066/2008
Armonk, USA/ Stuttgart, 09. April 2008 – IBM hat heute einen Durchbruch im Schutz für virtuelle Umgebungen sowie neue Sicherheitssoftware angekündigt. Mit dem neuen Angebot können Unternehmen weltweit substantielle Verbesserungen hinsichtlich der Sicherheit von Informationen, Anwendungen und IT-Infrastrukturen erzielen.
Die Ankündigung umfasst:
- eine Forschungsinitiative vom IBM X-Force und IBM Research Team mit dem Namen „PHANTOM“. Dieses bietet Unternehmen neue Mittel und Wege, virtualisierte Serverumgebungen zu schützen.
- neue Tivoli Software, die Unternehmen bei der Sicherung ihrer Daten hilft, um Kosten zu reduzieren und Komplexität zu senken
PHANTOM
Die IT Industrie erlebt eine fundamentale Transformation, da Unternehmen traditionelle physische IT Umgebungen durch virtuelle Umgebungen ersetzen. Durch eine zusätzliche Virtualisierungsebene werden aber auch gleichzeitig neue Sicherheitsschwachstellen eingeführt. Herkömmliche Sicherheitstechnologie ist allerdings nur auf die physische Ausstattung ausgelegt. Mit der Initiative PHANTOM möchte IBM eine virtualisierte Sicherheitstechnologie entwickeln, die schädlichen Austausch zwischen virtuellen Maschinen beobachtet und trennt, ohne dabei eine Gefährdung darzustellen.
Neue Software für Information Security
- IBM Tivoli Key Lifecycle Manager: hilft Unternehmen, Chiffrierschlüssel über den gesamten Lebenszyklus zu verwalten und auf diese Weise verschlüsselte Daten auf Speichergeräten so zu sichern, dass keine Gefahr bei Verlust oder Diebstahl besteht.
- IBM Unstructured Data Security Solution: hilft Unternehmen, unstrukturierte Daten zu klassifizieren, zu sichern und zu kontrollieren.
- IBM Tivoli Security Information and Event Manager: verschafft Unternehmen Einsicht in ihre Sicherheit und deckt Misskonfigurationen, Missbrauch und verdächtige Netzwerkaktivitäten auf.
Neue Software für Application Security und Identity Access Management
IBM Tivoli Access Manager for e-business: Die Software erweitert und vereinfacht Sicherheit und Compliance, indem sie Nutzerzugänge zu Web basierten Anwendungen unterschiedlicher Anbieter verwaltet. Die Bandbreite der Anwendungen reicht dabei von E-Mail Anwendungen bis hin zu ERP-Systemen.
Weitere Informationen entnehmen Sie bitte der Originalmeldung
IBM Bolsters Clients’ Security Arsenal
New Products and Innovation from IBM Help Clients Manage Global Risk; Safeguard Virtual Environments
ARMONK, N.Y. -- April 8, 2008 -- IBM (NYSE: IBM) today announced a breakthrough in safeguarding virtual server environments and introduced new software to help businesses better manager risk. The company said the advances can provide businesses with substantial improvements in securing information, applications, and information technology (IT) infrastructures around the globe.
Today's announcements include:
- A breakthrough research initiative from IBM X-Force and IBM Research, code-named “PHANTOM”, which offers businesses a new means of securing virtualized server environments. At PHANTOM’s core is industry-leading network and host intrusion protection used to guard the virtual environment and the machines from the inside out. The new technology sits in a secure, isolated partition and integrates with the hypervisor - the layer of management software that coordinates calls between operating systems and computer hardware.
- New software from Tivoli that helps businesses reduce the cost and complexity associated with securing data.
“As sophisticated crime organizations infiltrate business processes and surreptitiously siphon off enterprise data, they are rapidly outpacing the advances of many of today’s security offerings,” said Val Rahmani, general manager IBM Internet Security Systems. “In order to withstand and overcome the explosion of tomorrow’s threats, enterprises must fundamentally change their security strategies and move to a model of business sustainability – a strategic approach in which security is designed into processes and systems to reduce risk and ensure long-term business enablement.”
IBM’s approach to business and information technology security is to strategically manage risk end-to-end while supporting governance and compliance initiatives across five domains – information security; threat and vulnerability; application security; identity and access management and physical security. Announced in November 2007, this approach helps businesses attain sustainable processes that can withstand the emergence of new threats, regulations and changes in the business environment.
New Research Breakthrough Code Named “PHANTOM”
The IT industry is experiencing a fundamental transformation as enterprises replace traditional physical computing environments with new virtual environments. However, introducing a new virtualization layer also introduces new security vulnerabilities that, if exploited, could allow attackers to gain unprecedented access to corporate computing assets.
The problem is: traditional security technology is designed to secure traditional physical computing environments, not virtualized environments. The dynamic nature of virtualization requires a new breed of security offerings with the visibility, granularity and scalability required to properly secure virtual machine deployments. Therefore, enterprises must adopt new technologies and best practices for protecting their virtualized environments, or they leave themselves open to potentially catastrophic compromise.
