Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

InfoSec 2012: IBM launches new threat analytics engine

IBM aims to tackle Advanced Persistent Threats with new analytics tool

Article comments

IBM is growing its Security Systems unit with the launch of a new threat analytics appliance, which the company claims can identify suspicious behaviour in the network to protect organisations against hidden threats.

IBM launched its Security Systems division in October 2011, drawing together disparate security products developed by IBM over the previous 14 years and putting new focus on the four “mega trends” of Mobile, Cloud, Advanced Persistent Threats and Security Intelligence.

The company’s new QRadar Network Anomaly Detection appliance falls into the Advanced Persistent Threats category, and builds on software gained through its acquisition of security intelligence software provider Q1 Labs in January 2012. It leverages the QRadar Security Intelligence Platform and is designed to complement IBM SiteProtector and IBM Security Network IPS deployments.

QRadar analyses network activity in real-time, detecting and reporting activity that falls outside “normal baseline behaviour”. This baseline behaviour is determined using algorithms that monitor and analyse the IT systems of IBM’s 4,000 clients around the world.

“Through looking at certain industries and certain geographies, we can get an understanding of what it’s like in a particular industry or a particular country, and we’re feeding that intelligence into the platform,” explained Martin Borrett, director of IBM’s Security Systems division, speaking to Techworld at the Infosecurity show in London.

“Our clients generate roughly 13 billion security-related events every day – that’s 150,000 every second – so through doing that we get huge insight to what’s a normal baseline and what’s unusual.”

By applying behavioural analytics and anomaly detection, QRadar can flag abnormal events such as outbound traffic to countries where the company does not have business affairs, or FTP traffic in a department that doesn’t regularly use FTP services.

The new appliance also receives regular threat intelligence reports from IBM’s security research arm X-Force, which crawls more than 15 billion pages and images on the public Web and provides a real-time list of potentially malicious IP addresses. If any traffic to or from these sites is detected it can immediately alert the organisation in question.

“It’s the integration of this intelligence that’s so interesting,” said Borrett. “We’re not just looking at what’s happening at the firewall layer, or at the router or the antivirus or the operating system, we’re trying to take a broader view across all of, because that way you can really get some insight and visibility.

Borrett believes that IBM’s ability to analyse the threat landscape holistically, rather than just focusing on specific security problems, helps IBM stand out from its competitors in the IT security market.

“There are many excellent point product vendors. In their domain they have fantastic technology, and that’s important, but no one of those things is enough in itself, you really do need a range of countermeasures,” he said.

He added that IBM’s experience in the field of analytics is also a significant advantage when dealing with advanced persistent threats – which Borrett regards as a Big Data problem.

“These things create a lot of security events, particularly across big enterprises – they really have a Big Data problem,” he said. “When you’ve got that level of information then you really do need quite sophisticated analytics.

“This is an area where IBM's global scale and reach really works to its advantage.”

Infosecurity Europe runs from the 24th – 26th April 2012, in Earls Court, London.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *