IBM has extended Tivoli Risk Manager via interoperability with three new vendors. Network Associates Inc (NAI) adds its McAfee Active Virus Defense software to the mix. NFR Security joins Internet Security Systems (ISS) and Cisco Systems in providing Tivoli Risk Manager with intrusion detection technology, and on the firewall and VPN side, Secure Computing's Sidewinder takes its place beside Check Point.
Tivoli is one of four software brands within IBM, the others being WebSphere, DB2 and Lotus. Within Tivoli, four business units concentrate on different aspects of management. One handles availability and performance, another configuration and operations and a third, storage. The fourth business unit within Tivoli focuses on security. It handles administration and authorization with its Policy Director and Identity Director products. Risk Manager, which first went to market in June 2000, offers centralized monitoring and assessment of all the security risks a company might face. It's designed to be used even by systems administrators who are not security experts.
Modern enterprises overflow with security software, typically point products from intrusion detection, antivirus, firewall and VPN vendors. Each package emits security events. In the past, companies have hired operators to watch the consoles for each package separately. Tivoli believes it has identified a need for a more holistic and correlated
Risk Manager comes in three pieces. The real-time monitoring component accepts input from any number of software products. Supported vendors include Apache Software Foundation, Argus Systems Group, Check Point Software Technologies, Cisco, ClickNet Security Technologies, Gilian Technologies, IBM, iPlanet International, ISS, Lockstep Systems, Microsoft, Red Hat, Sun Microsystems, Symantec and Zone Labs, as well as the freshly announced NAI, NFR and Secure.
The second component performs log analysis on the stored input in an effort to identify patterns of attacks. The third and final component offers what Tivoli calls "proactive vulnerability assessments" for threats like the Code Red e-mail virus. This component can start and stop a process or revoke a user's privilege if it believes it has identified inappropriate patterns of use.
Because Tivoli's security management software offers a broad range of features, it competes with a number of point product vendors. In authorization, Tivoli Policy Director faces off with companies like Netegrity. In administration and provisioning, Tivoli Identity Director competes with BMC, Oblix and Waveset. Tivoli is even moving into authentication with a PKI product and a fresh VeriSign alliance.
Among startup companies with venture funding, eSecurity is the closest competitor to Tivoli Risk Manager. Prospects that have investigated both report that eSecurity offers slightly superior integration and correlation of events, as you'd expect from a company betting the bank on this specialization. By cross-referencing two or three different reports, eSecurity tries to minimize the false positives that are invariably associated with threat management and intrusion detection systems.
Other vendors with intrusion detection products are Intellitactics and NetForensics. Meanwhile, several mainstream security vendors, notably ISS and Symantec, are starting to offer integrated management, although so far they're only supporting their own products. As for Tivoli's traditional management competitors, CA has made a couple of announcements, and there's little sign that HP is ready to move into the space.
There are about 50 major Tivoli Risk Manager customers. Street price comes to around $25,000 for 20 devices or so. List price is higher, but partners offer big discounts to existing IBM shops. Enterprise customers might expect to pay $100,000 or more. Tivoli executives say pricing is very competitive. Indeed, given the extent to which IBM can afford to subsidize its new adventures in software, it?s impressive that eSecurity has managed to gain the reputation it has.
the451 (www.the451.com) is an analyst firm that provides timely, detailed and independent analysis of news in technology, communications and media. To evaluate the service click here.