IBM’s PHANTOM initiative aims to create virtualization security technology to efficiently monitor and disrupt malicious communications between virtual machines without being compromised. In addition, full visibility of virtual hardware resources would allow PHANTOM to monitor the execution state of virtual machines, protecting them against both known and unknown threats before they occur. It is also designed to increase the security posture of the hypervisor - a critical point of vulnerability; because once an attacker gains control of the hypervisor, they gain control of all of machines running on the virtualized platform. For the first time, the hypervisor – the gateway to the virtualized world and all that lays above it – can be locked down.
IBM pioneered virtualization over forty years ago, leveraging decades of mainframe experience, embracing diverse resources and integrating the virtual and physical worlds. With the PHANTOM initiative, IBM is combining its systems and software heritage, Research prowess and X-Force intelligence to once again lead a new wave of virtualization innovation.
New Software for Information Security
The secure management of information is one of the fundamental requirements of an effective sustainable business. New additions to the IBM Information Security solution portfolio help reduce the cost and complexity associated with securing data.
IBM today unveiled details of IBM Tivoli Key Lifecycle Manager, software in the emerging area of encryption key management for storage devices. The software helps automate the management of encryption keys throughout their lifecycle to help ensure that encrypted data on storage devices cannot be compromised if lost or stolen. IBM Tivoli Key Lifecycle Manager, with an initial focus on industry standard storage including IBM tape and hard disk, also supports the growing number of requirements around data protection and compliance.
“Many businesses today have no formal, scalable process to manage thousands of encryption keys across several terabytes of data. IBM Tivoli Key Lifecycle Manager helps reduce the complexity and cost of managing the key lifecycle by automating the management process from key registration to changes and updates to archiving and destruction of tapes,” said Al Zollar, general manager, IBM Tivoli Software. “We intend to build upon this first release with future capabilities that support a broad range of storage formats and supporting software and hardware in our continued effort to help clients improve security of their sensitive company information while also supporting compliance requirements.”
IBM also today announced an enhancement to the IBM Information Security solution portfolio, which secures virtually any type of electronic information from creation through destruction, with the new IBM Unstructured Data Security Solution. This innovative software solution helps clients classify, secure and monitor unmanaged, unstructured data, such as information contained in spreadsheets, word processing documents and other text based files. With automated data classification, the solution helps improve security access controls and provides audit and compliance support for the vast majority of company data that is unstructured and unmanaged.
Most of the critical information within enterprises today is in the form of unstructured data. As a result, unstructured data represents a significant source of risk for data leakage and regulatory violations. With automated IBM Tivoli and IBM Information Management software, the new solution analyzes the text of selected company content in order to classify and collate the information into customized business-specific categories that fit the needs of company departments, such as human resources, legal and finance. Then, utilizing access management software, it can provide designated file-level access control to help ensure that only the proper audiences have access to specific data. The software also can actively monitor the privileged users who are granted access to designated files to help ensure appropriate use of their access rights, while additionally helping to address clients’ compliance requirements.
IBM Tivoli Security Information and Event Manager, also announced today, allows clients to implement an automated security management solution for both real-time threat management in the data center and policy compliance management via user activity monitoring and log management. The real-time and historical dashboards provide clients with visibility into their enterprise security and compliance posture, detecting policy violations, misconfigurations, misuse and suspicious network activity.
While compliance initiatives are on the rise, successfully demonstrating compliance is particularly challenging with today’s common IT environments which are comprised of software from many vendors. IBM’s software helps clients centralize information security management with support across a wide breadth of vendors’ applications and platforms.
New Software for Application Security and Identity and Access Management
IBM today also announced a new version of its access management software, extending its support of software addressing businesses’ needs for Application Security and Identity and Access Management.
The new release of IBM Tivoli Access Manager for e-business helps automate the management of user and application security with improved usability, scalability and session management along with integration with a wider variety of IBM and other vendors’ software. With a focus on managing user access control to Web-based applications from various vendors, the software enhances and simplifies security and compliance by providing a single view of user access across a broad set of business applications – from e-mail to ERP systems. It centralizes security management and makes it easier and more cost effective for clients to securely deploy and manage a diverse set of applications.
IBM is the world's leading providers of risk and security solutions. Clients around the world work with IBM to help reduce the complexities of security and strategically manage risk. IBM’s experience and range of risk and security solutions are unsurpassed - from dedicated research, software, hardware, services and global business partner value - helping clients secure business operations and implement company-wide, integrated risk management programs.
The IBM Unstructured Data Security Solution and IBM Tivoli Security Information and Event Manager are available today. The new IBM Tivoli Access Manager for e-business will be released later this month, and IBM Tivoli Key Lifecycle Manager will become available in the third quarter of this year.
For more information on IBM’s security services, software and hardware solutions, visit www.ibm.com/itsolutions/security.
Weitere Informationen für Journalisten:
Christine Paulus
IBM Deutschland
Media Relation Software Group
Tel: 089 4504 1396
Mob: 0151 14 270 446
E-Mail: christine.paulus@de.ibm.com
Martina Krelaus
Media Relations/Communications
IBM Global Technology Services
Pascalstr. 100
70569 Stuttgart
Tel: +49-711-785-3639
E-Mail: krelaus@de.ibm.com