Risk
11/30/2009
06:16 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

IBM Buys Database Security Company

By purchasing Guardium, IBM is strengthening its ability to sell to healthcare and financial companies.

IBM on Monday said that it has acquired Guardium, a computer security company focused on real-time database monitoring and protection for large companies.

The deal marks IBM's sixth acquisition and its second purchase of a security company this year. Financial terms were not disclosed.

IBM intends to use Guardium's database monitoring technology to help companies safeguard their internal data and to automate certain tasks required for regulatory compliance.

The software and services giant characterizes the acquisition as an extension of its business analytics strategy, which revolves around the company's Business Analytics and Optimization Consulting organization.

IBM plans to integrate Guardium into its Information Management Software portfolio.

"Organizations are grappling with government mandates, industry standards and business demands to ensure that their critical data is protected against internal and external threats," said Arvind Krishna, general manager of IBM Information Management practice in a statement. "This acquisition is another significant step in our abilities to help clients govern and monitor their data, and ultimately make their information more secure throughout its lifecycle."

Concerns about hackers and cybercrime play a role in the deal, but Gartner Research VP Avivah Litan says the Guardium acquisition has more to do with compliance than with security.

"The truth is compliance is what sells security," she said.

Litan expects that the Guardium deal will help IBM sell compliance solutions to healthcare and financial companies.

"It gives them software they they need to sell into those markets," she said.

Nonetheless, Litan praises the effectiveness of Guardium's technology, which can keep an eye on what database administrators are doing.

"It's very effective in certain situations," she said. "It excels at privilege-use monitoring."

InformationWeek has published an in-depth report on e-health and the federal stimulus package. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2363
Published: 2014-07-26
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.

CVE-2014-2625
Published: 2014-07-26
Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.

CVE-2014-2626
Published: 2014-07-26
Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.

CVE-2014-2966
Published: 2014-07-26
The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism.

CVE-2014-3071
Published: 2014-07-26
Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for adding a project connection.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.