IBM Looks To Risk Prediction With QRadar Vulnerability Manager

The ability to predict security risk just got a little easier thanks to IBM’s QRadar Vulnerability Manager

IBM has expanded its security suite after it announced QRadar Vulnerability Manager (QVM).

QVM is an integrated security intelligence offering aimed at helping users identify key vulnerabilities in real-time, while reducing total cost of security operations.

Security Predictions

QRadar Vulnerability Manager is designed to give security officers a prioritised view across their entire network to enable them to quickly strengthen and fortify their defences. By aggregating vulnerability information into a single view, security teams can see the results from multiple network, endpoint, database or application scanners where it can be quickly reviewed and managed.

Risk Fire - Shutterstock - © RAStudioMore than 70,000 IBM X-Force Report security vulnerabilities exist today, with more than a dozen more being reported every day. The rapid expansion of social, mobile and cloud computing can further increase the threat landscape as each new device attached to a network further expands potential vulnerabilities.

“Security Intelligence is about putting all the available data into context, and making it useful for each client’s unique security needs,” Brendan Hannigan, general manager of IBM’s Security Systems Division, said in a statement. “We have relentlessly expanded QRadar’s capabilities, and tight integration of vulnerability management is the next natural extension.”

Part of the IBM Security Intelligence Platform, QVM is a software module that combs through security holes to help close them to potential exploits, excluding those hidden behind firewalls, associated with inactive applications or otherwise unreachable from external attacks. By activating a licence key, this new software can automatically scan the network and perform the analysis helping security teams most effectively direct their limited staff resources, IBM said.

“I think what they’re doing with QVM is very pragmatic,” Paula Musich, senior security analyst at Current Analysis told eWEEK. “Their aim isn’t really to replace existing vulnerability scanners, but rather to help customers get more out of those investments. Most enterprises use vulnerability scanners to pass audits for regulatory compliance, but they aren’t really getting the full value out of those scanners, because it’s really hard to figure out which vulnerabilities pose the greatest risk and prioritise remediation.

“Through its integration with the QRadar SIEM [Security Information and Event Management] as well as IPS [System Network Intrusion Prevention System] and Endpoint Manager, IBM is bringing more context to help security operations pros prioritise what’s most critical to address, and provide a workflow around that to streamline remediation,” she said.

Risk Views

QRadar Vulnerability Manager helps clients reduce the remediation and mitigation burden by aggregating vulnerability information into a single risk-based view where it can be quickly prioritised. Security teams can see the results from multiple network, endpoint, database or application scanners alongside the latest X-Force Threat Intelligence alerts and incident reports from the National Vulnerability Database. QRadar Vulnerability Manager also includes its own embedded, PCI-certified scanner, which can be scheduled to run periodically or triggered based on network events.

“QRadar Vulnerability Manager is a breakthrough for the IT security industry,” Murray Benadie, managing director at Zenith Systems, an IBM business partner, said in a statement. “It can cut a huge list of vulnerabilities in half, if not more.  Users will quickly see vulnerabilities on their networks, without trying to mash products together – that is how information falls through the cracks. This is a true game changer.”

Moreover, IBM is enhancing its intrusion-prevention platform with the introduction of the IBM Security Network Protection XGS 5100. Integrated with IBM Security QRadar, the platform now provides ongoing network data feeds to help identify stealthy Secure Sockets Layer attacks, in addition to providing real-time protection from advanced threats and heightened levels of network visibility and control, IBM said. This enhanced intrusion-prevention platform also includes IBM’s “virtual patch” technology to provide vulnerability protection when a software patch is not yet available.

In addition, IBM also announced a new version of the IBM Security zSecure Suite, a mainframe security solution with IBM QRadar Security Intelligence Platform integration. This combined solution helps provide organisations with enterprise-wide visibility of mainframe security events, supported with automated real-time threat alerts and customised compliance reporting.

What do you know about security? Find out with our quiz!

Originally published on eWeek.