IBM has said that it would spend $1.5bn next year on new enterprise IT security products, services and research, as part of a new company-wide security initiative.
IBM plans to sell more of its own security wares when it sells other products and services. It said it hopes to simplify enterprise security. Today’s wide array of security technologies, implemented in silos, are not sufficient to deal with the new reality of risk, said the company.
For many enterprises, security is broken, said Tom Noonan, general manager of Internet Security Systems at IBM. The nature of evolving threats is such that installing point solutions to ‘keep the bad guys out’ is no longer a viable way to secure a business.
IBM clearly hopes to take market share away from big security specialists, such as McAfee and Check Point.
McAfee agrees with IBM’s strategy of making its products and services secure, said McAfee director of competitive marketing Bill Gardner, but said it does tend to put the cart before the horse. For McAfee, everything is about security. For [IBM], security is about complimenting their core product and service offerings, Gardner said.
Success in the security market boils down to vendor focus, Gardner said. Our mousetrap will be a little better, simply because we focus on mousetraps, he said. We don’t look at security as a subset or element of other things we do. Security is all we do.
Gardner also said that while McAfee was not a small startup, it had some advantage over IBM in being more agile and being able to react to the complexity and changes in the security market.
IBM Global Services for several years has used McAfee products and the companies have many mutual customers.
IBM’s security initiative is built on a couple of its recent acquisitions, including Internet Security Systems, which it bought for $1.23bn in October 2006, and WatchFire, which it scooped up this past July for at least $100m.
IBM said it would tackle five main areas of IT: information security; threat and vulnerability; application security; identity; and access management and physical security.
For information security, IBM has new technology, services and software. Yesterday it announced it had built new IPS-based data inspection features into its Proventia Network Intrusion Prevention System line of products. It analyzes data packets as they move across the network, detecting the transmission of various confidential information and promising broad visibility of potential data loss.
IBM also plans to partner with Application Security, Fidelis Security Systems, PGP and Verdasys on new services to prevent data loss. They include new services to protect companies from insider abuse and to boost audit preparedness with assessment, monitoring, and alerts on malicious and non-compliant database activity and vulnerabilities. Other new services will include endpoint data protection, which will encrypt and manage data on laptops and PCs, and enterprise content protection, which will monitor and help protect against intentional and inadvertent leakage of critical data, according to IBM.
IBM also announced new data security and compliance management software, including a combined IBM Tivoli and Services platform that would continually audits via work policies and alerts when violations are detected. Also, QuickStart Services for Tivoli Compliance Insight Manager, which automates security information and event management software.
And it has new web application security and online compliance management software, thanks to Watchfire, that sources vulnerabilities to mitigate risks associated with data breaches.
The company said it would make a big push into risk management, with dynamic risk quantification, peer group risk comparison, business control and security portfolio optimization, and even risk calculation, among other initiatives.
IBM also promises to shore up mainframe security and will update the IBM Mainframe z/OS operating system in a bid to restrict unauthorized access to sensitive information, such as credit card numbers. The company also said it was developing products and services to help businesses comply with the Payment Card Industry Data Security Standard.