Risk
11/30/2009
06:16 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

IBM Buys Database Security Company

By purchasing Guardium, IBM is strengthening its ability to sell to healthcare and financial companies.

IBM on Monday said that it has acquired Guardium, a computer security company focused on real-time database monitoring and protection for large companies.

The deal marks IBM's sixth acquisition and its second purchase of a security company this year. Financial terms were not disclosed.

IBM intends to use Guardium's database monitoring technology to help companies safeguard their internal data and to automate certain tasks required for regulatory compliance.

The software and services giant characterizes the acquisition as an extension of its business analytics strategy, which revolves around the company's Business Analytics and Optimization Consulting organization.

IBM plans to integrate Guardium into its Information Management Software portfolio.

"Organizations are grappling with government mandates, industry standards and business demands to ensure that their critical data is protected against internal and external threats," said Arvind Krishna, general manager of IBM Information Management practice in a statement. "This acquisition is another significant step in our abilities to help clients govern and monitor their data, and ultimately make their information more secure throughout its lifecycle."

Concerns about hackers and cybercrime play a role in the deal, but Gartner Research VP Avivah Litan says the Guardium acquisition has more to do with compliance than with security.

"The truth is compliance is what sells security," she said.

Litan expects that the Guardium deal will help IBM sell compliance solutions to healthcare and financial companies.

"It gives them software they they need to sell into those markets," she said.

Nonetheless, Litan praises the effectiveness of Guardium's technology, which can keep an eye on what database administrators are doing.

"It's very effective in certain situations," she said. "It excels at privilege-use monitoring."

InformationWeek has published an in-depth report on e-health and the federal stimulus package. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2006-1318
Published: 2014-09-19
Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka "Microsoft Office Control Vulnerability."

CVE-2012-2588
Published: 2014-09-19
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) body in an SMTP e-mail message.

CVE-2012-6659
Published: 2014-09-19
Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-1391
Published: 2014-09-19
QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.

CVE-2014-3614
Published: 2014-09-19
Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6.x before 3.6.1 allows remote attackers to cause a denial of service (crash) via an unknown sequence of malformed packets.

Best of the Web
Dark Reading Radio