IBM will unveil on Friday the latest version of enterprise security management tool Tivoli Risk Manager, which now contains new self-protecting "autonomic" features and supports three new security products, according to an IBM official.
IBM will also announce on Friday its intention to more closely integrate Risk Manager with future releases of the company's Tivoli NetView network management tool.
IBM is touting the 4.1 release of Tivoli Risk Manager as the first "autonomic security management software," capable of automatically monitoring a network's health, protecting a network against attack, and healing a network in the event of attack.
Among the so-called autonomic features of the product is a monitoring function referred to as the "heartbeat" that tracks so-called "keepalive" messages from third party security products and gives administrators an early warning about failures in their security infrastructure. Network devices use 'keepalive' messages to communicate information about their online status and health.
"The heartbeat function is a way of actively monitoring the security products that Risk Manager manages. If a connection is lost, the heartbeat monitor issues an alert to Risk Manager," said James Galvin, marketing manager for Tivoli at IBM.
As for Risk Manager's purported "self healing" features, Galvin points to the product's ability to integrate with software distribution tools, including Tivoli Configuration Manager and similar third party products. Such tools enable Risk Manager to push out security patches and software updates to devices under its management, according to Galvin.
While analogies between IBM's software and the human body's immune system are greeted with some skepticism, analysts don't disagree on the capabilities of IBM's product"'Auto healing' is just language that (IBM) uses to differentiate themselves," said Charles Kolodgy, research manager at IDC.
"It's not what they're calling it, but what (the product) does. Risk Manager has the ability to check the status of all of a company's third party security devices. That's not a feature that the competition has right now, and it's a very useful feature."
IBM will also announce three additions to the list of products that Risk Manager is capable of managing. Tripwire for Servers by Tripwire Inc. and Dragon Intrusion Detection Systems by Enterasys Networks Inc. monitor file and data integrity on network servers, notifying users and administrators when files have been altered; Sanctum Inc.'s Sanctum AppShield targets application-level security breaches.
"All three products have gained market share in the last year," said Kolodgy.
"TripWire, especially, is a key to a lot of people's security posture. Appshield is growing in the Web security area, and Enterasys Dragon has been a high performer as an intrusion detection system."
The addition of new third party products to the list of products already supported by Risk Manager will allow IBM to stay competitive in the crowded enterprise security management space. In addition to companies like netForensics Inc. and NetIQ Corp., IBM will soon have to contend with security giant Symantec Corp., which will unveil its Symantec Security Management System (SSMS) enterprise product next week.
In the network management space, IBM will announce that Risk Manager will be bundled with future releases of their Tivoli NetView product. Risk Manager will appear as a security operations dashboard on the NetView product, allowing organizations to monitor and identify the source of security incidents, according to Galvin.
Risk Manager 4.1 will ship on Oct. 18. IBM didn't provide pricing information.