IBM adds database support to Risk Manager

IBM will expanding its Tivoli Risk Manager security event management product to manage security events from a number of common...

IBM will expand its Tivoli Risk Manager security event management product to manage security events from a number of common enterprise databases.

The Risk Manager software can now manage security events from IBM DB2 Universal Database as well as Oracle Database by Oracle and Microsoft's SQL Server, IBM said.

The product can correlate database security events with events being logged by other devices on a network such as web servers, firewalls and intrusion detection systems (IDS).

Using Risk Manager, complex network attacks involving multiple devices can be boiled down from thousands of related events to a small number of incidents to which administrators could respond.

Risk Manager's database support will complement the work of other Tivoli database monitoring products such as IBM Tivoli Monitoring for Databases, according to IBM. That product tracks database performance and resource allocation, automatically alerting database administrators when problems arise.

The announcement extends IBM's effort to automate common network tasks such as updating passwords, changing device configurations and responding to security events.

High-risk database activity, such as deleting data, would result in an alert being issued and the offending user's information being displayed on to the Risk Manager security dashboard for review by administrators.

Package delivery company United Parcel Service (UPS) is evaluating the Risk Manager product for its ability to correlate IDS output and is keen on the additional support for database output, said Glen Barry, director of enterprise systems management at UPS.

"Our environment has multiple databases - DB2, Oracle and SQL - so a product that has more breadth has more value. This announcement is definitely of interest to us," he said.

UPS is looking to use Risk Manager to replace its existing system of outsourcing event management to a third party.

The announcement from IBM is evidence of a trend in the network management space, one analyst said.

"We're seeing IBM continue to put considerable resources and attention into having a product that can solve problems that enterprises have today," said Gerry Gebel, analyst at The Burton Group.

While enterprise planners have focused on perimeter security, they are increasingly turning to the problem of securing resources within the firewall and applying the same perimeter security technology to securing data where it is actually stored, Gebel said.

While the market for products that can do event correlation for databases is still relatively small, increased pressure on organisations from federal and state regulations governing data protection is likely to increase the market for such products in the future, he added.

Paul Roberts writes for IDG News Service

Read more on IT strategy