BANGALORE, INDIA: Internet security is both simple and complex in the sense that while there is no complete solution to make the Web secure, emerging security threats trigger the need for innovative technologies and services that enable organizations to be more proactive.

Ashish Kothari, service productline leader, ISS, IBM India/South Asia spoke to Divya Girish of CyberMedia News about the various security concerns faced by enterprises and solutions offered by IBM to tackle them. Excerpts:

What are the major vulnerabilities faced by the enterprises today?

India has been witnessing an economic unrest. With the uncertainty that Indian enterprises are witnessing, comes great amount of risk. While some of the risks are directly resulting from the growth, there are some other risks that growing enterprises face due to external factors which can be socio-economic in nature. And to ensure that a business can grow successfully, the business leaders need to have a strong risk mitigation strategy in place.

Additionally, the threat landscape continues to evolve and endpoints have become the front lines of the cyber-security wars. According to the latest X-Force report, vulnerabilities are at an all time high and end-users are the primary focus of attacks.

In fact, the number of new malicious websites in the fourth quarter of 2008 alone was 50 per cent higher than for all of 2007. As employees unwittingly access these malicious Web sites with their corporate machines, it is critical to have effective endpoint security in place. The advent of Web 2.0 has considerably increased the amount of threats faced by an organization.

How does IBM's Proventia ESC help organizations prevent them?

According to the 2008 IBM X-Force Annual Trend and Risk report released in early February, client-side vulnerabilities are at an all time high and end-users are key targets of attacks. In fact, the report indicated that the number of new malicious Web sites in the fourth quarter of 2008 alone surpassed the number seen in the entirety of 2007 by 50 per cent. Seemingly innocent applications such as document readers and editors experienced a 162 percent increase in vulnerabilities, while vulnerabilities in often used multimedia applications increased by 127 percent.

As employees unknowingly access these malicious web sites and applications through their corporate machines, endpoint security is critical. With IBM Proventia ESC, IBM ISS would leverage the endpoint offering to help deliver ‘ahead of the threat’ X-Force security content.

How would the IBM security solution address the security concerns for the enterprises across various verticals?

The IBM ISS solution delivers endpoint security management designed to address two major problems in the industry today - the escalating cost of security and the growing complexity of endpoint security management.

Companies today face a dilemma, they either have to choose between managing dozens of point security products separately to meet their needs or lock into one vendor.

The single vendor suites in the marketplace today are often a result of multiple security acquisitions that haven’t been adequately integrated, leaving customers in a situation where they need to manage separate point products. Further, the strategy that locks in clients to one provider tempts the vendor to remain complacent instead of putting effort to innovate and provide the strongest security on the market.

Both scenarios can mean rising operational and licensing costs for customers. Also, the quality may fall short of providing the best-of-breed security. The IBM Proventia Endpoint Secure Control offering balances customer needs with a single security management interface and flexible choice of some of the best security solutions in the marketplace to address those needs.

What are the major security offerings from IBM?

While many security vendors focus on and manage one area or a subset of security risks, IBM's approach is to strategically help you manage risk end-to-end across the organization. This strategy allows you to better understand and prioritize risks and vulnerabilities based on their potential to disrupt critical business processes.

IBM offerings include software, hardware and services covering all IT security domains which includes people and identity, data and information, application and process, network, server and endpoint and physical infrastructure.

The people and identity domain assures the right people have access to the right assets at the right time while the data and information domain protects critical data in transit or at rest across the life cycle. The application and process sector ensures application and business services security, the network and server.

While endpoint segment helps in staying ahead of emerging threats across system infrastructure components, physical infrastructure leverages increasing capability for digital controls to secure events on people or things in physical space.

IBM Proventia ESC breaks new ground by encouraging vendors to open their solutions to work together, thus radically simplifying the complex endpoint security marketplace.

The solution is built organically with a single management interface and an open framework that allows the customer to select from best-of-breed vendors for endpoint protection. Proventia ESC is flexible and would support multiple point products from multiple vendors, unlike competitive suites that lock customers into their solution 100 per cent with no motivation to provide best-of-breed support.

The new tool would complement IBM Tivoli’s operational desktop management offerings with robust endpoint operational security solutions, allowing customers the ability to address end point security.

IBM Proventia ESC would also provide key endpoint security audit data to IBM Tivoli Security Information and Event Manager (TSIEM), further strengthening TSIEM's enterprise-wide compliance reporting capabilities

How does this solution address the cost of ownership?

IBM Proventia Endpoint Secure Control enables IBM customer’s choice in their security options. Unlike legacy security providers that lock in customers, Proventia ESC is positioned as a security framework that doesn’t require a full ‘rip and replace’ of a point solution to meet the needs of the customer.

For example, if one module is not meeting customer needs, they need not replace the entire solution or vendor…they can choose the modules they require. That is a key part of the Proventia ESC strategic vision.