IBM is rolling out QRadar, Big Blue’s first security-intelligence and analytics platform since the acquisition of Q1 Labs last year.
IBM is rolling
out a new security platform based on the technology from last year's Q1 Labs
acquisition. This new security offering looks to give IT administrators a
holistic view of the environment, as well as insight into potential threats.
QRadar, IBM's
latest security-intelligence platform, can track corporate vulnerabilities in
real-time and analyze unusual activity to determine threat levels. The QRadar
platform, which the company officially announced Feb. 22, will be able to cross-reference
activity with various repositories of threat and hacker data to identify
attacks, including IBM's own X-Force database.
While QRadar
was designed by Q1 Labs prior to its acquisition by IBM in October, the security-intelligence
and analytics platform is a significant advancement in terms of features, said
Michael Applebaum, director of product marketing at IBM Security Systems. The
deal made it possible to implement some of the analytic capabilities much
sooner, said Applebaum.
Businesses and
IT departments have traditionally taken a "piecemeal" approach to
deploying security, and it's increasingly clear that approach doesn't work,
said Applebaum.
Despite
spending billions of dollars each year on firewalls, security software and
intrusion-prevention and -detection systems, organizations are still vulnerable
to attacks. Staying ahead of determined attackers is always a challenge, but
it's further complicated by the fact that security products tend to be deployed
in silos, and rarely can communicate with each other.
Despite all
the investment, it's rare for anyone looking at reports from one security
product to know what is going on with the rest of the network, said Applebaum.
Many of the
security products do not share information about the kind of attacks they have
detected and blocked, said Applebaum. This is where QRadar will excel since the
platform harnesses the power of "big data" and cross-references all
the information collected from the network against live data obtained from more
than 400 feeds of real-time threat and hacker information. One of the sources
happens to be IBM's own X-Force database, one of the largest such repositories,
according to IBM.
IBM has access
to more than 13 billion security events culled from more than 4,000 clients
around the world. By analyzing those events, IBM can provide insights that can
be used to spot malware and identify signs of an attack before the company is
compromised and data is stolen. This is the first time X-Force's threat data
has been incorporated into a security-intelligence platform, according to IBM.
Attackers tend
to conduct several reconnaissance missions to learn about the network, figure
out what is available, and identify points of interest before launching an
attack to steal information or take over systems. If IT administrators can
effectively sift through all the security events, such as log-in attempts, file
transfers and sudden changes in user permissions, they would be able to filter
out anomalies and find actual attacks in progress, said Applebaum.
IT managers
using QRadar will have a holistic view of the corporate network and be able to
see when a person has gained access to a proprietary database after repeated
log-in failures, or if large chunks of data are being sent to a system in a
country the company doesn't do business in.
QRadar will
join a number of products that rely on big data to analyze and report on
security events to provide real-time security. Proofpoint uses big data as part
of its email security portfolio, and Solera Networks examines unstructured data
to find vulnerabilities and to detect a breach as it is happening.
The QRadar security-intelligence
platform will be available before the end of March. Existing Q1 Labs customers
will be able to upgrade to the latest version, Applebaum said.
Email
Print
