Tivoli Upgrades Product Line with Self-Healing Capabilities

New version of risk manager features tools for autonomic security.

• By Matt Migliore
• 10/02/2002

The release, which is slated for October 18, is part of an ongoing effort by Tivoli to provide enterprises with autonomic security products that have the ability to perform self-protecting and self-healing tasks. Earlier this year, IBM officially launched its autonomic security initiative; and Risk Manager 4.1 is an attempt to make good on some of the promises made as part of that strategy.

According to Tivoli, the new offering can gather security information from more than 50 different third-party products, and respond automatically to protect those technologies from attack. In the future, Tivoli plans to add more features to its product set that will address the self-healing and self-protecting aspects of autonomic security, as well as self-optimizing and self-configuration features.

James Galvin, security market manager for IBM Tivoli software, says while IT costs are going down, the expenses associated with technology are going up. Autonomic features, he notes, are designed to “reduce the cost of managing security.”

Galvin says that when Risk Manager was originally released in early 2000, it was positioned as an event-monitoring solution. Now it provides users more proactive control over their security infrastructure.

The key addition to Risk Manager is a self-protecting “heartbeat” function which notifies administrators of potential failures and allows them to automate the repair of failed systems in accordance with company security policies. In addition, the tool can be used to initiate security updates and deploy security patches to systems as necessary.

Michael Rasmussen, director of research for the information security team at IT analyst firm Giga Information Group, says Tivoli may be a bit ahead of the market with the new autonomic features of Risk Manager. He says that while enterprises may be starting to feel comfortable with tools that adjust firewalls and intrusion detection systems to prevent network attacks, taking machines down and repairing them automatically represents a level of automation that enterprises aren’t necessarily ready for. “Everybody wants to see the case studies and hear the success stories for those sort of self-healing solutions, but nobody’s willing to be the guinea pig.”

Rasmussen estimates the market is still about three years away from widespread adoption of truly self-healing systems, and says, “it’s going to take a lot of trust and validation” before enterprises will feel comfortable using them.

Much of the hesitancy associated with the self-healing concept is tied to the shortfalls of some early automatic-update technologies. In some cases, for example, auto-install security patches and auto-configuration techniques have reversed network security settings and left companies more vulnerable to attack.

Tivoli’s Galvin acknowledges the concerns enterprises have with tools that make automatic changes to their systems. He says Risk Manager will only employ self-healing tactics if an administrator configures it to do so.

Autonomic security features aside, Risk Manager also represents a continued effort by Tivoli to design its products as independent offerings rather than pieces of a larger IBM Tivoli architecture. While Risk Manager will remain a cornerstone of IBM’s WebSphere middleware line, it will also be sold as a stand-alone product as well as a managed offering through IBM Global Services.

Giga’s Rasmussen says that by tweaking its focus to become a vendor of stand-alone products, Tivoli is giving itself broader coverage in the security market. However, he says most of the vendors in the security space, including such notable players as Symantec Corp. and PentaSafe Inc., will be bringing new products to market in the coming months. He suggests enterprises should also be watching the other vendors in the market.

Risk Manager comes pre-integrated and pre-packaged with IBM Tivoli NetView, which gives it more detailed topology views and enables faster identification of the root causes of security incidents. Integration with the Tivoli Data Warehouse provides forensics, trend analysis, historical reporting, and security service-level information.

From a third-party perspective, Risk Manager supports integration with products from a number of different technology organizations, including: Apache Software Foundation, Argus Systems Group, Check Point Software Technologies, Cisco Systems, ClickNet Security Technologies, Enterasys Networks, Gilian Technologies, IBM, Internet Security Systems (ISS), Lockstep Systems, Microsoft Corp., Network Associates, NFR Security, Red Hat, Secure Computing, Sun Microsystems, Symantec, and ZoneLabs.