ARMONK, NY -- December 5, 2006: IBM today announced it has entered into an agreement to acquire Consul risk management, Inc., a privately-held software company headquartered in Delft, Netherlands with a principal office in Herndon, Virginia. Financial details were not disclosed. The acquisition is subject to regulatory approvals and is anticipated to close in the first quarter of the 2007 calendar year. Upon approval, Consul will become part of IBM's Tivoli software unit.
Consul is a leading provider of compliance and security audit software that helps clients track, report and investigate non-compliant behavior, such as unauthorized activity by information technology (IT) administrators or other users.
This acquisition strengthens IBM's Service Management initiative by adding key data governance and compliance monitoring, auditing and reporting capabilities across mainframe and distributed environments, a unique capability unmatched by other competitors.
Many companies are unclear which of their employees need access to certain sensitive information sources, such as personal health records or a company's finances. According to a recent industry report, 86 percent of internal security incidents are perpetrated by a company's most privileged and technical users - such as IT administrators, vendors, consultants, or other users.  Left unchecked, privileged user activities can violate compliance policies and potentially lead to incidents of identity theft.
Consul provides an "auditor-in-a-box" for compliance initiatives by using a single management technology dashboard. Consul's monitoring and auditing capabilities cover a wide array of systems, applications and resources, including IBM's mainframe environment. The technology provides powerful visibility of insider threats and specific reporting designed to help address customer's compliance activities related to various regulations such as Sarbanes-Oxley and HIPAA .This technology complements IBM's existing security information and event management capabilities to offer clients a portfolio of solutions that can monitor, audit and report on both users and technology.
The software monitors business compliance processes for compliance, automatically providing alerts when information or technology assets are at risk, when data is inappropriately accessed, or if compliance processes have been breached. Increasingly, security, risk, audit and compliance functions within companies are relying on business compliance technology to investigate abnormal activity or simply test whether they are compliant with government regulations. For example, a technology company could detect when an unauthorized identity accesses a system containing future product design concepts, or an online retailer could be notified if an abnormally high number of customer records are accessed.
"Consul is uniquely capable of rounding out the IBM portfolio to help clients more fully address compliance around access to private information to help reduce risk in their organizations," said Al Zollar, general manager, IBM Tivoli Software. "Together, IBM and Consul will be able to offer integrated security management and powerful user activity monitoring across the entire IT infrastructure from devices and systems to applications in both traditional and service oriented architectures."
"With today's high volume of compliance activity, auditors typically want to know that organizations have control of privileged user activities," said Joe Sander, CEO, Consul. "Beyond knowing who has the right to access specific data, companies need to ensure that only appropriate individuals are doing so, without hindering business productivity. Consul software is one of the industry's first solutions to address the intersection of audit and policy compliance efforts with information security and operational risk."
The product uses patent pending "W7" methodology (Who, did What, When, Where, Where from, Where to and on What) to consolidate and analyze vast amounts of user and system activity. It enables customers to consolidate, normalize and analyze vast amounts of user activity via native security logs; delivering instant alerts and reports on who touches what information and how those actions may violate external regulations or internal security policies. Additionally, Consul offers an array of solutions that enable easy user administration on the mainframe, adding depth to IBM's identity management capabilities.
More than 350 customers around the world rely on Consul to accelerate their security audit and compliance efforts, including Ford, Kroger, Office Depot, Hanes and Fidelity Bank