Tighter Integration and Intelligence Across the IBM Security Portfolio
Bryan Casey 270003BSJV BFCASEY@US.IBM.COM | | Tags:  security ibm analytics data intelligence integration
0 Comments | 3,827 Visits
Happy RSA everyone. To check out an overview of what IBM has going on at the show, click here.
In other news, if you have ever turned on a television during a sporting event in the US, you have likely seen IBM talking about data and analytics, and the increasing number of ways that this technology and vision is being applied to all sorts of different challenges. Some of the most prominent ways this intelligence is being applied is in our business analytics solutions, many of our Smarter Planet projects, and perhaps most well known, Watson, the computer that famously won on Jeopardy. Hot on the heels of these topics, and perhaps offering similar meaningful insights, is security intelligence. With the announcement of the Q1 Labs acquisition, and the formation of an entire security division, IBM took some important steps forward in making this vision around security and analytics a reality. We promised to break down more security silos and provide more insight than ever across an organization's entire security posture.
Last week IBM announced new capabilities around our QRadar Security Intelligence platform. While we have made a number of significant announcements recently, even within the last 6 months, there haven't been any that have been as "loaded," at least from my perspective. What do I mean by that? Well, this announcement was the first that had a very direct impact on all the major things we do in security, whether that's security information and event management, endpoint management, network security, threat research, identity and access management, application vulnerability testing or database activity monitoring. It was everything integrated with the new QRadar Security Intelligence platform- all of our technology now understanding how to talk to all of our other technology, and it all happened in one announcement.
Over the course of the coming weeks and months we'll talk more about what each of these integrations mean, but for now I want to highlight some examples of new capabilities that these integrations will deliver.
Infrastructure Security: QRadar + IBM Endpoint Manager (powered by BigFix)
What: Detect and prevent stealthy malware infections
How: Correlate anomalous network activity with vulnerable endpoints, & determine impact
Example of New Capability: Detect when a botnet has infected a vulnerable endpoint that is missing patches, and see what data was communicated back to the command-and-control server
Data Security: QRadar + IBM Guardium Database Security + X-Force Threat Intelligence
What: Prevent data exfiltration and detect data breaches faster
How: Correlate detailed database activity with other network activity to detect anomalous and suspicious behavior
Example of New Capability: Detect when multiple failed logins to a database server are followed by a successful login and accessing of credit card tables, then followed by an FTP upload to a questionable site
Application Security: QRadar + IBM AppScan (Static and Dynamic Testing)
What: Apply predictive analytics to prevent application compromise and better detect breaches that occur
How: Correlate application vulnerabilities with network topologies and suspicious activity
Example of New Capability: Determine when an unpatched Web application is attacked using a known SQL injection vulnerability, and identify the potential impact of the attack
User/Identity Security: QRadar + IBM Identity Manager & Access Manager
What: Provide deeper visibility into user-driven threats and risks
How: Correlate user identities & actions with network activity to prevent & detect breaches
Example of New Capability: Detect when a contractor logs into a high-value application after hours, and then sends a large amount of data via personal email account to a third party
IBM has been working with clients all over the world for years to help them improve their security posture.
This announcement was the next step in the capabilities IBM is delivering to the market in security, a step driven by tighter integrations across technologies and by intelligence and analytics derived from correlating data and events from across all of these different domains. Stay tuned.