Purpose of this FAQ
IBM has several security products that can be used for the protection and management of endpoint devices. This document provides a simple overview of IBM products and attempts to answer the common questions that you as a customer might have.
Q 1: When we say “Endpoints” what are we referring to?
A: A network endpoint is a device through which a user accesses network services. Examples include: corporate or home PCs, servers, smart phones, PDAs, Internet and Intranet kiosks, retail point-of-sale terminals, automatic teller machines,etc.
Q 2: What are the IBM Security Solutions Endpoint Protection Products?
|Product Name||Endpoint Protected||Used For|
Tivoli Endpoint Manager
|Physical Servers, Desktops, Laptops, Virtual Machines||Centralized Security Management; configuration solution for software patching, power usage, security configuration, software deployment.It also provides personal firewall, anti-malware, and web/file reputation.|
|IBM Security Server Protection||Physical Servers, Virtual Machines||Threat mitigation, data protection, and compliance; IPS, FW, file/system/registry integrity monitoring, auditing, compliance support|
|IBM Security Virtual Server Protection||Virtual Machines, Hypervisor||Threat mitigation and compliance; Firewall, Rootkit Detection, IPS – Single security agent per physical host protects all VMs on the host|
|Proventia Desktop||Desktops & Laptops||Threat mitigation, data protection, and compliance; IPS, FW, file/system/registry integrity monitoring, auditing, compliance support|
|IBM SiteProtector||Centralized security event management solution; for ISS products, real-time security event monitoring, event forensics and analytics|
Q 3: In the future would IBM customers have one product to manage all aspects necessary for Endpoint Security?
A: That is our ultimate vision - to help simplify the effort required by our customers to implement and maintain their endpoint security. IBM’s plan is to integrate its intrusion protection capabilities that we provide today for the desktop, servers and virtual servers onto the software platform used by Tivoli Endpoint Manager. This will allow for a single implementation process, agent deployment, status monitoring, a common reporting mechanism and shared anti-malware protection that is not currently available in the intrusion protection products.
In the near term, SiteProtector will still be required in most cases where clients want fine-grained policy configuration for the agent, real-time event monitoring, and event analytics.
Q 4: With this future integration of the capabilities onto a common foundation, what are the advantages to you as the customer, and how do the products complement each other?
A: Our customers want to reduce the expense, man-hours and training required to manage the operational aspects of security, deploy security software agents out to hundreds or thousands of endpoints, manage the patching process for security agent software, and continuously monitor and report on the deployment status of the IT security environment over time. The integration of the capabilities onto a common foundation provides savings in both implementation and ongoing operations costs.
The addition of IBM SiteProtector to the customer’s environment will continue to provide complementary capabilities. It has been designed to manage high volumes of security event data from potentially thousands of different agents. It can provide detailed analysis of this data and even real-time event monitoring that will not be available in the common foundation provided by Tivoli Endpoint Manager. IBM SiteProtector is also very well adapted for fine-grained security policy management for the IBM security agent.
Q 5: What are the different phases (levels) of integration planned? And how would the rollouts into the market take place (timelines)?
Q 6: After integration, can a centralized console be used to control all Endpoint Protection products?
A: Yes, but not in the near future. The Tivoli Endpoint Manager administration console and SiteProtector are complementary as two components of a centrally managed solution. SiteProtector will likely be required or at least strongly recommended even after a significant degree of integration because its specialized security functionality is not easily or elegantly replicated in Tivoli Endpoint Manager.
Q 7: What is the strategy for the Proventia Desktop product? Is it back to stay? Will this product have a defined roadmap?
A: IBM believes that providing a solution for robust intrusion protection security on the desktop is strategically important. This product is here to stay and will be renamed to illustrate its place in the portfolio with its next full release. We have already consolidated the software code associated with Proventia Desktop with the software code for IBM Server Protection for Windows to make it easier and less costly to support both platforms. Future roadmaps will include support for both desktop and server.
Q 8: What are the new features in Proventia Desktop v10.1?
A: Proventia Desktop v10.1 has similar features to that of IBM Server Protection for Windows. The new features include file / system / registry integrity monitoring and adaptive security policy.
Q 9: What would IBM’s advantage and differentiator be once the endpoint protection integrations take place?
A: IBM’s threat mitigation capabilities are powered by IBM’s X-Force research team, who are well-respected worldwide by industry analysts and our customers. This is a key differentiator and competitive advantage for us today. The consolidation of our security products onto a common platform with shared intrusion protection allows IBM to bring general endpoint management and rigorous security enforcement together to provide a nearly comprehensive set of capabilities for managing endpoints under a single intuitive management framework. No one else in the market today can do this.
Q 10: What is the plan for protection of mobile endpoints like Smart Phones and Tablets?
A: TEM Mobile Device Management (MDM) Beta based on the TEM platform was launched towards the end of September 2011.Certian traditional endpoint protection functions such as anti-malware and firewall are not in scope for this Beta release; instead, priority is placed on core security controls that fall under the MDM umbrella. These security controls include: device inventory, application management, configuration management, remote wipe for lost/stolen devices, and pin lock policy enforcement.