IBM debuts intrusion-prevention tool

The new service, IBM's latest offering for the IT security market, is designed to monitor worm attacks.

Dawn Kawamoto Former Staff writer, CNET News

Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.

Dawn Kawamoto

March 27, 2006 10:47 a.m. PT

IBM expanded its security services with the formal unveiling on Monday of its intrusion-prevention technology.

The new feature, part of IBM's On Demand Innovation Services, is Big Blue's latest effort to capture a bigger slice of the IT security market. Last month, the company debuted its Identity Manager Express security software.

IBM's intrusion-detection tool aims to monitor worm attacks and reduce false positives, or instances in which legitimate actions are classified as malicious intrusions. Among its features, the tool presents dummy postings of server activity that are designed to lure attackers into scanning the servers.

The detection tool then responds to the attack in an effort to trick the worm into revealing its identity. With the identity to refer to, the tool should be able to reduce the number of false positive readings.

"This is different than a regular honeypot that just traps the virus," said Steven Tomasco, an IBM spokesman. "The tool does not just trap it. It responds to it, so the worm will have to reveal its identity and there will be less false positives."

Other ODIS security features include biometrics, digital rights management and identity management.