Can a vulnerability tell you when it's being attacked?
Bryan Casey 270003BSJV BFCASEY@US.IBM.COM | | Tags:  ibm scanning vulnerability appscan security qradar
0 Comments | 5,432 Visits
Today's post is from Constantine Grancharov, Product Manager, Appscan Enterprise.
The IBM X-force team declared 2011 'the year of the security breach'. This statement reflects the large number of prominent security breaches that made the news last year. The X-Force team also made the observation that attacks have become much more sophisticated and that requires a new approach to security. This new approach involves more security intelligence in detecting attacks and obtaining forensics.
Information Security requires that you put all the different pieces in context. IBM's QRadar solution gathers data from a large number of sources and puts it together to provide deep insight for effectively managing security risk.
Last week we announced the release of AppScan Enterprise v8.6 and its ability to integrate with QRadar. QRadar - which automatically maintains and updates information about each host system’s services, applications, vulnerabilities, traffic/use level, Internet exposure, users and more – is enhanced by the addition of application vulnerabilities information from AppScan. This greater context allows QRadar to better detect and prioritize threats by calculating more accurate risk levels for each asset and more accurate offense scores for each incident. In addition to creating more accurate overall risk levels for each asset in QRadar’s asset database, application vulnerabilities information also helps QRadar better detect and prioritize threats through real-time correlation with IPS/IDS alerts.
It is an overwhelming task to secure a large number of legacy and in-development applications. Having the capability to put applications in the context of the infrastructure on which they are deployed and correlate their vulnerabilities with probes and attacks detected by IPS/IDS in real-time, helps application security teams prioritize which vulnerabilities to address first and more effectively manage the risk applications present.
The integration between the two products consists of QRadar pulling application security data from AppScan Enterprise on a periodic basis. In other words, AppScan Enterprise acts as a vulnerability data source for QRadar. Since automated application security testing with AppScan is done primarily in pre-production, users are given the ability to map an application from its testing to production environment. Once a user completes an application security assessment, they have the ability (if granted permission by the AppScan administrator) to make the assessment results available to QRadar.
I encourage you to take advantage of these new product features. I think that you will find them very useful.