IBM is looking at using big data analysis to enhance corporate and homeland security, and detect and prevent cyber-attacks.
In essence, IBM is applying big data to help customers fight bad guys and protect their assets. Big Blue said advanced attacks, widespread fraud and the pervasive use of social media, mobile and cloud computing are altering the security landscape. So the company set its researchers onto the task of getting ahead of these threats.
To aid in the detection of these malicious lurking threats that can hide in mounds of data, IBM announced IBM Security Intelligence with Big Data. The new solution integrates security intelligence with big data analytics capabilities for both external cyber-security threats and internal risk detection and prevention. IBM Security Intelligence with Big Data provides a comprehensive approach that allows security analysts to extend their analysis well beyond typical security data and to hunt for malicious cyber-activity, the company said.
This new solution combines real-time correlation for continuous insight, custom analytics across both massive structured data (such as security device alerts, operating system logs, DNS transactions and network flows) and unstructured data (such as emails, social media content, full packet information and business transactions), and forensic capabilities for evidence gathering. The combination helps organizations address tough security challenges, including advanced persistent threats, fraud and insider threats.
Made in IBM Labs, IBM Security Intelligence with Big Data unites the real-time security correlation and anomaly detection capabilities of the IBM QRadar Security Intelligence Platform with the custom analysis and exploration of vast business data provided by IBM InfoSphere BigInsights. The result is an integrated solution that combines intelligent monitoring and alerting with a workbench for threat and risk analysts to analyze and explore security and enterprise data in ways previously not possible, IBM said.
Key capabilities of the new system include:
· Real-time correlation and anomaly detection of diverse security and network data
· High-speed querying of security intelligence data
· Flexible big data analytics across structured and unstructured data – including security, email, social media, business process, transactional, device, and other data
· Graphical front-end tool for visualizing and exploring big data
· Forensics for deep visibility into network activity
The Depository Trust & Clearing Corporation (DTCC) is a leading financial services transaction clearing and settlement provider linking funds and carriers with their distribution networks and handling more than 3.6 million securities from 122 countries and territories valued at $39.5 trillion. DTCC protects the financial markets and systems as a whole, using scale and expertise with advanced data analytics to perfect a more robust, unified infrastructure and promote solutions that systematically reduce risks, amplify operating efficiency and minimize cost for the member firms.
“As the sophistication and technological means of cyber-criminals increase, the financial industry and government need to move to a risk-based framework that incorporates the dynamic nature of the threat landscape,” said Mark Clancy, chief information security officer and managing director of Technology Risk Management at DTCC, in a statement. “We need to move from a world where we ‘farm’ security data and alerts with various prevention and detection tools to a situation where we actively ‘hunt’ for cyber-attackers in our networks. IBM’s Security Intelligence with Big Data solution gives us a practical way to gain visibility across our environment. We’re gaining real-time security awareness and meaningful insight into historical activity across years of diverse data.”
IBM is tapping into several assets to deliver its solution. “Leveraging assets from across IBM, we are on a relentless push to expand the scope of our security intelligence capabilities for clients,” said Brendan Hannigan, general manager of IBM’s Security Systems Division, in a statement. “Our goal is to provide actionable insight into every bit of data, no matter where it resides across the network, and help clients learn from past activity to better secure the future.”
Success today is too often defined as the absence of failure by the information security industry, instead of the demonstration of effectiveness, DTCC’s Clancy said. “We do a lot of things in our profession that are hard to observe and hard to quantify,” he said. “But any time you can measure the success or failure in a provable way, you can produce a much better outcome.”
Included in IBM Security Intelligence with Big Data is a set of pre-packaged security intelligence content, ranging from a comprehensive security data taxonomy and automated data normalization, to pre-defined rules and dashboards that codify industry best practices and accelerate time to value. IBM plans to deliver InfoSphere BigInsights Application Accelerators for specific use cases, to further accelerate deployment and enhance benefits.
As is typical with Big Blue, the new security solution is additionally backed by expert professional services from IBM. These capabilities help users kick-start their big-data security initiatives through design best practices and proven implementation expertise. The solution is also supported by IBM Security Services, which helps clients manage day-to-day security operations by providing real-time management and monitoring of diverse technologies, such as SIEM, and complimentary services such as security assessments, and incident response and preparedness.
IBM QRadar Security Intelligence Platform products and IBM Big Data Platform products, including IBM InfoSphere BigInsights, are available now.