IBM has acquired Guardium, a maker of tools for monitoring and securing sensitive databases, with the aim of helping administrators deal with growing compliance and security pressures.
Guardium's products have two parallel functions, IBM said on Monday. On the one hand, they carry out real-time monitoring to detect and prevent suspicious activity and, on the other, they automate and streamline regulatory compliance tasks.
IBM said it would integrate Guardium's products into its Information Management Software portfolio and will sell them through the newly created Business Analytics and Optimisation Consulting organisation, staffed by 4,000 consultants. Financial terms of the deal were not disclosed.
At a time when organisations are obliged to allow access to their databases by a wide variety of users and systems, Guardium's software checks for suspicious activity by authorised users as well as by potential hackers. The technology monitors the database activities of enterprise applications such as Oracle EBS, PeopleSoft, SAP and Business Intelligence, as well as in-house systems, Guardium said.
The system is built on a single console and can scale from monitoring a single database to covering thousands of databases in widely distributed datacentres.
At the same time, the technology creates an audit trail of all database activities, allowing administrators to create fine-tuned access controls and provide information required by auditors.
The software is intended to help deal with regulatory requirements under legislation such as the European Data Protection Directive and the US federal government's NIST 800-53 standard. In addition, it targets industry mandates, such as the Payment Card Industry Data Security Standard (PCI DSS).
Administrators can use the technology to scan databases for vulnerabilities and test them using industry best practices, such as the US Department of Defense's Security Technical Implementation Guide (STIG), Guardium said.
The technology supports databases including Oracle, Microsoft SQL Server, IBM DB2, IBM Informix, Sybase, MySQL and Teradata on platforms including Windows, Linux, Unix and z/Linux.
Guardium was launched in Israel in 2002 under the name of Defendo, and moved to Waltham, Massachusetts in 2003. Its investors include Ascent, Cedar Fund, StageOne Ventures and Veritas Venture Partners, as well as networking giant Cisco.
IBM has some direct experience with highly sensitive databases, having been awarded the contract to administer the UK's National Biometric Identity Service (NBIS) database, which will hold identifying information such as facial images and fingerprints.
The NBIS is used for biometric passports as well as the National Identity Register, which will be used in issuing ID cards under the government scheme.
Talkback
By acquiring Guardium at such a significant multiple, IBM has validated the database security, risk and compliance marketplace. However, this acquisition adds yet another point solution to their already disparate database tools portfolio, and such an ""rfp check box"" architecture approach will not satisfy the integrated platform requirements of serious customers seeking enterprise wide data governance.
-John Ottman, President & CEO, Application Security, Inc.