IBM to acquire compliance software firm

By Robert Westervelt, News Editor 05 Dec 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

CISOs are tired of putting in piecemeal solutions, so a lot of people are looking for product suites as opposed to best of breed products that can do one thing really well. Khalid Kark, senior analyst, Forrester Research Inc.

Financial details were not disclosed. Big Blue said that the acquisition would become part of its Tivoli software unit.

Based in Delft, Netherlands, Consul develops compliance and security audit software that businesses can use to track, report and investigate employees, such as unauthorized activity by IT administrators or other users.

Consul does a good job of aggregating information inside different parts of an organization, an area that many businesses have been trying to tackle to meet compliance mandates, said Khalid Kark, a senior analyst with Cambridge, Mass.-based Forrester Research Inc.

"CISOs are tired of putting in piecemeal solutions, so a lot of people are looking for product suites as opposed to best of breed products that can do one thing really well," he said. "This is going to really help round off the compliance insider threat piece for IBM."

All-in-one Guide: Compliance All-in-One Guide: Compliance Security rules to live by: Compliance with laws and regulations Maintaining compliance in a world of constant change PCI standard, take two

Some vendors that compete with Consul are Network Intelligence, a division of EMC, Reston, Va.-based Intellitactics Inc., and Cupertino, Calif.-based ArcSight Inc. Consul may have stood out because it works in mainframe environments, Kark said.

Consul software called Auditor-in-a-box is a dashboard manager that scans company logs to monitor and audit systems and applications. It can be set up to automatically provide alerts when it finds that information or technology assets are at risk, when data is inappropriately accessed, or if compliance processes have been breached.

For example, IBM said the software can be used by a technology company to detect when an unauthorized employee accesses a system containing future product design concepts. An online retailer could also use the software to be notified when an abnormally high number of customer records are accessed.

The Consul software works in IBM's mainframe environment. It enables easy user administration on the mainframe, IBM said.

Tags: Vulnerability Risk Assessment,  Enterprise Data Governance,  Enterprise Risk Management: Metrics and Assessments,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Vulnerability Risk Assessment Are Web application penetration tests still important? McAfee to acquire Solidcore Systems for whitelisting The Pipe Dream of No More Free Bugs Vulnerability test methods for application security assessments Free HP SWFScan tool detects Adobe Flash flaws PCI QSA assurance program penalizes assessors Information security book excerpts and reviews New York drafts language demanding secure code Security experts identify 25 dangerous coding errors Microsoft Windows XML flaw exploits test desktop antimalware Vulnerability Risk Assessment Research Enterprise Data Governance Risk management must include physical-logical security convergence Simple information security mistakes can cause data loss, says expert Organizations struggle with data leakage prevention, rights management Encryption in data management should never be ignored, expert says Attackers cash in on fundamental data handling mistakes, Verizon finds Data loss prevention benefits in the real world Mass., Nev. data protection laws wrong, ineffective Cybersecurity hearing highlights inadequacy of PCI DSS Enforcing a vendor risk assessment to avoid outsourcing security risks How to Secure Cloud Computing Enterprise Risk Management: Metrics and Assessments The basics of enterprise GRC project management RSA council addresses growing security risks in the cloud How to write a risk methodology that blends business, security needs Mature SIMs do more than log aggregation and correlation Risk management must include physical-logical security convergence New partnerships, creative thinking help security bust recession Security budgets take hit in media, tech industry, survey finds Service-focused security offers best value to organization Ease the compliance burden with automation Forensic accounting success depends on information security support Enterprise Risk Management: Metrics and Assessments Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary gray hat  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary