IBM Releases New Secure Applications by Design
IBM is enhancing its portfolio of application-development security technologies and services this week, offering improved access, source-code analysis and security-assessment services.
The new releases from IBM (NYSE: IBM) include the AppScan Source Code Edition, Tivoli Access Manager and a services capability for source code assessment. With the product rollout, IBM is expanding its efforts to enable enterprises to secure both applications and access.
The AppScan Source Code Edition 7.0 is born from technology that IBM acquired when it bought static-analysis vendor Ounce Labs in 2009. IBM rebranded the Ounce Labs solution as AppScan Source Code Edition earlier this year.
IBM Rational's AppScan product suite itself was the result of the acquisition of security vendor Watchfire in 2007.
The core AppScan product suite focuses on dynamic application testing, while the new source-code edition is a static-code analysis product. With the AppScan Enterprise product, IBM has a reporting and compliance solution that will now get input from the source-code edition. Using both the standard and the source edition is intended to enable developers to secure code from its earliest stages right through to deployment.
Having the in-house skills to understand a source code assessment isn't always an easy task. That's why IBM is now also offering an Application Source Code Security Assessment service. The new service provides enterprises with IBM consultants who will test applications and provide recommendation to fix issues.
"We've geared up a team that can leverage the technology in a consultative manner to find weaknesses," Marc Van Zadelhoff, director of IBM Security Solutions, told InternetNews.com.
From an access-control perspective, IBM is improving its Tivoli Access Manager product suite to help enterprises tighten the entry points to their systems and ensure compliance with policy. The improvements to Access Management include a user self-care support function, as well as enhancements to federated identity management for cloud deployment use cases.
"So without having to manage partner identities, we're able to connect to business partners and unmanaged applications in the cloud," Ravi Srinivasan, senior product manager of IBM Tivoli Software, told InternetNews.com.
Srinivasan added that IBM has improved the federation capabilities so they now support SAML 2.0 (define) and OpenID type attribute queries. That enables enterprises to integrate a cloud application without the need to push the identities into the cloud, which is important for hybrid private/public cloud deployments.
IBM is also updating Tivoli Security Policy Manager to provide ready-made integration with applications like Sharepoint.
"Tivoli Security Policy Manager provides enterprise with the ability to do fine-grain access control," Srinivasan said.
Rounding out IBM's security updates is a Secure Engineering Framework blueprint for organizations to help build and deploy secure software. The framework is an effort to provide best practices for enterprise application development security
"This is a multidimensional puzzle that our customers are solving, so we're going to continue to innovate across all domains," Van Zadelhoff said.
Return to security news headlines
View Security News Archive