New capabilities for the IBM security intelligence platform
IBM unveiled new capabilities planned for its security intelligence platform designed to combine deep analytics with real-time data feeds from hundreds of different sources to give organizations the ability to help proactively protect themselves from increasingly sophisticated and complex security threats and attacks using a single platform.
Organizations today are struggling to defend themselves against an onslaught of ever-evolving data breaches, such as theft of customer and employee information, credit card data and corporate intellectual property.
To date, many corporations have been unable to create a security defense system because they have cobbled together technologies that don’t integrate in an intelligent and automated fashion. This patchwork approach has created loopholes that hackers can exploit.
The QRadar Security Intelligence Platform tackles this problem head-on by serving as a control center that integrates real-time security intelligence data to include more than 400 different sources.
Features include:
Threat Intelligence – Intelligence from one of the world’s largest repository of threat and vulnerability insights is planned to be available based on the real-time monitoring of 13 billion security events per day from the IBM X-Force Threat Intelligence Feed. This insight can flag behavior that may be associated with Advanced Persistent Threats, which may emanate from teams of attackers accessing networks through stealth means.
Visibility into Enterprise Activity – The platform will unite events from IBM and non-IBM products that span four areas of organizational risk – infrastructure, people, applications and data.
Pinpoint Analysis in an Age of Big Data – The platform can drill down to basic data elements to help analyze issues emanating from network access information at the periphery to database activity at the core of a business.
With new integrations to be made available, the analytics platform can quickly identify abnormal activity by combining the contextual awareness of the latest threats and methods being used by hackers with real-time analysis of the traffic on the corporate IT infrastructure. For example, the future integrations permit the platform to detect when multiple failed logins to a database server are followed by a successful login and access to credit card tables, followed by an upload to an unknown site.