IBM said Monday that it has acquired database security firm Guardium.
Guardium is a leading vendor in monitoring and protecting databases for large enterprises. In addition to securing the data and watching database activity, Guardium's technology can automate certain tasks to assist businesses with regulatory compliance, said IBM. Big Blue expects the acquisition to help its customers better shield their critical databases against both external and internal threats.
Guardium can check for specific patterns and anomalies when information is accessed, said IBM, allowing enterprises to maintain the integrity of their data. Guardium's technology can also detect fraud and unauthorized access to a database by way of an enterprise application, such as a company's ERP or CRM software.
"Organizations are grappling with government mandates, industry standards and business demands to ensure that their critical data is protected against internal and external threats," said Arvind Krishna, general manager of IBM Information Management, in a statement. "This acquisition is another significant step in our abilities to help clients govern and monitor their data, and ultimately make their information more secure throughout its lifecycle."
Guardium, a privately held company based in Waltham, Mass., will be integrated into IBM's Information Management Software portfolio.
Big Blue hasn't been shy about buying companies this year to increase the scope of its business services. In July, the company picked up analytics and information forecaster SPSS for $1.2 billion. With security a vital need for its customers, IBM also acquired security provider Ounce Labs around the same time.
Financial terms of the Guardium deal were not disclosed.
Harriet Pearson, chief privacy officer, IBM
(Credit: IBM)Harriet Pearson once joined a petition signed by Facebook users, urging the social-networking site to do more in terms of privacy.
But the privacy expert considers herself a moderate when it comes to protecting her personal information.
Pearson, IBM's chief privacy officer for the past nine years and also its security counsel since last year, says each person needs a mental model to assess the benefits or risks associated with providing personal data. In the same way, she said, governments ought to be thoughtful when drafting policies and laws on data protection.
In town recently for Singapore's annual GovernmentWare conference, Pearson sat down with ZDNet Asia to discuss data protection legislation, the need for a balanced view regarding data breach notification, and why Asian regulators should not "photocopy" European law books.
Read more of "Asia's lawmakers need not copy Europe" at ZDNet Asia.
IBM has purchased Ounce Labs, a privately held software security provider, the companies said Tuesday.
Software developers often face both security and compliance issues with their products. Ounce Labs uses its technology to scan the source code of an application, hunting for security holes and compliance failures. Ounce tries to track down problems early on in a product's development when they're easier and cheaper to fix.
IBM will integrate Waltham, Mass.-based Ounce Labs into its Rational software business, which offers security and compliance testing. Big Blue said it believes that the combination of Ounce Labs and Rational will provide its customers with security analysis from source code to final production.
"The complexity of today's systems and the sophistication of attacks require comprehensive technology," said Daniel Sabbah, general manager of IBM Rational Software. "The acquisition of Ounce Labs allows IBM to provide customers an end-to-end application security-testing solution for managing security and compliance across all stages of the software delivery process."
Ounce Labs, which was founded in 2002, recently sponsored a survey that showed many CEOs and their executive officers don't necessarily see eye to eye on key security issues.
Big Blue is in a buying mood. Ounce Labs is IBM's second acquisition deal of the day, with the company just announcing that it will acquire business analytics forecaster SPSS for $1.2 billion.
The terms of the Ounce Labs acquisition were not disclosed.
SAN FRANCISCO--IBM on Tuesday introduced cloud security services and said it is initiating a company-wide project to develop a security architecture for hosted computing.
The company, which made the announcements at the RSA security conference, also unveiled an appliance designed to protect virtual network segments. Proventia Virtualized Network Security Platform, an appliance that includes intrusion prevention, Web application protection, and network policy enforcement.
IBM also announced:
Proventia Web application firewall, which is embedded into the IBM ISS Proventia portfolio of products and which acts as a virtual application patching mechanism.
Malware scanning for IBM Rational AppScan, which allows users to automatically scan Web sites for embedded malware.
IBM Tivoli Identity and Access Assurance, which offers centralized identity, access and audit services for corporations.
IBM Tivoli Data and Application Security, designed to mitigate privacy and compliance risks by encrypting data stored on tapes and disks.
IBM Tivoli Security Management for z/OS, which features centralized management for mainframes.
I've long been a big proponent of self-encrypting drives as the best way to encrypt data-at-rest on PCs and storage systems.
This belief became a lot more real in January when the Trusted Computing Group published three storage encryption standards for laptops, enterprise storage, and software interoperability. Fujitsu, Hitachi, Seagate, and Toshiba support these standards and are already shipping self-encrypting drives.
In February, IBM joined the fray, further validating the self-encrypting drive standard. IBM announced that its massive DS8000 storage system will now offer self-encrypting drives to protect the confidentiality and integrity of data-at-rest. LSI, another leading storage system vendor, is also on board.
I have to believe that Fujitsu and Hitachi will soon follow this trend. Both companies currently offer encrypting storage systems that use a cryptographic processor resident in their storage controllers. Since both companies supply self-encrypting drives, it is likely that they will replace encrypting controllers with self-encrypting drives in future product revisions.
It seems to me that the dominoes are falling at an accelerating pace and that within two to three years, every device that ships with a hard drive or solid-state disk will offer self-encrypting drives. Chief information security officers, purchasing managers, management software vendors, and government agencies should plan for this inevitability.
IBM announced new software on Wednesday that scans Flash and Ajax-based apps for security problems.
IBM Rational AppScan can automatically scan online applications every 15 minutes to check for security defects that could lead to compromised computers and Internet attacks. Administrators can receive security alerts on their mobile devices as they occur.
The standard version of the product costs $17,550 for a one-year license. The software also supports service oriented architecture applications, IBM said.
More than half of all vulnerabilities disclosed last year were Web applications, according to IBM's X-Force Trend Report.
And Flash seems to get its share of vulnerabilities. The number of Flash vulnerabilities detected in Web applications over the last two years have increased by 300 percent compared with 2005 and 2006, according to the IBM X-Force report.
Adobe Flash Player is on more than 98 percent of Internet connected computers and is used to view 80 percent of the video on the Web, IBM said.
IBM was set to unveil on Wednesday a prototype USB device designed to protect people doing online banking from having their data stolen or compromised.
The device, which looks like a memory stick with an integrated display, creates a secure channel to a bank's online transaction server. The connection bypasses the user's PC, which could be infected with viruses and other malware that make sending financial information over the Internet unsafe.
The user can log on and validate transactions using the device's display and a smart card can be inserted into the device, providing an added layer of security to protect transmissions from man-in-the-middle interceptions, IBM said.
The device, called a Zone Trusted Information Channel, runs the Transport Layer Security/Secure Sockets Layer (TLS/SSL) protocol and includes a TLS engine and a networking proxy for running on a PC.
Developed at IBM's Zurich Research Lab, pilot devices are ready for bank trials. They do not require changes in the bank server software or the client software and they run on all major client operating systems.
IBM Research's Zone Trusted Information Channel is a USB that makes online banking safer.
(Credit: IBM Research)A campaign will be launched on Tuesday to ask U.S. tech companies to help save Bletchley Park, whose wartime work helped lay the foundations of modern computing and crytography.
The fund-raising campaign will be led by cryptography provider PGP, together with IBM and other technology firms. Phil Dunkelberger, chief executive of PGP, told ZDNet UK in a video interview that the group of companies would be making donations to repair the buildings at Bletchley Park, including the National Museum of Computing, and would be calling for other organizations to get involved.
"We're calling attention (to the fact that) Bletchley is falling into disrepair, and that, probably, the world owes a debt of gratitude to that place," Dunkelberger said.
Bletchley Park is famous for being the nerve center of U.K. code-breaking operations during World War II, and for being the home of the world's first programmable computer, Colossus.
Historians suggested in May that "without Bletchley Park, the allies may never have won the war." At that time, they said the Bletchley Park site and museum "faced a bleak future unless it could secure funding to keep its doors open and its numerous exhibits from rotting away."
While the buildings at Bletchley Park are under no immediate danger, the fabric of the buildings is deteriorating rapidly. The National Museum of Computing receives no external funding, having been turned down for both National Lottery and Bill & Melinda Gates Foundation funds.
PGP's campaign will be the latest in a number of attempts to stop the museum from falling apart. In July, a group of 97 senior scientists wrote to The Times newspaper to highlight the plight of the museum.
Tom Espiner of ZDNet UK reported from London. Colin Barker of ZDNet UK contributed to this article..
- prev
- 1
- next
