Friday, March 13, 2009

IBM gets more end-pointy

To be specific, I should say IBM ISS. This time, they're getting in bed with with BigFix (the press release is here). Here's the first paragraph of the release:
"Today, IBM announced a first-of-a-kind endpoint security offering, IBM Proventia Endpoint Secure Control (ESC), that is designed to enable enterprises to escape from the constraints of vendor lock-in and to enhance endpoint security, compliance and operations at a lower cost. This new endpoint security offering is delivered by IBM Internet Security Systems (IBM ISS) leveraging IBM's depth in security experience and technology from BigFix, Inc. for endpoint security management."

It sounds like it's some sort of OEM agreement with BigFix to offer up security-focused, endpoint systems management. Essentially, it's to allow for organisations to manage all the bits and bobs of software that end up having to be deployed on endpoints (laptops, desktops etc.) and become a nightmare to manage over time. IBM harps on about "vendor lock-in" and stress that having ESC/BigFix in place makes it much easier to swap out software and replace it with new stuff (McAfee AV with Symantec's, for example). Sounds nice in theory and marketing slides. Not so simple in reality, even with a shiny new toy.

I won't get into the minefield relating to it being a good idea to have some sort of common security policy management or decision point across everything (which is what Symantec and McAfee are trying to do across their bag of toys) that this doesn't address, but I'm sure IBM are working on that. By the way IBM ISS, the boys at Tivoli might have some stuff that you could use? You should try talking to them...which brings me to my next point.

I can't help but notice that there's some level of overlap with what IBM Tivoli provides in the way of their systems management software, but this is IBM so it doesn't surprise me that the left hand doesn't seem to be talking to the right hand. It's business as usual and somewhere within IBM, a bunch of people in Tivoli are going to be wondering why IBM ISS keeps trying to compete with them. To be fair, the IBM Tivoli stuff isn't as endpoint-focused when it comes to security and isn't as security-focused when it comes to endpoints (this is confusing unless you know the Tivoli products - you IBM Tivoli people know what I'm talking about don't you). The press release does make a reference to Tivoli:
"The new tool will complement IBM Tivoli's operational desktop management offerings with robust endpoint operational security solutions, allowing customers the ability to address end point security. IBM Proventia ESC will also provide key endpoint security audit data to IBM Tivoli Security Information and Event Manager (TSIEM), further strengthening TSIEM's enterprise-wide compliance reporting capabilities."
But that statement sounds to me like it was thrown in to "keep Tivoli happy". TSIEM could get its endpoint security audit data from any other competitive endpoint source. It doesn't need ESC specifically! Of course, the marketing department will throw in comments like it'll be better integrated and have "out of the box connectors" but we know how true these things are. Unless development is managed by the same brand, this is extremely difficult to achieve in an adequate amount of time. My money's on the fact that the implementation partner is going to have to be the one that picks up the pieces if/when the integration at a client's site is required.

Strategically however, this move makes sense. If your memories go back to late 2007 (yeah I know that's quite some time ago), you may remember IBM ISS dipping its toe into data security by offering managed services using a combination of Verdasys, Fidelis and PGP software. I'm not sure they got very much traction out of that initiative, but this is a continuation of an increasing focus on the endpoint by IBM ISS, and they want to manage it all too:
"'The killer application in endpoint security is management,' said Dan Powers, vice president of business development at IBM Internet Security Systems."
I don't really agree that management is "the killer app" in the endpoint game, but it's certainly a key piece. The likes of Sophos, Symantec, McAfee, Checkpoint have all been progressively coming out with their own versions of "one agent to rule them all" and wrapping a management layer around it all. I suppose IBM ISS didn't want to get left behind because when it comes to data security, if you ignore the endpoint you've lost the game.

No comments: