Risk
8/28/2008
07:18 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Procter & Gamble Taps IBM ISS For Cybersecurity Contract

The five-year deal includes monitoring and maintaining P&G's four existing IBM ISS Proventia SiteProtector management consoles used in Asia, Europe, and North America.

IBM on Friday plans to announce that Procter & Gamble has chosen IBM's Internet Security Systems (ISS) unit to enhance the consumer goods giant's cybersecurity worldwide.

The five-year deal, the largest to date for ISS, centers on the creation of a Virtual Security Operations Center (VSOC), managed by ISS. The VSOC will serve as a single point of control for a mix of P&G security products and associated data.

"By teaming with IBM ISS our objective is to both strengthen our security systems and improve the efficiency and effectiveness of our security operations," said Willie Alvarado, P&G's director of enterprise infrastructure services, said in a statement. "Working with IBM we believe we can deliver substantial cost savings and offer the business a security solution that is both strong and sustainable."

P&G expects that VSOC, a Web portal that combines vulnerability assessment, data correlation, and data analysis, will make managing its security systems easier and will lead to cost savings. The VSOC will allow ISS to more easily monitor and maintain P&G's four existing IBM ISS Proventia SiteProtector management consoles used in Asia, Europe, and North America.

The deal helps validate IBM's series of security-related acquisitions over the past two years. IBM bought ISS for $1.3 billion in October 2006, Watchfire in June 2007, and Encentuate in March 2008. Sale prices for the latter two companies, both privately held, were not disclosed.

Charles King, principal analyst for IT consulting firm Pund-IT, estimates the value of the deal to IBM to be in the low tens of millions of dollars over its five-year term. He says that P&G's decision to contract with ISS represents a significant vote of confidence. He sees the deal as a sign that large companies don't want to deal with point solutions for security.

"Traditionally businesses have tended to deploy multiple small point security solutions, sometimes provided by multiple vendors," said King. "While that model worked pretty well for a long time, I think business infrastructures are getting complicated enough that approaching security from a single vendor point of view makes a lot of sense for many enterprises."

In a move consistent with that assessment, IBM last November launched a $1.5 billion security initiative focused on a unified strategic approach to risk management.

To help understand the security landscape better, InformationWeek has published its 2008 Security Survey. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8893
Published: 2015-01-28
Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-8894
Published: 2015-01-28
Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter.

CVE-2014-8895
Published: 2015-01-28
IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via a crafted URL.

CVE-2014-8917
Published: 2015-01-28
Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media A...

CVE-2014-8920
Published: 2015-01-28
Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 5R4, 6.1, and 7.1 on Windows allows local users to gain privileges via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If youíre a security professional, youíve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.