IBM has announced new security and audit features for its Tivoli Compliance Insight Manager (TCIM) to include a way to generate customised reports on whether internal security policies are being followed. Such reports are intended to assist customers with providing evidence of regulatory compliance.

In addition, the TCIM risk-management and compliance software will be integrated into IBM's other products, Tivoli Service Management controls and Identity Manager & Access Manager according to Kris Lovejoy, director of strategy for IBM governance and risk management.

"Insight will now take user-based information and import that for reporting purposes," Lovejoy said. "You'll be able to look at the policies you implemented."

Additional types of reports will allow network managers to aggregate system logs and analyse them for long-term trends to identify possible anomalies in activities associated with assets such as databases, she pointed out.

Bernie Donnelly, vice president of quality assurance at the Philadelphia Stock Exchange, which has used the Consul InSight software for several years to consolidate logs across some servers, said he expects to use TCIM more broadly because IBM is coming up with a way to collect data without the use of host-based agents.

"It was agent-based before and you had to manage all those agents," Donnelly said. He said if TCIM is effective without the need for agents, the Philadelphia Stock Exchange's internal business network would make much broader use of it for risk management.

IBM bought Consul InSight last year and renamed the upgraded version IBM Tivoli Compliance Insight Manager.

The software is scheduled to ship early next month.