IBM will expand its Tivoli Risk Manager security event
management product to manage security events from a number of
common enterprise databases.
The Risk Manager software can now manage security events from
IBM DB2 Universal Database as well as Oracle Database by Oracle and
Microsoft's SQL Server, IBM said.
The product can correlate database security events with events
being logged by other devices on a network such as web servers,
firewalls and intrusion detection systems (IDS).
Using Risk Manager, complex network attacks involving multiple
devices can be boiled down from thousands of related events to a
small number of incidents to which administrators could
respond.
Risk Manager's database support will complement the work of
other Tivoli database monitoring products such as IBM Tivoli
Monitoring for Databases, according to IBM. That product tracks
database performance and resource allocation, automatically
alerting database administrators when problems arise.
The announcement extends IBM's effort to automate common network
tasks such as updating passwords, changing device configurations
and responding to security events.
High-risk database activity, such as deleting data, would result
in an alert being issued and the offending user's information being
displayed on to the Risk Manager security dashboard for review by
administrators.
Package delivery company United Parcel Service (UPS) is
evaluating the Risk Manager product for its ability to correlate
IDS output and is keen on the additional support for database
output, said Glen Barry, director of enterprise systems management
at UPS.
"Our environment has multiple databases - DB2, Oracle and SQL
- so a product that has more breadth has more value. This
announcement is definitely of interest to us," he said.
UPS is looking to use Risk Manager to replace its existing
system of outsourcing event management to a third party.
The announcement from IBM is evidence of a trend in the network
management space, one analyst said.
"We're seeing IBM continue to put considerable resources and
attention into having a product that can solve problems that
enterprises have today," said Gerry Gebel, analyst at The Burton
Group.
While enterprise planners have focused on perimeter security,
they are increasingly turning to the problem of securing resources
within the firewall and applying the same perimeter security
technology to securing data where it is actually stored, Gebel
said.
While the market for products that can do event correlation for
databases is still relatively small, increased pressure on
organisations from federal and state regulations governing data
protection is likely to increase the market for such products in
the future, he added.
Paul Roberts writes for IDG News Service