IBM has introduced new services, hardware and software aimed at improving the security of cloud computing environments, helping ensure the confidentiality of data and helping locking down applications from attack.
The new security products and services arrive as recent studies from the IBM X-Force security research group revealed that criminal organizations around the globe are developing new attack techniques with alarming speed. At the same time, businesses are increasingly deploying more collaborative business models and taking advantage of new information technology (IT) infrastructures like cloud computing, virtualization and Web 2.0 which introduce new complexities for security teams. IBM's new arsenal of security products are designed to meet customers' requirements; allow businesses to take advantage of new technology paradigms by helping to address new and emerging risk; and help address the cost and complexity of important security and compliance projects -- like Identity Assurance and Data Security management -- through introduction of simplified security solutions.
"New computing models fundamentally require businesses to rethink how they deal with compliance, risk management, data and application protection," said Brian Truskowski, general manager of IBM Internet Security Systems (ISS). "The industry has taken a 'deploy now, secure later' approach which is creating today's oppressive cost and complexity problems in security. IBM is driving innovation with platforms that embed security in the infrastructure to transform security into a business enabler, rather than a costly inhibitor."
New cloud security offering
Solid security approaches depend on an understanding of where data resides and how it's used. Achieving a complete view of enterprise assets and threats is a challenge even in traditional IT environments. With the growth of cloud computing, applications and data are flexible, fluid, and can reside in many different places at a given time creating some risk of malicious conduct or attack.
IBM is introducing Proventia Virtualized Network Security Platform, a virtual appliance to help secure a company's physical and cloud assets. One of the initial outcomes of IBM's foray into secure virtualization, Proventia Virtualized Network Security Platform is an extensible virtual security platform that consolidates security applications like intrusion prevention, Web application protection and network policy enforcement into a single service. With Proventia Virtualized Security Platform, clients can take advantage of unprecedented scale to apply the benefits of virtualization to deliver X-Force powered network protection for virtual network segments, a key element for delivering secure cloud-based services.
The virtual world encounters the risk of having the same security cost and complexity issues that have taken over the physical security world.
"Today's complex arrays of point products create a management nightmare for security operations," said Pat O'Day, chief technology officer at BlueLock, which provides cloud services for clients worldwide. "BlueLock is working with IBM to lead the industry down a different path, one in which security is embedded into the fabric of the virtual cloud itself. With a holistic view, IBM could alleviate the need for clients to install and manage multiple point solutions in their environment."
To combat the security challenges in cloud computing, IBM has undertaken a company-wide project for a unified and comprehensive security architecture for cloud computing environments. The effort, which spans Systems, Software, Services and IBM's lauded Research and X-Force arms, is focused on delivering highly automated comprehensive security solutions with a heavy emphasis on strong isolation, integrity and resiliency.
Extended Protection for the Web Helps Prevent Malware Attacks
As organizations continue to operate on the global Web, the prevalence and dynamic nature of online applications is creating new challenges for meeting compliance and security needs. Causing even more concern, the rise of malicious software (malware) is gaining traction as one of the leading threats to security. According to IBM's 2008 X-Force Trend & Risk Report, more than 80 percent of malicious content today is served from legitimate Web sites.
Online sites such as social networks, blogs and wikis are all enticing users to exchange and share dialogue with one another. This increase in interaction is providing hackers and cybercriminals easier access to plant malicious software within these applications. As a result, organizations are looking for ways to protect their clients' data from being attacked and verifying that their Web sites have not been compromised to become a platform for attacks. IBM is announcing new solutions to help combat these threats:
- Malware scanning for IBM Rational AppScan -This service will combine the extensive capabilities of Rational's AppScan scanning and testing software with the power of ISS X-Force's malware research and detection engine. With a few simple clicks, users will be able to automatically and proactively scan and test Web sites for embedded malware, analyze the content, and determine if and where malicious content exists. If malware is identified, organizations can then report on these issues, rid applications and sites of the problem and protect users.
- Proventia Web application firewall - This new module is embedded into the IBM ISS Proventia portfolio of products and is designed to allow clients to secure more points of vulnerability with a single solution. Based on research from the IBM X-Force security team, the capability is designed to provide inline network protection against major categories of Web application vulnerabilities and attacks. The service is intended to act as a virtual application patching mechanism, a crucial component, given that over 50 percent of application vulnerabilities remain un-patched for months. The combination of Rational AppScan and Proventia web application firewall enables IBM to provide end-to-end application security and compliance solution from development through production. The combination of Rational AppScan and Proventia web application firewall enables IBM to provide a comprehensive application security solution from development through production.
New data and identity software for the globally integrated, connected business
IBM is also introducing four new security offerings for the dynamic infrastructure and Web-based environments that can help enable line of business and IT security managers to improve their risk posture, meet required cost reduction mandates and reduce complexity. Managing risk in a dynamic infrastructure requires developing and managing a secure infrastructure that at its core is based on trust. This notion of trust in users, identities, information, business processes and infrastructure helps clients to deliver superior business and IT services with agility and speed, while helping to minimize costs of management, administration and operation of the infrastructure.
The new offerings include:
- IBM Tivoli Identity and Access Assurance- Helps monitor, manage, and mitigate identity and access risks through centralized identity, access, attestation and audit services. It also provides closed loop privileged user monitoring, control and remediation. This service is available with IBM ISS Managed Identity Services to help further lower assurance costs.
- IBM Tivoli Data and Application Security - Helps address privacy and compliance risks caused by lost backup tapes and disks through encryption of stored data. The service helps improve access controls and provides the ability to track policy compliance of users.
- IBM Tivoli Security Management for z/OS - Helps improve Resource Access Control Facility (RACF) operational management and compliance posture. The new service enhances centralized management facilities for the mainframe enabling the monitoring of events and incidents while reducing security vulnerabilities.
IBM Tivoli Access Manager for Enterprise Single Sign On is also announcing the support of six business partners for second factor 'strong' authentication. IBM now has 250 application profiles available to clients to facilitate integration into their environments. Charismathics, Digital Persona, Ensure Technologies, Fujitsu, RFIDeas, and UPEK will help clients integrate the management of logical and physical security.