IBM QRadar Security Analytics Platform Uses X-Force Threat Database

IBM is rolling out a security platform based on technology from last year’s Q1 Labs acquisition. The product aims to give IT administrators a holistic view of the environment, as well as insight into potential threats.

QRadar, IBM’s latest security intelligence platform, can track corporate vulnerabilities in real-time and analyse unusual activity to determine threat levels. The QRadar platform will be able cross-reference activity with various repositories of threat and hacker data to identify attacks, including IBM’s own X-Force database.

Improved analytics

While QRadar was designed by Q1 Labs prior to its acquisition by IBM in October, the security intelligence and analytics platform is a significant advancement in terms of features, said Michael Applebaum, director of product marketing at IBM Security Systems. The deal made it possible to implement some of the analytic capabilities that had been listed further down the product much sooner, said Applebaum.

Businesses and IT departments have traditionally taken a “piecemeal” approach to deploying security and it is increasingly clear that approach does not work, said Applebaum.

Despite spending billions of dollars each year on firewalls, security software and intrusion prevention and detection systems, organisations are still vulnerable to attacks. Staying ahead of determined attackers is always a challenge, but it is further complicated by the fact that security products tend to be deployed in silos, and rarely can communicate with each other.

Despite all the investment, it is rare for anyone looking at reports from one security product to know what is going on with the rest of the network, said Applebaum.

Many of the security products do not share information about the kind of attacks it has detected and blocked, said Applebaum. This is where QRadar will excel since the platform harnesses the power of Big Data and cross-references all the information collected from the network against live data obtained from more than 400 feeds of real-time threat and hacker information. One of the sources happens to be IBM’s own X-Force database, one of the largest such repositories, according to IBM.

IBM has access to more than 13 billion security events culled from more than 4,000 clients around the world. By analysing those events, IBM can provide insights that can be used to spot malware and identify signs of an attack before the company is compromised and data is stolen. This is the first time X-Force’s threat data has been incorporated into a security intelligence platform, according to IBM.

Attackers tend to conduct several reconnaissance missions to learn about the network, figure out what is available, and identify points of interest before launching an attack to steal information or take over systems. If IT administrators can effectively sift through all the security events, such as log-in attempts, file transfers and sudden changes in user permissions, they would be able to filter out anomalies and find actual attacks in progress, said Applebaum.

IT managers using QRadar will have a holistic view of the corporate network and be able to see when a person has gained access to a proprietary database after repeated log-in failures, or if large chunks of data are being sent to a system in a country the company does not do business in.

QRadar will join a number of products that rely on Big Data to analyse and report on security events to provide real-time security. Proofpoint uses Big Data as part of its email security portfolio, and Solera Networks examines unstructured data to find vulnerabilities and to detect a breach as it is happening.

The QRadar Security Intelligence Platform will be available before the end of March 2012. Existing Q1 Labs customers will be able to upgrade to the latest version, said Applebaum.

How well do you know Internet security? Try our quiz and find out!