This is not simply just another partner deal. While Consul has long offered RACF-based products, the real driver for the deal is recently developed, patent pending technology that correlates user access patterns from the cryptic logs maintained by various access control subsystems. Consul has packaged the technology to provide what IBM terms audit in box, with reports showing whether users admitted into the system are not violating compliance polices.
The technology in question, called M7, applies business intelligence and data transformation techniques that convert cryptic data from log files into meaningful information from which user access patterns can be deduced.
Once the deal is consummated, the Consul offerings would fill a major gap in Tivoli’s access management portfolio. Today, Tivoli Access Management can provision user privileges on a centralized basis. And thanks to this year’s acquisition of Micromuse, Tivoli has a network event correlation engine. But until now, Tivoli had no way of correlating user access patterns, or correlating user access with system events.
The Consul technology acts like a BI tool with ETL (extract/transform/load), analysis, and reporting capabilities. In essence, it is BI applied to access management. Using adapters to a myriad of log file systems, Consul’s technology extracts, transforms, and normalizes the data into a central repository. And then it can report when access patterns, such as payroll employee accessing payroll data off hours form off premises, depart from the norms.
It has put together several compliance packs, which are essentially reporting templates that can be used to document the user access aspects of regulatory compliance activities. According to Consul, its customers identified nearly 500 compliance use cases. Once it closes the acquisition, one of IBM’s first priorities will be to expand the number of compliance reports.
But beyond that, there are obvious possibilities for tying in user access patterns with system or network events, so a user who is otherwise authorized to gain access might be caught if he or she is conducting an unauthorized database dump.
Admittedly, while most of the attention was centered around z Series platform capabilities, Consul can read access logs from distributed platforms. Nonetheless, as Al Zollar, head of IBM’s Tivoli business emphasized, the solutions will be targeted at large accounts, which in most cases, are likely to have mainframes.
Although a long time IBM partner, Consul has also had a strategic partnership with BMC. Obviously, IBM’s acquisition changes the playing field with BMC. But Zollar said that they would continue to support interfaces with BMC, just as Tivoli’s access and event management products already maintain interfaces to most rivals.
The deal, still pending SEC approval, is for an undisclosed amount. Although OIBM didn’t disclose when it expected the deal to close, in all likelihood it will be sometime in the first half of 2007.