RealTime IT News

IBM: Security Is Our Brand

Big Blue is rolling out a big plan for dealing with security in the most comprehensive way it can -- by using almost all of the immense technological assets at its disposal.

IBM today launched a wide array of new products and services from across its product portfolio in a bid to improve security throughout companies' IT infrastructures. The company also hopes that doing so will encourage companies to give it a larger portion of the estimated $100 billion spent annually on information security technologies.

"At the end of the day, it's not just a focus on selling more security, it's about maintaining current customer confidence in our offerings -- that IBM is and continues to be a big player in security," Stuart McIrvine, director of IBM’s Corporate Security Strategy told InternetNews.com. "We embed security in everything we do and security is a key aspect of the IBM brand."

To help drive that point home, IBM is debuting a slew of new products designed to help companies better mitigate risk -- a massive strategy that encompassed what IBM refers to as the core domains for IT security, which include infrastructure like firewalls and routers, identity and access management, application security and data security.

"To manage risk, you need to be able to have monitoring across domains," McIrvine said. "It's not good enough to just throw in a capability."

Among the new offerings is the IBM Proventia Content Analyzer Technology, which will integrate with IBM's Intrusion Prevention System (IPS) product to prevent leakage of confidential data and information. A second product, IBM Data Security Services for Enterprise Content Protection, offers monitoring services to protect against data leakage.

On the auditing and compliance side, IBM has a new Data Security Services for Activity Compliance Monitoring and Reporting offering, designed to provide security auditing capabilities as well as security monitoring. Another new compliance tool, IBM's User Compliance Management Software, provides ongoing audits based on preset policies to determine software compliance and flag any violations.

IBM QuickStart Services for Tivoli Compliance Insight Manager is a new service offering that aims to make it faster to actually get IBM’s automated security information and event management software up and running quickly.

For actual PCs and notebook computers, IBM is introducing Data Security Services for Endpoint Data Protection, which aims to protect against unauthorized data access.

Finally, to address security issues relating to enterprise applications, IBM is revealing the first fruits of its acquisition of application security vendor Watchfire. The new IBM Online Application Security and Compliance Management looks at security inside application to ensure compliance and to mitigate security risks.

While the new offerings may seem a large and unwieldy assortment, McIrvine said IBM's goal is to ensure the different pieces work together.

IBM's new security push also isn't intended to compete against other large security frameworks, such as Cisco's Self Defending Network initiative. In fact, McIrvine said there are areas of compatibility between IBM's new products and those of other large enterprise vendors.

That's particularly true in the area of Network Access Control (NAC). According to McIrvine, IBM and Cisco have had a partnership for more than three years, through which IBM leverages its Tivoli product portfolio to handle NAC policy enforcement.

"NAC is an important capability that still needs to be more mature," McIrvine said. "It's part of our information security domain but there are other parts."

Though security has been a topic of importance to enterprises for some time, renewed emphasis on regulatory compliance and the costs associated with not protecting data properly are part of the reason why IBM is making this push.

While the threat of unprotected data might be downright scary to some IT managers, IBM said it wasn't trying to compound their fear by releasing its new suite during Halloween.

"It's pure coincidence," McIrvine said. "There are threats and hackers and people that take advantage of events on the calendar, but that's not what's on top of the agenda for CIOs. They're focused on regulations and compliance and other areas like basic user errors."