IBM unveiled new capabilities planned for its security intelligence platform designed to combine deep analytics with real-time data feeds from hundreds of different sources. This provides organizations the ability to help proactively protect themselves from increasingly sophisticated and complex security threats and attacks using a single platform, the vendor says.
"Trying to approach security with a piece-part approach simply doesn't work," says Brendan Hannigan, general manager of IBM Security Systems. "By applying analytics and knowledge of the latest threats and helping integrate key security elements, IBM plans to deliver predictive insight and broader protection."
IBM's QRadar Security Intelligence Platform, designed by Q1 Labs and acquired by IBM last fall, tackles this problem head-on by serving as a control center that integrates real-time security intelligence data to include more than 400 different sources. New features planned in the security platform include threat intelligence made available through real-time monitoring of 13 billion security events per day from the IBM X-Force Threat Intelligence Feed. This insight can flag behavior that may be associated with advanced persistent threats, which may emanate from teams of attackers accessing networks through stealth means.
The new offerings will also unite events from IBM and non-IBM products that span four areas of organizational risk - infrastructure, people, applications and data. The platform can drill down to basic data elements to help analyze issues emanating from network access information at the periphery to database activity at the core of a business.
With new integrations to be made available, the analytics platform can rapidly identify abnormal activity by combining the contextual awareness of the latest threats and methods being used by hackers with real-time analysis of the traffic on the corporate IT infrastructure. For example, the future integrations permit the platform to detect when multiple failed logins to a database server are followed by a successful login and access to credit card tables, followed by an upload to an unknown site.
QRadar integration modules are also planned for Symantec DLP, Websense Triton, Stonesoft Stonegate and other third-party products, increasing QRadar's ecosystem, IBM says.
The offerings include the XX24 appliance series, which includes the QRadar 3124 SIEM appliances, QRadar 1624 Event Processor and QRadar 1724 Flow Processor. All include 16TB of usable storage and 64GB of RAM - organizations can support more users, achieve higher performance and store data longer.
The big data and virtual infrastructure enhancements are available now. QRadar integration modules for IBM Guardium Database Security are planned to be available in 1Q2012.
Integration modules for IBM X-Force Threat Intelligence, IBM Security Identity Manager, IBM Security Access Manager, IBM Security AppScan and IBM Endpoint Manager are planned to be available in the second quarter of 2012.
For more information, visit www.q1labs.com.