Risk
11/30/2009
06:16 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

IBM Buys Database Security Company

By purchasing Guardium, IBM is strengthening its ability to sell to healthcare and financial companies.

IBM on Monday said that it has acquired Guardium, a computer security company focused on real-time database monitoring and protection for large companies.

The deal marks IBM's sixth acquisition and its second purchase of a security company this year. Financial terms were not disclosed.

IBM intends to use Guardium's database monitoring technology to help companies safeguard their internal data and to automate certain tasks required for regulatory compliance.

The software and services giant characterizes the acquisition as an extension of its business analytics strategy, which revolves around the company's Business Analytics and Optimization Consulting organization.

IBM plans to integrate Guardium into its Information Management Software portfolio.

"Organizations are grappling with government mandates, industry standards and business demands to ensure that their critical data is protected against internal and external threats," said Arvind Krishna, general manager of IBM Information Management practice in a statement. "This acquisition is another significant step in our abilities to help clients govern and monitor their data, and ultimately make their information more secure throughout its lifecycle."

Concerns about hackers and cybercrime play a role in the deal, but Gartner Research VP Avivah Litan says the Guardium acquisition has more to do with compliance than with security.

"The truth is compliance is what sells security," she said.

Litan expects that the Guardium deal will help IBM sell compliance solutions to healthcare and financial companies.

"It gives them software they they need to sell into those markets," she said.

Nonetheless, Litan praises the effectiveness of Guardium's technology, which can keep an eye on what database administrators are doing.

"It's very effective in certain situations," she said. "It excels at privilege-use monitoring."

InformationWeek has published an in-depth report on e-health and the federal stimulus package. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8142
Published: 2014-12-20
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w...

CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.