IBM to acquire compliance software firm

By Robert Westervelt, News Editor 05 Dec 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

CISOs are tired of putting in piecemeal solutions, so a lot of people are looking for product suites as opposed to best of breed products that can do one thing really well. Khalid Kark, senior analyst, Forrester Research Inc.

Financial details were not disclosed. Big Blue said that the acquisition would become part of its Tivoli software unit.

Based in Delft, Netherlands, Consul develops compliance and security audit software that businesses can use to track, report and investigate employees, such as unauthorized activity by IT administrators or other users.

Consul does a good job of aggregating information inside different parts of an organization, an area that many businesses have been trying to tackle to meet compliance mandates, said Khalid Kark, a senior analyst with Cambridge, Mass.-based Forrester Research Inc.

"CISOs are tired of putting in piecemeal solutions, so a lot of people are looking for product suites as opposed to best of breed products that can do one thing really well," he said. "This is going to really help round off the compliance insider threat piece for IBM."

All-in-one Guide: Compliance All-in-One Guide: Compliance Security rules to live by: Compliance with laws and regulations Maintaining compliance in a world of constant change PCI standard, take two

Some vendors that compete with Consul are Network Intelligence, a division of EMC, Reston, Va.-based Intellitactics Inc., and Cupertino, Calif.-based ArcSight Inc. Consul may have stood out because it works in mainframe environments, Kark said.

Consul software called Auditor-in-a-box is a dashboard manager that scans company logs to monitor and audit systems and applications. It can be set up to automatically provide alerts when it finds that information or technology assets are at risk, when data is inappropriately accessed, or if compliance processes have been breached.

For example, IBM said the software can be used by a technology company to detect when an unauthorized employee accesses a system containing future product design concepts. An online retailer could also use the software to be notified when an abnormally high number of customer records are accessed.

The Consul software works in IBM's mainframe environment. It enables easy user administration on the mainframe, IBM said.

Tags: Vulnerability Risk Assessment,  Enterprise Data Governance,  Enterprise Risk Management: Metrics and Assessments,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Vulnerability Risk Assessment Screencast: How to launch an OpenVAS scan Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching Microsoft to issue security report card, new tool at Black Hat Newest malware threats Are Web application penetration tests still important? PCI compliance requirement 6: Systems and applications Cybercrime and threat management McAfee to acquire Solidcore Systems for whitelisting Vulnerability Risk Assessment Research Enterprise Data Governance Creating an enterprise data protection framework Analyst DLP study finds maturity, ranks top DLP vendors Voltage, RSA spar over tokenization, data protection Twitter gets condemned by CISOs at Forrester forum PCI DSS compliance requirements: Ensuring data integrity Trustwave acquires data loss prevention vendor Vericept Data has become too distributed to secure, Forrester says Cloud-based security services should start private Compliance in the cloud How to write technology outsourcing contracts Enterprise Risk Management: Metrics and Assessments How to avoid Internet liability lawsuits Bruce Jones: Report Security and Risk Metrics in a Business-Friendly Way Bernie Rominski: Communicate Effectively with Management about Risk Best Policy and Risk Management Products Monitoring program data and internal controls for risk management Risk management strategy for an information technology solution provider Align your data protection efforts with GRC The basics of enterprise GRC project management RSA council addresses growing security risks in the cloud How to write a risk methodology that blends business, security needs Enterprise Risk Management: Metrics and Assessments Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary gray hat  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary