« One Password = Many Risks | Main | 3 Google Hacks You Better Know About »

IBM seemed to answer that question today, as they announced plans to acquire Consul Risk Management, Inc., a software company located in Delft, Netherlands, and with offices in Herndon, Virginia.

Consul is the leading provider of compliance and security software. This acquisition strengthens IBM’s Service Management initiative by adding key data governance and compliance monitoring, auditing and reporting capabilities across mainframe and distributed environments, a unique capability unmatched by other competitors.

Many companies are uncertain which employees need access to certain sources of sensitive information, such as personal health records or a company’s finances. I found the following quite interesting, and hence the title of this blog, that a recent industry report found that 86 percent internal security incidents are perpetrated by a company’s most privileged and technical users, as in IT admins, vendors, consultants, etc. Left unchecked, privileged users can violate company compliance policies and lead to identity theft.

Consul provides an “auditor-in-a-box” which uses a single management technology dashboard. Consul's monitoring and auditing capabilities cover a wide array of systems, applications and resources, including IBM's mainframe environment. The technology provides powerful visibility of insider threats and specific reporting designed to help address customers' compliance activities related to various regulations such as Sarbanes-Oxley and HIPAA.

The software provides alerts when information or technology assets are at risk, when data has been accessed by an unauthorized user, or if compliance rules have not been followed. The product uses patent pending "W7" methodology (Who, did What, When, Where, Where from, Where to and on What) to consolidate and analyze vast amounts of user and system activity.

“Consul is uniquely capable of rounding out the IBM portfolio to help clients more fully address compliance around access to private information to help reduce risk in their organizations," said Al Zollar, general manager, IBM Tivoli Software. "Together, IBM and Consul will be able to offer integrated security management and powerful user activity monitoring across the entire IT infrastructure from devices and systems to applications in both traditional and service oriented architectures.”

“With today's high volume of compliance activity, auditors typically want to know that organizations have control of privileged user activities," said Joe Sander, CEO, Consul. "Beyond knowing who has the right to access specific data, companies need to ensure that only appropriate individuals are doing so, without hindering business productivity. Consul software is one of the industry's first solutions to address the intersection of audit and policy compliance efforts with information security and operational risk.”

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1056