IBM Bolsters Clients' Security Arsenal

New Products and Innovation From IBM Help Clients Manage Global Risk; Safeguard Virtual Environments

ARMONK, NY - 08 Apr 2008: IBM (NYSE: IBM) today announced a breakthrough in safeguarding virtual server environments and introduced new software to help businesses better manage risk. The company said the advances can provide businesses with substantial improvements in securing information, applications, and information technology (IT) infrastructures around the globe.

Today's announcements include:

"As sophisticated crime organizations infiltrate business processes and surreptitiously siphon off enterprise data, they are rapidly outpacing the advances of many of today's security offerings," said Val Rahmani, general manager IBM Internet Security Systems. "In order to withstand and overcome the explosion of tomorrow's threats, enterprises must fundamentally change their security strategies and move to a model of business sustainability -- a strategic approach in which security is designed into processes and systems to reduce risk and ensure long-term business enablement."

IBM's approach to business and information technology security is to strategically manage risk end-to-end while supporting governance and compliance initiatives across five domains -- information security; threat and vulnerability; application security; identity and access management and physical security. Announced in November 2007, this approach helps businesses attain sustainable processes that can withstand the emergence of new threats, regulations and changes in the business environment.

New Research Breakthrough Code Named "PHANTOM"
The IT industry is experiencing a fundamental transformation as enterprises replace traditional physical computing environments with new virtual environments. However, introducing a new virtualization layer also introduces new security vulnerabilities that, if exploited, could allow attackers to gain unprecedented access to corporate computing assets.

The problem is: traditional security technology is designed to secure traditional physical computing environments, not virtualized environments. The dynamic nature of virtualization requires a new breed of security offerings with the visibility, granularity and scalability required to properly secure virtual machine deployments. Therefore, enterprises must adopt new technologies and best practices for protecting their virtualized environments, or they leave themselves open to potentially catastrophic compromise.

IBM's PHANTOM initiative aims to create virtualization security technology to efficiently monitor and disrupt malicious communications between virtual machines without being compromised. In addition, full visibility of virtual hardware resources would allow PHANTOM to monitor the execution state of virtual machines, protecting them against both known and unknown threats before they occur. It is also designed to increase the security posture of the hypervisor -- a critical point of vulnerability; because once an attacker gains control of the hypervisor, they gain control of all of the machines running on the virtualized platform. For the first time, the hypervisor -- the gateway to the virtualized world and all that lays above it -- can be locked down.

IBM pioneered virtualization over forty years ago, leveraging decades of mainframe experience, embracing diverse resources and integrating the virtual and physical worlds. With the PHANTOM initiative, IBM is combining its systems and software heritage, Research prowess and X-Force intelligence to once again lead a new wave of virtualization innovation.

New Software for Information Security
The secure management of information is one of the fundamental requirements of an effective sustainable business. New additions to the IBM Information Security solution portfolio help reduce the cost and complexity associated with securing data.

IBM today unveiled details of IBM Tivoli Key Lifecycle Manager, software in the emerging area of encryption key management for storage devices. The software helps automate the management of encryption keys throughout their lifecycle to help ensure that encrypted data on storage devices cannot be compromised if lost or stolen. IBM Tivoli Key Lifecycle Manager, with an initial focus on industry standard storage including IBM tape and hard disk, also supports the growing number of requirements around data protection and compliance.

"Many businesses today have no formal, scalable process to manage thousands of encryption keys across several terabytes of data. IBM Tivoli Key Lifecycle Manager helps reduce the complexity and cost of managing the key lifecycle by automating the management process from key registration to changes and updates to archiving and destruction of tapes," said Al Zollar, general manager, IBM Tivoli Software. "We intend to build upon this first release with future capabilities that support a broad range of storage formats and supporting software and hardware in our continued effort to help clients improve security of their sensitive company information while also supporting compliance requirements."

IBM also today announced an enhancement to the IBM Information Security solution portfolio, which secures virtually any type of electronic information from creation through destruction, with the new IBM Unstructured Data Security Solution. This innovative software solution helps clients classify, secure and monitor unmanaged, unstructured data, such as information contained in spreadsheets, word processing documents and other text based files. With automated data classification, the solution helps improve security access controls and provides audit and compliance support for the vast majority of company data that is unstructured and unmanaged.

Most of the critical information within enterprises today is in the form of unstructured data. As a result, unstructured data represents a significant source of risk for data leakage and regulatory violations. With automated IBM Tivoli and IBM Information Management software, the new solution analyzes the text of selected company content in order to classify and collate the information into customized business-specific categories that fit the needs of company departments, such as human resources, legal and finance. Then, utilizing access management software, it can provide designated file-level access control to help ensure that only the proper audiences have access to specific data. The software also can actively monitor the privileged users who are granted access to designated files to help ensure appropriate use of their access rights, while additionally helping to address clients' compliance requirements.

IBM Tivoli Security Information and Event Manager, also announced today, allows clients to implement an automated security management solution for both real-time threat management in the data center and policy compliance management via user activity monitoring and log management. The real-time and historical dashboards provide clients with visibility into their enterprise security and compliance posture, detecting policy violations, misconfigurations, misuse and suspicious network activity.

While compliance initiatives are on the rise, successfully demonstrating compliance is particularly challenging with today's common IT environments which are comprised of software from many vendors. IBM's software helps clients centralize information security management with support across a wide breadth of vendors' applications and platforms.

New Software for Application Security and Identity and Access Management
IBM today also announced a new version of its access management software, extending its support of software addressing businesses' needs for Application Security and Identity and Access Management.

The new release of IBM Tivoli Access Manager for e-business helps automate the management of user and application security with improved usability, scalability and session management along with integration with a wider variety of IBM and other vendors' software. With a focus on managing user access control to Web-based applications from various vendors, the software enhances and simplifies security and compliance by providing a single view of user access across a broad set of business applications -- from e-mail to ERP systems. It centralizes security management and makes it easier and more cost effective for clients to securely deploy and manage a diverse set of applications.

IBM is the world's leading providers of risk and security solutions. Clients around the world work with IBM to help reduce the complexities of security and strategically manage risk. IBM's experience and range of risk and security solutions are unsurpassed -- from dedicated research, software, hardware, services and global business partner value -- helping clients secure business operations and implement company-wide, integrated risk management programs.

The IBM Unstructured Data Security Solution and IBM Tivoli Security Information and Event Manager are available today. The new IBM Tivoli Access Manager for e-business will be released later this month, and IBM Tivoli Key Lifecycle Manager will become available in the third quarter of this year.

For more information on IBM's security services, software and hardware visit

Related XML feeds
Topics XML feeds
IBM Security
IBM solutions that help with security, risk management, and compliance
Chemistry, computer science, electrical engineering, materials and mathematical sciences, physics and services science
Services and solutions
Information Management, Lotus, Tivoli, Rational, WebSphere, Open standards, open source