Feeds

IBM launches $1.5bn IT security push

Compliance and control

SANS - Survey on application security programs

IBM has launched a major push to grow its presence in the information security market. The initiative is centered around two particular areas - compliance and content control - and weaves together technologies from recent IBM acquisitions Internet Security Systems (ISS) and Watchfire with technologies developed inhouse, many related to its Tivoli systems management arm.

The push will reportedly double IBM's security-related research and development spending to $1.5bn next year.

In a statement, IBM said the risk management landscape has changed with more collaborative business models evolving alongside more sophisticated criminal attacks. Current security technologies, implemented tactically in silos, are insufficient to deal with current challenges, the firm said.

Big Blue said it wanted to manage risk across an enterprise, with a particular focus on areas including application security, identity and access management, and physical security.

Substance

IBM bought security tools firm ISS for $1.3bn in a deal announced in August 2006. It followed up with the acquisition of web application security firm Watchfire in June 2007 in a deal valued at more than $100m. IBM's system rivals have also been active in the information security space, most notably marked with EMC's acquisition of RSA Security for $2.3bn in June 2006.

The introduction of corporate governance regulations such as Sarbanes-Oxley and HIPA have been a major driver for the information security industry as a whole over the last two years and go a long way to explaining why the likes of IBM and HP are looking to get a bigger slice of the action.

IBM's Internet Security Systems unit is a particular focus of the firm's wider push to add improved content inspection and compliance features to its technology portfolio. New data inspection capabilities are to be built into the Proventia Network Intrusion Prevention System line of products to provide increased visibility into data loss issues (eg alerting firms if someone tries to email sensitive data to unauthorised parties and the like).

Big Blue is also weaving technology from its Tivoli systems management arm with products from partners including Fidelis Security Systems, PGP Corporation, and Verdasys to produce new services. These include services that help clients encrypt and manage data on laptops and PCs, snappily titled IBM Data Security Services for Endpoint Data Protection, and IBM Data Security Services for Activity Compliance Monitoring and Reporting, a service for alerting on malicious and non-compliant database activity and vulnerabilities.

Other products, such as IBM User Compliance Management Software include access control and user activity monitoring, providing an electronic Big Brother. In market terms, technologies such as this push IBM into competition with the likes of Websense. In practical terms, it provides tools for firms keen to make sure their workers aren't spending their time playing network games or goofing around on Facebook instead of working.

Transmission

Big Blue also announced a one-stop program designed to offer compliance with the Payment Card Industry Data Security Standards (PCI DSS), an initiative by the credit card industry to make sure merchants have followed 12 basic security guidelines for processing credit and debit card data. This ties in with a wider push to sell more security products and services to small businesses.

Last, but not least, IBM announced a research project in security risk management.

More detail can be found in IBM's release here. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.