IBM Adds Data Analytics, Intelligence Tools to Security Services Portfolio

IBM is extending its data analytics capabilities into the security realm to help clients anticipate threats before they happen by analyzing the data from a variety of sources.

IBM unveiled enhancements to its security services portfolio, promising customers improved data analytics and deeper real-time analysis of security threats.

Customers can analyze data from multiple sources across the enterprise and determine how to tweak their security strategies and make sure security and business needs are aligned using new intelligence tools and services, IBM said Nov. 3. The new services are designed to help organizations make rapid decisions and prevent security breaches from impacting business, the company said.

The analytics tools and services include a new dashboard to provide real-time identification of advanced threats, a new IP intelligence report, an enhanced automated intelligence correlation engine, a new IP center dashboard, and managed security information and event management (SIEM) capabilities, according to Latha Maripuri, director if IBM Security Services. The services detect outlying behavior and threats by correlating a diverse set of data to help organizations make rapid decisions in case of a breach, Maripuri said.

Security executives are saying, "I've got a lot of the pieces, but I don't have a way to understand what's going on," Maripuri told a group of journalists at a press event on Nov. 2.

IBM created the new Security Systems Division in October after acquiring security intelligence and SIEM vendor Q1 Labs. The new tools and services under the Security Systems umbrella will expand IBM's existing security analytics capabilities, Marisa Viveros, vice president of IBM Security Services, said at the same event. Business intelligence is the "future of security," Viveros said, noting that IBM is pulling together all its recent security and analytics acquisitions to provide customers with deep analysis of threat data. With BI capabilities, organizations can present security insights to businesses and to the board of directors to justify security expenditures and policies, she said.

These tools and services will be offered as part of six subscription services that feed results from firewall logs, intrusion detection and prevention events, and vulnerability scans into the X-Force Protection System and its cloud-based analytic engine, IBM said. The data sets from the subscription services provide IBM analysts with "superior visibility" into an IT environment, strengthen enterprise security and allow security teams to remediate threats more rapidly, according to the company.

The host dashboard will use inbound and outbound firewall logs, threat intelligence feeds, intrusion detection and prevention events, and geographic IP location data to identify and prioritize threats, such as botnets. The ability to combine all the information into a single dashboard was essential because "no one wants multiple dashboards," Viveros said.

The IP intelligence report is a one-page report that analyzes threats, vulnerabilities and remediation activities under way. The report will give organizations insight in all the IP addresses that are hitting their servers and be able to identify which may be malicious and which ones to keep an eye on for now, according to Maripuri.

The AI correlation engine enables IBM to chain together alerts from multiple services to identify sequences of activity that represent severe incidents. The Q1 Labs acquisition will enhance the engine, according to Maripuri.

The IP center dashboard provides IBM threat analysts with enhanced query capabilities across the managed security services customer data set. Analysts can profile suspected attackers faster, identify the number of affected customers and industries, and understand the type of threats delivered.

Just as the police can check a driver's license number for information including prior arrests and felony convictions, IBM threat analysts can perform checks to validate the severity of circumstances, streamlining the prioritization of remediation activities, according to IBM.

The managed SIEM offering, utilizing IBM Tivoli and Q1 Labs technology, will provide around-the-clock security monitoring and reporting to effectively identify and respond to threats and enhance existing SIEM deployments.

IBM already operates nine security operations centers, nine IBM Research centers, 11 software security development labs and three Institutes for Advanced Security around the world, according to Maripuri. The company employs thousands of security experts globally and monitors 12 billion security events per day in more than 130 countries, she said.