IBM unveils security management software

Company debuts Tivoli security information management product developed from technology acquired with Micromuse and GuardedNet.

IBM this week debuted security information management software that the company says will help large customers better integrate their security and operation management efforts.

IBM Tivoli Security Operations Manager (TSOM) software collects security events and logs from disparate devices to help network and security managers more quickly determine the source of a security threat. TSOM gathers events from distributed devices such as firewalls, intrusion-detection systems and proxy servers. The software then aggregates the data in such a way that, for example, Cisco and Check Point Software alerts can be directly correlated to help determine the source of potential security problems.

"In some enterprise companies, IT shops handle security and management hand in hand," says Paul Stamp, a senior analyst with Forrester Research. "This type of product helps that type of mature organization deal with security incidents in the same way and with the same processes as it would other incidents and operational events."

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

IBM this week debuted security information management software that the company says will help large customers better integrate their security and operation management efforts.

IBM Tivoli Security Operations Manager (TSOM) software collects security events and logs from disparate devices to help network and security managers more quickly determine the source of a security threat. TSOM gathers events from distributed devices such as firewalls, intrusion-detection systems and proxy servers. The software then aggregates the data in such a way that, for example, Cisco and Check Point Software alerts can be directly correlated to help determine the source of potential security problems.

"In some enterprise companies, IT shops handle security and management hand in hand," says Paul Stamp, a senior analyst with Forrester Research. "This type of product helps that type of mature organization deal with security incidents in the same way and with the same processes as it would other incidents and operational events."

TSOM is based on technology developed by former stand-alone security information management (SIM) vendor GuardedNet, which IBM acquired with Micromuse earlier this year. (Micromuse acquired GuardedNet in 2005.) IBM says the product provides tools to gather security events and easily integrate them with other operational events from Micromuse's Netcool monitoring software and Tivoli Enterprise Console dashboard technology. IBM also tapped features in its Tivoli Identity Manager and Tivoli Access Manager to enable TSOM to enforce internal security policies and detect internal foul play.

TSOM includes a few elements. The central management software installs on a Solaris or Red Hat Linux server. Another piece of software, an event aggregation application, can be installed on the same server or a separate box, depending on network size and configuration. The software also works with Oracle or MySQL database technology, which can be installed on the same box or separately depending on network configuration. The aggregation software gathers events, normalizes them and sends data to the central management console from which network and security managers can view reports and take action based on alerts and events.

TSOM competes with SIM products from ArcSight, Consul Risk Management, e-Security (recently acquired by Novell), netForensics and Network Intelligence, among others. IBM also could face competition from the likes of Cisco, with its Security monitoring, analysis and response system appliance, and Symantec, which last year delivered its Security Information Manager 9500 Series.

Available next week, TSOM starts at about $75,000 for a 20-license deployment.