IBM Security Platform Combines Analytics with Big Data Feeds
With security issues becoming hairier, IBM is moving to beef up its security intelligence platform that combines analytics with real-time data feeds.
The QRadar Security Intelligence Platform promises proactivity against the increasingly sophisticated and complex security threats you keep reading about in technology news. Indeed, Big Blue is responding to a real struggle in the enterprise: defending against an onslaught of ever-evolving data breaches. As IBM sees it, one point of failure stems from trying to cobble together technologies that don't integrate automatically and intelligently -- and hackers are exploiting patchwork approaches to security.
IBM acquired the QRadar Security Intelligence Platform last fall to tackle the problem head-on. QRadar serves as a control center that integrates real-time security intelligence data to include more than 400 separate sources. QRadar integration modules for IBM Guardium Database Security will be available in coming weeks.
An Integrated Philosophy
"Trying to approach security with a piece-part approach simply doesn't work," said Brendan Hannigan, general manager at IBM Security Systems. "By applying analytics and knowledge of the latest threats and helping integrate key security elements, IBM plans to deliver predictive insight and broader protection."
QRadar offers real-time monitoring of 13 billion security events a day from the IBM X-Force Threat Intelligence Feed in order to help CIOs flag behavior that may be associated with advanced persistent threats. The security platform also unites events from both IBM and non-IBM products that span risk in infrastructure, people, applications and data. Finally, QRadar can drill down to basic data elements to help analyze issues emanating from network access information at the periphery to database activity at the core of a business.
The QRadar platform has been expanded with Big Data capabilities for storing and querying massive amounts of security information. QRadar also offers functions that aim to help secure virtualized infrastructures and provide more visibility. The end goal is to help clients reduce security risk and automate their compliance processes.
A Big Data Approach
"The Big Data analytics features are potentially very interesting and could be innovative depending on what the company does," said Charles King, principal analyst at Pund-IT. "It's a little hard to tell at this stage of the game how beneficial the Big Data analytics will be but it's very much in line with IBM's larger strategic focus both on business analytics and Smarter Planet to extend the analytics model into security management and threat prevention."
That said, King believes part of the problem with security technologies is that solutions tend to be reactive rather than proactive. From his perspective, it's a bit like having somebody tell you that your house is broken into after you find the door off the hinges. IBM is promising to change that with its new platform.
"The challenge for security companies and for security vendors is to put together a set of tools and services that allow them to be proactive rather than reactive," King said. "And one of the mechanisms for that is the threat monitoring and assessment service, keeping a figure on the pulse of what's happening with your clients."