The new security products and services arrive as recent studies from the IBM X-Force security research group revealed that criminal organizations around the globe are developing new attack techniques with alarming speed. At the same time, businesses are increasingly deploying more collaborative business models and taking advantage of new information technology (IT) infrastructures like cloud computing, virtualization and Web 2.0 which introduce new complexities for security teams. IBM's new arsenal of security products are designed to meet customers' requirements; allow businesses to take advantage of new technology paradigms by helping to address new and emerging risk; and help address the cost and complexity of important security and compliance projects - like Identity Assurance and Data Security management "through introduction of simplified security solutions.
"New computing models fundamentally require businesses to rethink how they deal with compliance, risk management, data and application protection," said Brian Truskowski, general manager of IBM Internet Security Systems (ISS). "The industry has taken a 'deploy now, secure later' approach which is creating today's oppressive cost and complexity problems in security. IBM is driving innovation with platforms that embed security in the infrastructure to transform security into a business enabler, rather than a costly inhibitor."
New cloud security offering Solid security approaches depend on an understanding of where data resides and how it's used. Achieving a complete view of enterprise assets and threats is a challenge even in traditional IT environments. With the growth of cloud computing, applications and data are flexible, fluid, and can reside in many different places at a given time creating some risk of malicious conduct or attack.
Today, IBM is introducing Proventia Virtualized Network Security Platform, a virtual appliance to help secure a company's physical and cloud assets. One of the initial outcomes of IBM's foray into secure virtualization, Proventia Virtualized Network Security Platform is an extensible virtual security platform that consolidates security applications like intrusion prevention, Web application protection and network policy enforcement into a single service. With Proventia Virtualized Security Platform, clients can take advantage of unprecedented scale to apply the benefits of virtualization to deliver X-Force powered network protection for virtual network segments, a key element for delivering secure cloud-based services.
The virtual world encounters the risk of having the same security cost and complexity issues that have taken over the physical security world.
"Today's complex arrays of point products create a management nightmare for security operations," said Pat O'Day, chief technology officer at BlueLock, which provides cloud services for clients worldwide. "BlueLock is working with IBM to lead the industry down a different path, one in which security is embedded into the fabric of the virtual cloud itself. With a holistic view, IBM could alleviate the need for clients to install and manage multiple point solutions in their environment."
To combat the security challenges in cloud computing, IBM has undertaken a company-wide project for a unified and comprehensive security architecture for cloud computing environments. The effort, which spans Systems, Software, Services and IBM's lauded Research and X-Force arms, is focused on delivering highly automated comprehensive security solutions with a heavy emphasis on strong isolation, integrity and resiliency.
Extended Protection for the Web Helps Prevent Malware Attacks
As organizations continue to operate on the global Web, the prevalence and dynamic nature of online applications is creating new challenges for meeting compliance and security needs. Causing even more concern, the rise of malicious software (malware) is gaining traction as one of the leading threats to security. According to IBM's 2008 X-Force Trend & Risk Report, more than 80 percent of malicious content today is served from legitimate Web sites.
Online sites such as social networks, blogs and wikis are all enticing users to exchange and share dialogue with one another. This increase in interaction is providing hackers and cybercriminals easier access to plant malicious software within these applications. As a result, organizations are looking for ways to protect their clients' data from being attacked and verifying that their Web sites have not been compromised to become a platform for attacks. Today, IBM is announcing new solutions to help combat these threats:
New data and identity software for the globally integrated, connected business
Today IBM is introducing four new security offerings for the dynamic infrastructure and Web-based environments that can help enable line of business and IT security managers to improve their risk posture, meet required cost reduction mandates and reduce complexity. Managing risk in a dynamic infrastructure requires developing and managing a secure infrastructure that at its core is based on trust. This notion of trust in users, identities, information, business processes and infrastructure helps clients to deliver superior business and IT services with agility and speed, while helping to minimize costs of management, administration and operation of the infrastructure.
The new offerings include:
IBM Tivoli Access Manager for Enterprise Single Sign On is also announcing the support of six business partners for second factor 'strong' authentication. IBM now has 250 application profiles available to clients to facilitate integration into their environments. Charismathics, Digital Persona, Ensure Technologies, Fujitsu, RFIDeas, and UPEK will help clients integrate the management of logical and physical security. More information about these partners and solutions is available in the Open Process Automation Library (OPAL) at: http://www.ibm.com/software/tivoli/opal/results?catalog.c=IBM_Tivoli_AssetType_StrongAuthentication
Further information is available on all of the software, hardware and services announced today at http://www-03.ibm.com/security/.