IBM Tool Polices Policy

New Tivoli Compliance Insight Manager catches non-compliant behavior

IBM's governance and risk management picture is filling out: Today the company will officially debut the fruits of its acquisition earlier this year of security audit and compliance vendor Consul. (See IBM Buys Into Security Compliance, IBM Closes on Consul, and IBM to Enter Web App Security.)

The new Tivoli Compliance Insight Manager -- based on Consul's InSight -- is an automated security information and event management (SIEM) product that tracks and reports non-compliant behavior on networks, and sends out alerts when data or systems are at risk of exposure, or when there's been unauthorized or inappropriate access. The new software is part of IBM’s IT Governance & Risk Management portfolio of technologies and services.

Kris Lovejoy, director of strategy for IBM governance & risk management and the former CTO for Consul, says that most IT failures are due to human error, not security breaches. "Things get missed," she says. "Our technology helps organizations from a business process policy standpoint, whether the IT processes and policies are followed. If not, we provide an alert or report."

It's all about change management, Lovejoy says. Even the smallest changes that don't require IT testing can cause a system outage, so organizations need to get a handle on change management. If they don't, they could pay the price when the auditors come knocking: "Auditors recognize that the bulk of outages are associated with a lack of control around change and identity management... So they look at whether those policies are documented or logged or monitored [so] any anomalies can be identified and reported on."

That's where Tivoli Compliance Insight Manager comes in, she says, to help identify any deficiencies in change management, as well as to help an organization prepare for an audit. The software works with IBM Tivoli Security Operations Manager, and can receive data from IBM Tivoli Identity Manager and IBM Tivoli Access Manager.

IBM says CSOs are spending more than 50 percent of their time reporting audit results, so the idea is to simplify the compliance process.

Tivoli Compliance Insight Manager, as well as a version for its iSystem mainframes, will ship on July 6. IBM had not yet finalized pricing details as of press time.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • IBM Corp. (NYSE: IBM)
  • Editors' Choice
    Evan Schuman, Contributing Writer, Dark Reading
    Tara Seals, Managing Editor, News, Dark Reading
    Jeffrey Schwartz, Contributing Writer, Dark Reading