IBM Looks Within for Security Push

Strategy calls for common infrastructure, high level of automation.

IBM is in the early stages of crafting a new strategy around its security products and services that company executives believe could change the application development process, as well as alter the way enterprises buy and deploy security wares.

The plan calls for bringing security technologies together to form a common infrastructure layer into which enterprises can build their networks without having to worry about such issues as compatibility, interoperability and standards support.

The strategy comes at a time when customers are demanding more in the way of security from all their vendors, a fact that could play into IBMs hands if the company is able to separate itself from other vendors on the basis of security.

"Were looking for guarantees on product security from vendors, for sure," said James Dillon, CIO of the state of New York, a large IBM customer. "Thats first and foremost in every vendor interaction we have now."

To accomplish their goals, IBM executives say that the technologies involved will need a high level of automation to make it as easy as possible for application vendors and enterprises to interact with them.

"Right now, we depend on every application developer to code security considerations into their software. If theres an external structure, everything can plug into it," said Arvind Krishna, vice president of provisioning and security development for the Tivoli software division of IBM, based in Armonk, N.Y. "Its easier to scale and secure a common infrastructure."

IBM is not alone. BEA Systems Inc. this week will introduce an infrastructure and partnerships for security. WES (WebLogic Enterprise Security) is a cross-enterprise application security infrastructure that provides security services to applications such as authentication through native integrations, plug-ins and partnerships with security vendors. Rather than replace existing security applications, WES abstracts code from the applications and turns it into distributed enterprise security services that can handle and manage security requests.

The early pieces of IBMs strategy, such as some updated identity management solutions, already are beginning to make their way onto the market. But IBM also is working on some new technologies that it hopes will play large roles in the plan in the near future.

One such project is a so-called intrusion response system that is designed to help reroute network traffic to avoid bottlenecks and prevent network failures during attacks or virus outbreaks. The system will help administrators confine attacks within segments of a network while enabling the rest of the system to operate normally.

Some of the current products that fit into the plan include several updated identity management products, all of which provide a large degree of automation. The main components of the identity management package, which IBM announced last week, are revised versions of Tivoli Access Manager, Identity Manager and Privacy Manager.

IBM added several functions to the applications, which now form a more cohesive unit than they did previously. Among the new features are an automated workflow engine to speed up tasks such as opening a help desk request, as well as a dynamic rules engine capable of extracting user attributes from a wide variety of data sources and using them to help make access control decisions.

The latter function plays into the IBM plan to obviate the need for a load of redundant security mechanisms by eliminating separate access control lists for each application.

At a security event here last week, IBM also introduced a new wireless intrusion detection system based on the companys Distributed Wireless Security Analyzer technology. The system can detect attacks on wireless LANs while monitoring access points for tampering.

Discuss this in the eWEEK forum.