Risk
8/28/2008
07:18 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Procter & Gamble Taps IBM ISS For Cybersecurity Contract

The five-year deal includes monitoring and maintaining P&G's four existing IBM ISS Proventia SiteProtector management consoles used in Asia, Europe, and North America.

IBM on Friday plans to announce that Procter & Gamble has chosen IBM's Internet Security Systems (ISS) unit to enhance the consumer goods giant's cybersecurity worldwide.

The five-year deal, the largest to date for ISS, centers on the creation of a Virtual Security Operations Center (VSOC), managed by ISS. The VSOC will serve as a single point of control for a mix of P&G security products and associated data.

"By teaming with IBM ISS our objective is to both strengthen our security systems and improve the efficiency and effectiveness of our security operations," said Willie Alvarado, P&G's director of enterprise infrastructure services, said in a statement. "Working with IBM we believe we can deliver substantial cost savings and offer the business a security solution that is both strong and sustainable."

P&G expects that VSOC, a Web portal that combines vulnerability assessment, data correlation, and data analysis, will make managing its security systems easier and will lead to cost savings. The VSOC will allow ISS to more easily monitor and maintain P&G's four existing IBM ISS Proventia SiteProtector management consoles used in Asia, Europe, and North America.

The deal helps validate IBM's series of security-related acquisitions over the past two years. IBM bought ISS for $1.3 billion in October 2006, Watchfire in June 2007, and Encentuate in March 2008. Sale prices for the latter two companies, both privately held, were not disclosed.

Charles King, principal analyst for IT consulting firm Pund-IT, estimates the value of the deal to IBM to be in the low tens of millions of dollars over its five-year term. He says that P&G's decision to contract with ISS represents a significant vote of confidence. He sees the deal as a sign that large companies don't want to deal with point solutions for security.

"Traditionally businesses have tended to deploy multiple small point security solutions, sometimes provided by multiple vendors," said King. "While that model worked pretty well for a long time, I think business infrastructures are getting complicated enough that approaching security from a single vendor point of view makes a lot of sense for many enterprises."

In a move consistent with that assessment, IBM last November launched a $1.5 billion security initiative focused on a unified strategic approach to risk management.

To help understand the security landscape better, InformationWeek has published its 2008 Security Survey. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5700
Published: 2014-09-22
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) username or (3) password parameter in blocks/loginbox/loginbox.template.php to index.php. NOTE: some o...

CVE-2014-0484
Published: 2014-09-22
The Debian acpi-support package before 0.140-5+deb7u3 allows local users to gain privileges via vectors related to the "user's environment."

CVE-2014-2942
Published: 2014-09-22
Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code.

CVE-2014-3595
Published: 2014-09-22
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.

CVE-2014-3635
Published: 2014-09-22
Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows remote attackers to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one m...

Best of the Web
Dark Reading Radio