IBM Unveils Converged Security Strategy

• By David Nagel
• 11/06/07

IBM is tackling security in a big way. Late last week the company unveiled a new strategy encompassing five broad aspects of security and launching new products, services, and research designed to address everything from data threats to physical vulnerabilities. The "first wave" in IBM's new security initiative targets "enterprise to edge" information security.

"For many enterprises, security is broken," said Tom Noonan, general manager IBM Internet Security Systems, in a statement released Thursday. "The nature of evolving threats is such that installing point solutions to 'keep the bad guys out' is no longer a viable way to secure a business. We advocate new approaches to reduce complexities, adapt to new business imperatives and enable business value versus just threat protection. The path to a more secure world begins with a risk management strategy that limits the impact of threats, improves business resilience and creates an enterprise free of fear."

According to IBM, the new security strategy is the result of several recent acquisitions by the company in the security space. The strategy targets five broad areas of security, including information security; threat and vulnerability; application security; identity and access management; and physical security. In order to tackle these, the company has launched several new products and services, some in partnership with security firms. These include:

• Proventia Content Analyzer Technology, a data inspection and analysis tool for the Proventia Network Intrusion Prevention System;
• IBM Data Security Services for Activity Compliance Monitoring and Reporting, a service deigned to assess and monitor malicious and non-compliant database activity and vulnerabilities and report on abuses;
• IBM Data Security Services for Endpoint Data Protection for encrypting and managing data on endpoint devices;
• IBM Data Security Services for Enterprise Content Protection, a new service meant to prevent intentional an unintentional data leakage;
• User Compliance Management Software, which provides ongoing audits and alerts when policy violations are detected;
• IBM QuickStart Services for Tivoli Compliance Insight Manager, which is designed to help with the implementation of IBM's Tivoli event management software;
• IBM Web Application Security and Compliance Management, a compliance management tool targeted toward Web applications;
• IBM Tivoli zSecure, a suite for the IBM System z mainframe; and
• A new end to end PCI compliance program designed that includes technologies and services to assess compliance, create strategies to meet compliance standards, and, ultimately, to get the client certified for compliance.

IBM has also launched a new security initiative called Security Risk Management (SRM), a collaboration between universities and IBM's research and software divisions. It's designed to provide tools for risk management for CIOs and CISOs to "manage and allocate risk across all security domains to optimize business results," IBM said. "SRM performs critical assessments, compares business-level risks across the enterprise, quantifies the risk managed and the cost of each IT control, as well as automating control testing, to allow the firms to make significant cost savings."

SRM includes dynamic risk quantification; peer group risk comparison; business control optimization; security portfolio optimization (to help assess weaknesses); and event risk calculation.

Read More:

• IBM
• IBM Security Solutions