IBM (NYSE:IBM) today unveiled new information security audit and compliance software to help businesses manage computer systems, data and information in accordance with security and compliance guidelines.
The new IBM Tivoli Compliance Insight Manager will help companies track, report and investigate non-compliant behavior across their enterprise. It monitors user behavior in comparison to policies for compliance purposes, automatically providing alerts when information or technology assets are at risk, when data or systems are inappropriately accessed, or if security policies have been violated.
Security audit and compliance management have become a significant burden to IT organizations, as laws and regulations such as Sarbanes-Oxley, Basel II, HIPAA and others can lead businesses to collect information to demonstrate that proper internal controls are being deployed and enforced.
The number of these regulatory requirements that directly affect IT operations is expected to double in the next five years. And, in accordance with this doubling, analyst firm Gartner also predicts that, through 2011, companies pursuing an integrated strategy of a risk-oriented approach to compliance, standardization of controls, and automation will reduce the scope of manual process controls by 70 percent and will get the most collateral business value from their compliance investments. (1)
Additionally, through 2010, companies that select individual solutions for each regulatory challenge they face will spend ten times more on the IT portion of compliance projects than companies that take a proactive and more-integrated approach. (2)
IBM Tivoli Compliance Insight Manager provides a broad-based solution for enterprise security audit and compliance management with automated log collection, a compliance dashboard, "out of the box" regulatory compliance reports, and flexible report distribution. As IBM's newest security information and event management software, Tivoli Compliance Insight Manager reports on privileged users and access patterns to help ease the burden on IT organizations, lower costs, and reduce the risk of malicious or accidental breaches and downtime.
"Companies today are dealing with an increasingly complex regulatory environment, along with growing IT environments, and increasing demands to run secure and highly resilient businesses," said Kristin Lovejoy, director, IBM Governance & Risk Management strategy. "IBM Tivoli Compliance Insight Manager provides a valuable, automated management tool for improved organizational efficiency and fast response to security and compliance violations."
A significant addition to the IBM Governance & Risk Management portfolio, this new software expands on the capabilities of Consul InSight, the flagship software suite of Consul risk management, which IBM acquired in January 2007.
The software supports creation of custom compliance management modules through advanced policy and report definition engines to help meet an organization's specific compliance requirements. Its custom report writer allows users to create reports for audit and compliance purposes, providing the ability to generate a company's own unique custom compliance modules.
It also supports auditing needs by translating vast amounts of captured security data into a common format - with patent-pending W7 methodology (Who, did What, When, Where, Where from, Where to and on What) - that can be easily understood by an auditor or organizational leader not intimately familiar with all facets of the various areas from which data has been collected.
IBM Tivoli Compliance Insight Manager integrates with IBM Tivoli Security Operations Manager, a real-time operational dashboard for attack recognition and incident response. It also accepts data from IBM Tivoli Identity Manager and IBM Tivoli Access Manager to audit and report on the actions of privileged users.
This integration provides detailed information when a Tivoli Identity Manager or Tivoli Access Manager administrator or other privileged user changes the role or authorization status of individual users. Tivoli Compliance Insight Manager leverages self-managing autonomic capabilities to provide detailed information on the specific user who performed the action, in addition to detailed information on the user who had a changed role or was granted authorization.
With its "agentless" event and data collection capabilities, IBM Tivoli Compliance Insight Manager will provide additional support for the IBM System i business computing platform, allowing for non-intrusive event and data collection to help reduce the impact of implementing security audit and compliance reporting for System i clients.
IBM Tivoli Compliance Insight Manager will be available worldwide on July 6, 2007.
(1) Gartner: The 2007 Compliance and Risk Management Planning Guidance: Governance Becomes Central, by French Caldwell, April 12, 2007.
(2) Gartner: Audits and Events Drive Governance, Risk and Compliance Spending, by Tom Eid, French Caldwell, March 2, 2007.