IBM Bolsters Clients' Security Arsenal: Safeguard Virtual Environments

New Products and Innovation from IBM Help Clients Manage Global Risk

(21.04.08) - IBM announced a breakthrough in safeguarding virtual server environments and introduced new software to help businesses better manager risk. The company said the advances can provide businesses with substantial improvements in securing information, applications, and information technology (IT) infrastructures around the globe.

The announcements include:

A breakthrough research initiative from IBM X-Force and IBM Research, code-named "Phantom", which offers businesses a new means of securing virtualized server environments. At Phantom's core is industry-leading network and host intrusion protection used to guard the virtual environment and the machines from the inside out. The new technology sits in a secure, isolated partition and integrates with the hypervisor - the layer of management software that coordinates calls between operating systems and computer hardware.

New software from Tivoli that helps businesses reduce the cost and complexity associated with securing data.

"As sophisticated crime organizations infiltrate business processes and surreptitiously siphon off enterprise data, they are rapidly outpacing the advances of many of today's security offerings," said Val Rahmani, general manager IBM Internet Security Systems. "In order to withstand and overcome the explosion of tomorrow’s threats, enterprises must fundamentally change their security strategies and move to a model of business sustainability - a strategic approach in which security is designed into processes and systems to reduce risk and ensure long-term business enablement."

IBM’s approach to business and information technology security is to strategically manage risk end-to-end while supporting governance and compliance initiatives across five domains – information security; threat and vulnerability; application security; identity and access management and physical security. Announced in November 2007, this approach helps businesses attain sustainable processes that can withstand the emergence of new threats, regulations and changes in the business environment.

New Research Breakthrough Code Named "Phantom"

The IT industry is experiencing a fundamental transformation as enterprises replace traditional physical computing environments with new virtual environments. However, introducing a new virtualization layer also introduces new security vulnerabilities that, if exploited, could allow attackers to gain unprecedented access to corporate computing assets.

The problem is: traditional security technology is designed to secure traditional physical computing environments, not virtualized environments. The dynamic nature of virtualization requires a new breed of security offerings with the visibility, granularity and scalability required to properly secure virtual machine deployments. Therefore, enterprises must adopt new technologies and best practices for protecting their virtualized environments, or they leave themselves open to potentially catastrophic compromise.

IBM’s Phantom initiative aims to create virtualization security technology to efficiently monitor and disrupt malicious communications between virtual machines without being compromised. In addition, full visibility of virtual hardware resources would allow Phantom to monitor the execution state of virtual machines, protecting them against both known and unknown threats before they occur. It is also designed to increase the security posture of the hypervisor - a critical point of vulnerability; because once an attacker gains control of the hypervisor, they gain control of all of machines running on the virtualized platform. For the first time, the hypervisor the gateway to the virtualized world and all that lays above it can be locked down.

IBM pioneered virtualization over forty years ago, leveraging decades of mainframe experience, embracing diverse resources and integrating the virtual and physical worlds. With the Phantom initiative, IBM is combining its systems and software heritage, Research prowess and X-Force intelligence to once again lead a new wave of virtualization innovation.

New Software for Information Security

The secure management of information is one of the fundamental requirements of an effective sustainable business. New additions to the IBM Information Security solution portfolio help reduce the cost and complexity associated with securing data.

IBM unveiled details of IBM Tivoli Key Lifecycle Manager, software in the emerging area of encryption key management for storage devices. The software helps automate the management of encryption keys throughout their lifecycle to help ensure that encrypted data on storage devices cannot be compromised if lost or stolen. IBM Tivoli Key Lifecycle Manager, with an initial focus on industry standard storage including IBM tape and hard disk, also supports the growing number of requirements around data protection and compliance.

"Many businesses today have no formal, scalable process to manage thousands of encryption keys across several terabytes of data. IBM Tivoli Key Lifecycle Manager helps reduce the complexity and cost of managing the key lifecycle by automating the management process from key registration to changes and updates to archiving and destruction of tapes," said Al Zollar, general manager, IBM Tivoli Software. "We intend to build upon this first release with future capabilities that support a broad range of storage formats and supporting software and hardware in our continued effort to help clients improve security of their sensitive company information while also supporting compliance requirements.”

IBM also announced an enhancement to the IBM Information Security solution portfolio, which secures virtually any type of electronic information from creation through destruction, with the new IBM Unstructured Data Security Solution. This innovative software solution helps clients classify, secure and monitor unmanaged, unstructured data, such as information contained in spreadsheets, word processing documents and other text based files. With automated data classification, the solution helps improve security access controls and provides audit and compliance support for the vast majority of company data that is unstructured and unmanaged.

Most of the critical information within enterprises today is in the form of unstructured data. As a result, unstructured data represents a significant source of risk for data leakage and regulatory violations. With automated IBM Tivoli and IBM Information Management software, the new solution analyzes the text of selected company content in order to classify and collate the information into customized business-specific categories that fit the needs of company departments, such as human resources, legal and finance. Then, utilizing access management software, it can provide designated file-level access control to help ensure that only the proper audiences have access to specific data. The software also can actively monitor the privileged users who are granted access to designated files to help ensure appropriate use of their access rights, while additionally helping to address clients’ compliance requirements.

IBM Tivoli Security Information and Event Manager, also announced, allows clients to implement an automated security management solution for both real-time threat management in the data center and policy compliance management via user activity monitoring and log management. The real-time and historical dashboards provide clients with visibility into their enterprise security and compliance posture, detecting policy violations, misconfigurations, misuse and suspicious network activity.

While compliance initiatives are on the rise, successfully demonstrating compliance is particularly challenging with today’s common IT environments which are comprised of software from many vendors. IBM’s software helps clients centralize information security management with support across a wide breadth of vendors’ applications and platforms.

New Software for Application Security and Identity and Access Management

IBM also announced a new version of its access management software, extending its support of software addressing businesses’ needs for Application Security and Identity and Access Management.

The new release of IBM Tivoli Access Manager for e-business helps automate the management of user and application security with improved usability, scalability and session management along with integration with a wider variety of IBM and other vendors’ software. With a focus on managing user access control to Web-based applications from various vendors, the software enhances and simplifies security and compliance by providing a single view of user access across a broad set of business applications - from e-mail to ERP systems. It centralizes security management and makes it easier and more cost effective for clients to securely deploy and manage a diverse set of applications. (IBM: ra)