequate business processes and monitor the exchange of documents throughout the organization. Thing the client has specifically insisted on is the ease of system use, and the search options based on unique number of the each document.