|
ISS has always been a hard-core IT security company. A year ago, you were acquired by IBM. How has that changed the focus of your company, given that IBM is active in many related areas, especially through its Tivoli software group in the field of Identity & Access Management? Tim McCormick: This has been an interesting and exciting year of ISS, as you can imagine. Traditionally, as you say, we’ve been more about keeping the bad guys out, while our colleagues at Tivoli have been more concerned with making sure the good guy get in. However, at the intersection where identity and threat management come together, we have both been increasingly involved in protecting mission critical data as well as personal data. So your main concern up to now has been hackers and others coming from outside? TM: Yes, things like malicious code or designer phishing attacks that go after sensitive data you’re trying to protect. But increasingly, we are coming up against users violating policy by sending out sensitive information via e-mail, instant messaging or with the help of USB sticks. It’s a whole new era for us, because it involves setting and monitoring policy by users and groups instead of by IP addresses, as we have been accustomed to. Today we are working very closely with the people from Tivoli to bring these things together, not as a single system, but as a means of passing data from one system to the other in a logical workflow. Tearing down Chinese walls within IBM? TM: There are many areas where we are working with Tivoli. Take TSOM (Tivoli Security Operations Manager), for instance. This product can integrate upwards of 200 different types of security products across vendors into a single logical database in order to correlate and look for interesting trends and thus enable us to report compliance. Your former CEO Tom Noonan, who is now head of IBM ISS, has suggested that you might try to lead the industry in creating a unified IT security ecosystem which would make the products from vendors in both the security and the identity markets interoperable. Is this part of that effort? TM: Actually, we first intend to bring that integration to market with our own products and services, as well as with our existing network of partners such as Cisco, Checkpoint, Juniper, McAfee and others. Tivoli, as I have mentioned, has similar partnerships with more than 200 vendors. That way, we believe we will be able to demonstrate to others that anybody can play in that ecosystem. Then we will go out and seek overall support of the industry through the appropriate standards bodies such as Oasis and others. When will that happen? TM: We are not ready to publish when that will be. First we have to learn by experience and find out exactly what leverage we have. While we believe that we already have most of the components necessary to secure the enterprise, we need to explore what is the key to integration that will make them more valuable for customers. Compliance is becoming an increasingly important issue in both the security and the identity management spaces. What are your plans? TM: As you probably know, IBM recently bought a company called Console, and now offers its key technology in the TCIM (Tivoli Compliance Integration Manager) product. Customers can use this product to essentially spell out a recipe of what compliance they need within a specified regulatory framework such as Basel II, for instance. At IBM ISS, we are currently looking at ways of integrating this product into our five Security Operations Centers around the world in order to be able to offer “compliance as a service”. In essence, this means converting TCIM into a service that can be delivered over the web. ISS has its roots in vulnerability protection, things like patch management and the like. How do you intend to expand that into compliance? TM: Just take our security event and log management service, which has been around for awhile. We are now starting to put agents into enterprises that can gather logs from mission-critical applications and databases and communicate them out to our service which then creates views and reports from a compliance perspective. This is something we intend to expand. What about identity fraud? TM: As you probably realize, any small or medium-sized business that accepts credit cards online now has to comply with the PCI Data Security Standard (PCI DSS). We are currently working on expanding our Vulnerability Management Service to include PCI compliant reporting, and we plan to introduce this new service in early 2008. What it means it that you download an agent to collect logs from your system which are then uploaded and analyzed by our service. We are achieving this by integrating Tivoli with Watchfire, a web application vulnerability system that was acquired recently by IBM and which looks at web applications and websites on layer 6 and 7 vulnerabilities that exploit web services. Our own system, remember, focuses on network vulnerabilities. The object is to see if rules have been inserted into the code that hackers could use to collect identity data and credit card numbers, for instance. What will you call the new service? TM: We haven’t decided yet, but it will be a part of our existing PCI compliance services. ISS has come a long way since the days of simple intrusion protection, haven’t you? TM: Well, we practically created the intrusion protection marketspace, so we are actually quite proud of our heritage. But today we have to focus on new threats such as data leakage which has become a significant problem. We are currently adding a data leakage feature to our intrusion protection product that allows us to look for context-specific strings of text flowing out of you network. We call it the Content Analyzer, and it focuses primarily on personal information such as national ID card numbers, social security numbers and account numbers. We are also using deep packet inspection technology to look for threats. For instance we can peer into the same data packet we are analyzing for malcode and also monitor content thresholds, such as ‘how many social security numbers do we have to see passing out of the system before we flag that activity?’ Are you also thinking of offering that capability to your customers as a service, too? TM: Yes. In fact we plan to allow our customers to see exactly how much personal identity information is being transferred and why. This will be offered under the software as a service model so customers can leverage existing infrastructure and won’t have to buy something new. Instead we expect to charge them incrementally. I expect this to become a big focus for IBM ISS as we move forward.
Created: 14.11.07, modified: 27.12.07
|
