IBM unveils 'autonomic' Tivoli Risk Manager

IBM has unveiled the latest version of enterprise security management tool Tivoli Risk Manager, which now contains new...

IBM has unveiled the latest version of enterprise security management tool Tivoli Risk Manager, which now contains new self-protecting "autonomic" features and supports three new security products.

IBM will also announce its intention to integrate Risk Manager more closely with future releases of the company's Tivoli NetView network management tool.

IBM is touting the 4.1 release of Tivoli Risk Manager as the first "autonomic security management software", capable of automatically monitoring a network's health, protecting a network against attack and healing a network in the event of attack.

Among the autonomic features of the product, is a monitoring function referred to as the "heartbeat" that tracks "keepalive" messages from third-party security products and gives administrators an early warning about failures in their security infrastructure. Network devices use "keepalive" messages to communicate information about their online status and health.

"The heartbeat function is a way of actively monitoring the security products that Risk Manager manages. If a connection is lost, the heartbeat monitor issues an alert to Risk Manager," said James Galvin, market manager for Tivoli product at IBM.

Galvin points out that the product can integrate with software distribution tools, including Tivoli Configuration Manager and similar third-party products. These tools enable Risk Manager to push out security patches and software updates to devices under its management.

However, analogies between IBM's software and the human body's immune system are greeted with some scepticism

"'Auto healing' is just language that [IBM] uses to differentiate themselves," said Charles Kolodgy, research manager at IDC.

"It's not what they're calling it, but what [the product] does. Risk Manager has the ability to check the status of all of a company's third-party security devices. That's not a feature that the competition has right now and it's a very useful feature."

IBM will also announce three additional products that Risk Manager is capable of managing. Tripwire for Servers by Tripwire and Dragon Intrusion Detection Systems by Enterasys Networks monitor file and data integrity on network servers, notifying users and administrators when files have been altered; Sanctum's Sanctum AppShield targets application-level security breaches.

"TripWire especially is a key to a lot of people's security posture. Appshield is growing in the Web security area, and Enterasys Dragon has been a high performer as an intrusion detection system," said Kolodgy.

Products already supported by Risk Manager will allow IBM to stay competitive in the crowded enterprise security management space.

In addition to companies such as netForensics and NetIQ, IBM will soon have to contend with security giant Symantec, which will unveil its Symantec Security Management System (SSMS) enterprise product next week.

IBM will also announce that Risk Manager will be bundled with future releases of its Tivoli NetView product. Risk Manager will appear as a security operations dashboard on the NetView product, allowing organisations to monitor and identify the source of security incidents, according to Galvin.

Risk Manager 4.1 will be available from 18 October.

Read more on IT risk management