IBM Adds Key Policy Compliance Technology
Consul, which makes auditing software for tracking compliance behavior and sending alerts when users violate a company's security policy, will be absorbed into IBM's Tivoli software division.
Joe Anthony, IBM's Tivoli identity management director, says the acquisition improves IBM's ability to handle security audits and ongoing compliance management assessments.
For example, Consul's technology could be used to ensure that a bank teller who was authorized to look at certain customer records wasn't accessing records outside the scope of their duties, which is a new capability that IBM hasn't had previously, according to Anthony.
"Consul enables us to set a flag so the branch manager can look to see if any irregular behavior is going on," said Anthony.
Consul's technology also lets companies define their compliance posture and decide which types of users should have access to specific servers, and calibrate different levels of access for contractors and employees, Anthony added.
"The technology also allows you to compare user behavior to a specific security policy to see how you're doing against that policy over a period of time," he said
The acquisition also strengthens IBM's Service Management initiative by making monitoring and auditing technology available for IBM mainframes, Anthony said.
Consul will complement existing IBM Tivoli security offerings such as Security Compliance Manager, an early warning system for spotlighting security vulnerabilities and policy violations, and Security Operations Manager, a security information and event management (SIEM) platform that IBM picked up in its 2005 acquisition of Micromuse.
Financial details of the acquisition weren't disclosed, but IBM expects the deal to close in the first quarter of 2007. Consul has U.S. offices in Herndon, Virginia.