IBM QRadar Security Analytics Platform Offers X-Force Integration

IBM is rolling out QRadar, Big Blue’s first security-intelligence and analytics platform since the acquisition of Q1 Labs last year.

IBM is rolling out a new security platform based on the technology from last year's Q1 Labs acquisition. This new security offering looks to give IT administrators a holistic view of the environment, as well as insight into potential threats.

QRadar, IBM's latest security-intelligence platform, can track corporate vulnerabilities in real-time and analyze unusual activity to determine threat levels. The QRadar platform, which the company officially announced Feb. 22, will be able to cross-reference activity with various repositories of threat and hacker data to identify attacks, including IBM's own X-Force database.

While QRadar was designed by Q1 Labs prior to its acquisition by IBM in October, the security-intelligence and analytics platform is a significant advancement in terms of features, said Michael Applebaum, director of product marketing at IBM Security Systems. The deal made it possible to implement some of the analytic capabilities much sooner, said Applebaum.

Businesses and IT departments have traditionally taken a "piecemeal" approach to deploying security, and it's increasingly clear that approach doesn't work, said Applebaum.

Despite spending billions of dollars each year on firewalls, security software and intrusion-prevention and -detection systems, organizations are still vulnerable to attacks. Staying ahead of determined attackers is always a challenge, but it's further complicated by the fact that security products tend to be deployed in silos, and rarely can communicate with each other.

Despite all the investment, it's rare for anyone looking at reports from one security product to know what is going on with the rest of the network, said Applebaum.

Many of the security products do not share information about the kind of attacks they have detected and blocked, said Applebaum. This is where QRadar will excel since the platform harnesses the power of "big data" and cross-references all the information collected from the network against live data obtained from more than 400 feeds of real-time threat and hacker information. One of the sources happens to be IBM's own X-Force database, one of the largest such repositories, according to IBM.

IBM has access to more than 13 billion security events culled from more than 4,000 clients around the world. By analyzing those events, IBM can provide insights that can be used to spot malware and identify signs of an attack before the company is compromised and data is stolen. This is the first time X-Force's threat data has been incorporated into a security-intelligence platform, according to IBM.

Attackers tend to conduct several reconnaissance missions to learn about the network, figure out what is available, and identify points of interest before launching an attack to steal information or take over systems. If IT administrators can effectively sift through all the security events, such as log-in attempts, file transfers and sudden changes in user permissions, they would be able to filter out anomalies and find actual attacks in progress, said Applebaum.

IT managers using QRadar will have a holistic view of the corporate network and be able to see when a person has gained access to a proprietary database after repeated log-in failures, or if large chunks of data are being sent to a system in a country the company doesn't do business in.

QRadar will join a number of products that rely on big data to analyze and report on security events to provide real-time security. Proofpoint uses big data as part of its email security portfolio, and Solera Networks examines unstructured data to find vulnerabilities and to detect a breach as it is happening.

The QRadar security-intelligence platform will be available before the end of March. Existing Q1 Labs customers will be able to upgrade to the latest version, Applebaum said.