IBM and GE Interlogix to unite physical and IT security management

IBM and GE Interlogix announced they’ll work together to ensure that IBM enterprise management software can accept security alerts and other data from the Interlogix security system Facility Commander, which can collect and manage incoming alerts from multi-vendor badge readers, burglar alarms and surveillance systems.

 The integration between IBM and GE Interlogix products is an effort to combine management of “physical” security systems with software-based “logical” security for network monitoring, such as smart-card single-sign-on or intrusion-detection systems. Ray Blair, vice president of security solutions and business development at IBM Global Services, said the integration should be completed by year-end. Once that’s done, IBM’s Tivoli Risk Manager and Tivoli Console can interoperate with GE Interlogix Facilites Commander to share data and correlate events.

IBM’s WebSphere, DB2 and Directory Integrator will also undergo changes for the integration with the GE Interlogix products, but Blair said this won’t affect pricing of the IBM products.

 “You can combine alerts from the physical world and the IT world,” Blair said. “Once you add custom programming, you can put rules in place for a correlation engine so, for example,  if someone badges out at a particular time but then signs [onto the network] five minutes later, you’ll know.”

Management of physical security systems – such as badge-based door entry systems, air conditioning monitors and alarm systems – has often been kept wholly separate within the enterprise from security management of IT-based assets, like network equipment and applications. But that has started to change for many organizations, including the Department of Defense, looking to use a common access smart card for building and network entry. Blair said that universities are also increasingly interested in seeing physical and logical security combined. Universities have expressed an interest in having students use an electronic card for gaining computer access, obtaining their meals, and much more.

Computer Associates is another vendor focusing on combining physical and logical security alerts, with a product called eTrust 20/20. CA last April kicked off an effort it calls “Open Security Exchange” to try to get a wide swath of the industry developing physical security and network-based products on board to develop standards for sharing information with other vendors.

IBM is aware of Open Security Exchange but hasn’t decided whether to join it. “We’re looking at that, but we want to make sure it’s not a CA-only initiative,” Blair said, adding, “We need to interoperate with more than IBM.”