IBM is extending its data analytics capabilities into the security realm to help clients anticipate threats before they happen by analyzing the data from a variety of sources.
IBM unveiled enhancements to its
security services portfolio, promising customers improved data analytics and
deeper real-time analysis of security threats.
Customers can analyze data from
multiple sources across the enterprise and determine how to tweak their
security strategies and make sure security and business needs are aligned using
new intelligence tools and services, IBM said Nov. 3. The new services are
designed to help organizations make rapid decisions and prevent security
breaches from impacting business, the company said.
The analytics tools and services
include a new dashboard to provide real-time identification of advanced
threats, a new IP intelligence report, an enhanced automated intelligence
correlation engine, a new IP center dashboard, and managed security information
and event management (SIEM) capabilities, according to Latha Maripuri, director
if IBM Security Services. The services detect outlying behavior and threats by
correlating a diverse set of data to help organizations make rapid decisions in
case of a breach, Maripuri said.
Security executives are saying,
"I've got a lot of the pieces, but I don't have a way to understand what's
going on," Maripuri told a group of journalists at a press event on Nov.
IBM created the new Security Systems
Division in October after acquiring security intelligence and SIEM vendor Q1 Labs
. The new tools and services under the
Security Systems umbrella will expand IBM's existing security analytics
capabilities, Marisa Viveros, vice president of IBM Security Services, said at
the same event. Business intelligence is the "future of security,"
Viveros said, noting that IBM is pulling together all its recent security and
analytics acquisitions to provide customers with deep analysis of threat data.
With BI capabilities, organizations can present security insights to businesses
and to the board of directors to justify security expenditures and policies,
These tools and services will be
offered as part of six subscription services that feed results from firewall
logs, intrusion detection and prevention events, and vulnerability scans into
the X-Force Protection System and its cloud-based analytic engine, IBM said.
The data sets from the subscription services provide IBM analysts with
"superior visibility" into an IT environment, strengthen enterprise
security and allow security teams to remediate threats more rapidly, according
to the company.
The host dashboard will use inbound and
outbound firewall logs, threat intelligence feeds, intrusion detection and
prevention events, and geographic IP location data to identify and prioritize
threats, such as botnets. The ability to combine all the information into a
single dashboard was essential because "no one wants multiple
dashboards," Viveros said.
The IP intelligence report is a one-page
report that analyzes threats, vulnerabilities and remediation activities under
way. The report will give organizations insight in all the IP addresses that
are hitting their servers and be able to identify which may be malicious and
which ones to keep an eye on for now, according to Maripuri.
The AI correlation engine enables IBM
to chain together alerts from multiple services to identify sequences of
activity that represent severe incidents. The Q1 Labs acquisition will enhance
the engine, according to Maripuri.
The IP center dashboard provides IBM
threat analysts with enhanced query capabilities across the managed security
services customer data set. Analysts can profile suspected attackers faster,
identify the number of affected customers and industries, and understand the
type of threats delivered.
Just as the police can check a driver's
license number for information including prior arrests and felony convictions,
IBM threat analysts can perform checks to validate the severity of
circumstances, streamlining the prioritization of remediation activities,
according to IBM.
The managed SIEM offering, utilizing
IBM Tivoli and Q1 Labs technology, will provide around-the-clock security
monitoring and reporting to effectively identify and respond to threats and
enhance existing SIEM deployments.
IBM already operates nine security
operations centers, nine IBM Research centers, 11 software security development
labs and three Institutes for Advanced Security around the world, according to
Maripuri. The company employs thousands of security experts globally and
monitors 12 billion security events per day in more than 130 countries, she