Feeds

IBM launches $1.5bn IT security push

Compliance and control

The Power of One eBook: Top reasons to choose HP BladeSystem

IBM has launched a major push to grow its presence in the information security market. The initiative is centered around two particular areas - compliance and content control - and weaves together technologies from recent IBM acquisitions Internet Security Systems (ISS) and Watchfire with technologies developed inhouse, many related to its Tivoli systems management arm.

The push will reportedly double IBM's security-related research and development spending to $1.5bn next year.

In a statement, IBM said the risk management landscape has changed with more collaborative business models evolving alongside more sophisticated criminal attacks. Current security technologies, implemented tactically in silos, are insufficient to deal with current challenges, the firm said.

Big Blue said it wanted to manage risk across an enterprise, with a particular focus on areas including application security, identity and access management, and physical security.

Substance

IBM bought security tools firm ISS for $1.3bn in a deal announced in August 2006. It followed up with the acquisition of web application security firm Watchfire in June 2007 in a deal valued at more than $100m. IBM's system rivals have also been active in the information security space, most notably marked with EMC's acquisition of RSA Security for $2.3bn in June 2006.

The introduction of corporate governance regulations such as Sarbanes-Oxley and HIPA have been a major driver for the information security industry as a whole over the last two years and go a long way to explaining why the likes of IBM and HP are looking to get a bigger slice of the action.

IBM's Internet Security Systems unit is a particular focus of the firm's wider push to add improved content inspection and compliance features to its technology portfolio. New data inspection capabilities are to be built into the Proventia Network Intrusion Prevention System line of products to provide increased visibility into data loss issues (eg alerting firms if someone tries to email sensitive data to unauthorised parties and the like).

Big Blue is also weaving technology from its Tivoli systems management arm with products from partners including Fidelis Security Systems, PGP Corporation, and Verdasys to produce new services. These include services that help clients encrypt and manage data on laptops and PCs, snappily titled IBM Data Security Services for Endpoint Data Protection, and IBM Data Security Services for Activity Compliance Monitoring and Reporting, a service for alerting on malicious and non-compliant database activity and vulnerabilities.

Other products, such as IBM User Compliance Management Software include access control and user activity monitoring, providing an electronic Big Brother. In market terms, technologies such as this push IBM into competition with the likes of Websense. In practical terms, it provides tools for firms keen to make sure their workers aren't spending their time playing network games or goofing around on Facebook instead of working.

Transmission

Big Blue also announced a one-stop program designed to offer compliance with the Payment Card Industry Data Security Standards (PCI DSS), an initiative by the credit card industry to make sure merchants have followed 12 basic security guidelines for processing credit and debit card data. This ties in with a wider push to sell more security products and services to small businesses.

Last, but not least, IBM announced a research project in security risk management.

More detail can be found in IBM's release here. ®

Designing a Defense for Mobile Applications

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.