IBM Security has announced new offerings to help organizations protect themselves against cyber attacks.
Big Blue will provide a new service to help enterprises use the National Institute of Standards and Technology’s (NIST) new Cybersecurity Framework as well as an appliance for helping organizations diagnose and defend their data and enterprise networks against external attacks and unauthorized insider activities.
The new Cybersecurity Framework is the product of a year-long collaboration between the U.S. government and industry. The goal of the framework is to help organizations assess and manage cybersecurity risk with respect to key categories and functions, leveraging existing best practices. As factories, power facilities and other physical assets are increasingly interconnected, the framework is important to the security of today's enterprises and the infrastructure they depend upon.
The framework establishes a common language for organizations to evaluate their cybersecurity posture and to identify and prioritize opportunities to improve it. It is designed to be adaptable to organizations of different types and sizes, and can be customized to an individual organization depending on its risk profile, resources, and needs.
The IBM Industrial Controls Cybersecurity Consulting service is designed to help companies apply the framework to baseline and improve their security maturity, prioritize security investments and resources, and protect themselves from cyber risks to infrastructure and elements necessary for critical operations and networks.
IBM security consultants will educate clients on details and mechanics of the NIST Cybersecurity Framework and perform a comprehensive assessment of a client’s security maturity relative to the guidelines, best practices and international standards referenced in the framework. Clients receive recommendations for improvements as well as a roadmap for improving capabilities and reducing risk.
"Cyber threats are not limited to select industries such as financial services and retail companies," said Kris Lovejoy, general manager of IBM Security Services, in a statement. "There is a growing need to apply advanced security to our increasingly interconnected critical infrastructure like power facilities, electrical grids, industrial manufacturing operations and others. If organizations take the steps outlined in the framework, they’ll be better positioned to protect themselves and their practices. IBM can help its clients adopt these best practices now."
The industries most dependent on the nation's infrastructure are also some of the most attacked. The most recent IBM Cyber Security Intelligence Index provides security intelligence analysis generated from IBM’s global security monitoring operation of over 4000 clients. Data from the report shows that infrastructure-dependent industries are among the most targeted by cyber attackers. The top five industries that reported the most incidents were:
· Manufacturing – 26.5 percent of all observed security incidents
· Finance and Insurance – 20.9 percent
· Information and Communication – 18.7 percent
· Health and Social Services – 7.3 percent
· Retail and Wholesale – 6.6 percent
Moreover, IBM said cyber criminals often gain access to a corporate network weeks or months before actual data is compromised. According to the IBM X-Force Threat Intelligence Quarterly to be released next week, more than half a billion records of personally identifiable information were leaked in 2013 through a number of attacks against strategic targets. By detecting malicious activity earlier, organizations can more quickly stop, or reduce the potential loss of data.
IBM Security QRadar Incident Forensics, a new software product designed as a module for the QRadar Security Intelligence Platform, can help security teams retrace the step-by-step actions of sophisticated cyber criminals. By adding this forensics capture and search module to its QRadar Security Intelligence platform, IBM can further strengthen its clients’ abilities to efficiently investigate security incidents and understand the impact of any suspicious activity. QRadar Incident Forensics provides a record of activity on the network, enabling organizations to retrace suspicious activity, provide alerts to growing concerns, and provide forensics search capabilities.
"Every breach is a race against time. This new forensics module further expands the breadth and depth of IBM's security intelligence capabilities," said Brendan Hannigan, general manager of IBM Security Systems, in a statement. "QRadar Incident Forensics further helps IT staff prevent emerging threats and better determine the impact of any intrusion."
Meanwhile, in the second quarter of 2014, IBM will introduce new capabilities to help organizations better understand the threat landscape. The IBM Advanced Cyberthreat Intelligence Service will provide customers with insight into the threat landscape, targeted attacks and attacker tools, tactics and practices, incorporating IBM's own research with that of strategic partners specializing in threat visibility.
Additionally, IBM's Active Threat Assessment complements this ongoing threat intelligence and visibility. It leverages technical assessment capabilities and tools to identify previously unrealized, active threats while also modeling threats in an enterprise environment.
IBM Security QRadar Incident Forensics, currently planned to be available in the second quarter of 2014, is an integrated module in IBM’s QRadar Security Intelligence platform. IBM is now allowing existing QRadar clients to test this solution as part of a beta program.