IBM announced a set of actions to bolster its security solutions that can help clients save costs while navigating the “perfect storm” of security threats created by a global economic slowdown, unprecedented cybercriminal activity, and costly and complex legacy security infrastructures.

The actions by IBM’s Internet Security Systems (ISS) division were prompted after IBM X-Force, an elite team of security experts, detected two startling developments. First, they identified a 30 percent increase in network and web-based security events over the last 120 days, with the total number rising from 1.8 billion to more than 2.5 billion worldwide per day, according to data pulled from its managed security services client base of approximately 3700 clients worldwide.

Second, IBM detected a 40 percent increase within the last 120 days in its client’s access of IBM virtual security operations centers. IBM’s managed security services clients — businesses and governments around the world — can use the virtual operations centers (VSOC’s) to monitor and verify network and web-based attacks. A significant portion of the increase came from clients that had not previously logged in to the security operations centers in more than six months.

In response to these findings, IBM ISS will:
Introduce new identity and access management services that help combat online threats. These services help organizations define system users and manage who has access to sensitive data and applications, increasingly vital as the IBM X-Force Quarterly Report released in early December shows more than 42 percent of vulnerabilities are caused by weaknesses in access and identity management.
For the first time, offer a formal program that enables strategic providers to resell managed security services. Under this program, strategic providers would be able to offer IBM-backed managed security services, further expanding customers who can benefit from IBM’s global expertise.

Offer a complementary, comprehensive financial assessment of a company or government’s security infrastructure management costs and the savings attributed to implementing IBM’s security services.

IBM security experts predict the rise in cyberthreats has just begun. These researchers have the ability to not only detect various potential network and Web-based vulnerabilities, but also to monitor when attempts are made to exploit those flaws through IBM’s global customer base. They can then detect various exploit attempts in one part of the world and help protect against those same attacks in regions not yet susceptible.

Organizations Turn to IBM to Manage Security
One year ago IBM ISS declared the need to help clients combat these evolving threats, and slash the cost and complexity of security. Clients are already realizing the benefits of better protection at lower cost through IBM ISS’ award-winning products and services, based on its unique X-Force research. Now, IBM ISS extends its portfolio to further help clients achieve these goals.

“IBM Managed Security Services is a key silent participant in monitoring vulnerabilities in our IT infrastructure,” said Tom Siu, CISO at Case Western Reserve University, which has implemented IBM’s managed security services for the past year. “The key element in managed security is not only monitoring the alerts, but managing the data. Having the MSS portal provides us the capability of quickly getting that information to administrators who can take action. IBM’s security services do that for us. It has given us the equivalent of extra security staffing we would never be able to acquire.”

“In order to guard against security threats, including viruses and spam, which could jeopardize the integrity of data, we purchase IBM Managed Security Services for electronic communications security,” said Marcia Guthrie, Assistant Vice President of Information Security at Integra Bank, which offers more than 80 full-service banking centers across the mid-west. “IBM helps us reduce risk at a much lower cost than other products and vendor solutions. With IBM’s diverse selection of security solutions to meet our needs, we feel confident we have the best security in place to help ensure our customer’s data is safe.”

New studies demonstrate that cost containment should not be done to the detriment of security — because the cost of a security incident can greatly exceed the costs of security infrastructure. According to the study by Ponemon Institute, “2007 Annual Study, The Cost of a Data Breach,” the average cost of a data breach to a corporation is US$6.3 million.

Leading global companies recognize IBM’s powerful capability to mitigate threats while also providing the flexibility to collaborate and share IT resources across borders. Shipping giant, A.P. Moller-Maersk, headquartered in Copenhagen, Denmark recently expanded its relationship with IBM by leveraging ISS managed security services to create a consolidated security solution that not only addresses the evolving threat landscape, but also enables an open communications structure across its global business, which spans 130 different countries.

“A key reason we chose to consolidate on IBM is that the threat landscape is rapidly evolving and it became evident we needed to centrally guard against these threats,” said Kim Aarenstrup, A.P. Moller Maersk group’s IT security manager. “IBM’s managed security services help provide preemptive protection while also allowing enough openness for our 117,000 employees to share IT resources.”
“We are currently in a perfect storm of security threats as businesses are cutting costs, insider threats are rising, and cybercriminals are using the ensuing confusion to create opportunities for themselves,” said Val Rahmani, general manager of IBM’s Internet Security Systems. “These services, in conjunction with our new and evolving security products, are unique in helping our clients successfully navigate this storm by reducing costs while improving overall security and compliance posture.”