IBM adds database support to Risk Manager

IBM Corp. is expanding its Tivoli Risk Manager security event management product to manage security events from a number of common enterprise databases, according to a statement from the company.

The Risk Manager software can now manage security events from IBM DB2 Universal Database as well as Oracle Database by Oracle Corp. and Microsoft Corp.’s SQL Server, IBM said.

The product can correlate database security events with events being logged by other devices on a network such as Web servers, firewalls and intrusion detection systems (IDS), IBM said.

Using Risk Manager, complex network attacks involving multiple devices can be boiled down from thousands of related events to a small number of incidents that administrators could respond to, IBM said.

Risk Manager’s database support will complement the work of other Tivoli database monitoring products such as IBM Tivoli Monitoring for Databases, according to IBM. That product tracks database performance and resource allocation, automatically alerting database administrators when problems arise.

The announcement extends IBM’s ongoing effort to automate common network tasks such as updating passwords, changing device configurations and responding to security events.

High risk database activity, such as deleting data, would result in an alert being issued and the offending user’s information being displayed on to the Risk Manager security dashboard for review by administrators.

Package delivery giant United Parcel Service Inc. (UPS) is currently evaluating the Risk Manager product for its ability to correlate IDS output, but the additional support for database output would be “nice to have,” according to Glen Barry, director of enterprise systems management at UPS in Mahwah, New Jersey.

“Our environment has multiple databases – DB2, Oracle and SQL – so a product that has more breadth has more value. This announcement is definitely of interest to us,” he said.

While Barry was not familiar with the details of IBM’s announcement, he said that UPS already uses a variety of Tivoli products such as its configuration manager and monitoring components. UPS is also converting from Tivoli User Administration to Tivoli Identity Manager, he said.

UPS is looking to use Risk Manager to replace its current system of outsourcing event management to a third party.

In addition to managing the world’s largest DB2 database, UPS’s network consists of 14 mainframe computers, 2400 mid-range servers and more than 240,000 PCs, Barry said.

While the company hadn’t considered database event management before agreeing to try Risk Manager, the addition of support for the three main databases that UPS manages on its network sweetens the deal, Barry said.

The announcement from IBM is evidence of an ongoing trend in the network management space, one analyst said.

“We’re seeing IBM continue to put considerable resources and attention into having a product that can solve problems that enterprises have today,” said Gerry Gebel, analyst at The Burton Group Corp. in Midvale, Utah.

While enterprise planners have traditionally focused on perimeter security, they are increasingly turning to the problem of securing resources within the firewall and applying the same perimeter security technology to securing data where it is actually stored, Gebel said.

While the market for products that can do event correlation for databases is still relatively small, increased pressure on organizations from new federal and state regulations governing data protection is likely to increase the market for such products in the future, he said.