IBM's Tivoli Risk Manager has been extended to help companies protect databases from security threats, malicious users and other vulnerabilities that may compromise data integrity or database performance.

The security features are being made available for IBM's DB2 Universal Database, Oracle and Microsoft SQL Server.

Tivoli Rick Manager, based on the Tivoli Framework, enables customers to monitor attacks, threats and vulnerabilities by correlating security alerts across a range of security products, including intrusion detection systems, Web server, firewalls and routers. Risk Manager interoperates with more than 60 security and network protection products.


"We have gotten a lot of feedback from customers who need to be able to analyze where an intruder might have gone if they did gain unauthorized access to the computer system," says Dead Verhaeghe, director of market management with IBM Tivoli.

The product audits to the record level in the database, identifying who access the records, and what they did with them. "This gives customers the ability to drill down into what records in the database may have been under attack," says Verhaeghe.

Triggers can be set to protect sensitive data. If a trigger is fired, security staff can be alerted that malicious activity could be taking place to gain access to sensitive data. The product will recommend an appropriate response, such as shutting out a user, isolating a database, deploying a patch or reconfiguring a server, actions which could be executed automatically if the customer prefers.

Prices for Risk Manager start at $1,250 per server. A typical installation at a large company costs approximately $100,000.