IBM Security Looks To Cyber Defence With New Offerings

IBM Security has launched new products which it claims will equip organisations with the capabilities to protect themselves against cyber attacks.

Big Blue will provide a new service to help enterprises use the National Institute of Standards and Technology’s (NIST) new Cybersecurity Framework as well as an appliance for helping organizations diagnose and defend their data and enterprise networks against external attacks and unauthorised insider activities.

Cybersecurity Framework

The new Cybersecurity Framework is the product of a year-long collaboration between the US government and industry. The goal of the framework is to help organisations assess and manage cybersecurity risk with respect to key categories and functions, utilising existing best practices. As factories, power facilities and other physical assets are increasingly interconnected, the framework is important to the security of today’s enterprises and the infrastructure they depend upon.

The framework establishes a common language for organisations to evaluate their cybersecurity posture and to identify and prioritise opportunities to improve it. It is designed to be adaptable to organisations of different types and sizes, and can be customised to an individual organisation depending on its risk profile, resources, and needs.

The IBM Industrial Controls Cybersecurity Consulting service is designed to help companies apply the framework to baseline and improve their security maturity, prioritise security investments and resources, and protect themselves from cyber risks to infrastructure and elements necessary for critical operations and networks.

IBM security consultants will educate clients on details and mechanics of the NIST Cybersecurity Framework and perform a comprehensive assessment of a client’s security maturity relative to the guidelines, best practices and international standards referenced in the framework. Clients receive recommendations for improvements as well as a roadmap for improving capabilities and reducing risk.

Threat Management

“Cyber threats are not limited to select industries such as financial services and retail companies,” said Kris Lovejoy, general manager of IBM Security Services, in a statement. “There is a growing need to apply advanced security to our increasingly interconnected critical infrastructure like power facilities, electrical grids, industrial manufacturing operations and others. If organisations take the steps outlined in the framework, they’ll be better positioned to protect themselves and their practices. IBM can help its clients adopt these best practices now.”

The industries most dependent on the nation’s infrastructure are also some of the most attacked. The most recent IBM Cyber Security Intelligence Index provides security intelligence analysis generated from IBM’s global security monitoring operation of over 4,000 clients. Data from the report shows that infrastructure-dependent industries are among the most targeted by cyber attackers. The top five industries that reported the most incidents were:

• Manufacturing – 26.5 percent of all observed security incidents
• Finance and Insurance – 20.9 percent
• Information and Communication – 18.7 percent
• Health and Social Services – 7.3 percent
• Retail and Wholesale – 6.6 percent

Moreover, IBM said cyber criminals often gain access to a corporate network weeks or months before actual data is compromised. According to the IBM X-Force Threat Intelligence Quarterly to be released next week, more than half a billion records of personally identifiable information were leaked in 2013 through a number of attacks against strategic targets. By detecting malicious activity earlier, organisations can more quickly stop, or reduce the potential loss of data.

Forensic Tool

IBM Security QRadar Incident Forensics, a new software product designed as a module for the QRadar Security Intelligence Platform, can help security teams retrace the step-by-step actions of sophisticated cyber criminals. By adding this forensics capture and search module to its QRadar Security Intelligence platform, IBM can further strengthen its clients’ abilities to efficiently investigate security incidents and understand the impact of any suspicious activity. QRadar Incident Forensics provides a record of activity on the network, enabling organisations to retrace suspicious activity, provide alerts to growing concerns, and provide forensics search capabilities.

“Every breach is a race against time. This new forensics module further expands the breadth and depth of IBM’s security intelligence capabilities,” said Brendan Hannigan, general manager of IBM Security Systems, in a statement. “QRadar Incident Forensics further helps IT staff prevent emerging threats and better determine the impact of any intrusion.”

Meanwhile, in the second quarter of 2014, IBM will introduce new capabilities to help organisations better understand the threat landscape. The IBM Advanced Cyberthreat Intelligence Service will provide customers with insight into the threat landscape, targeted attacks and attacker tools, tactics and practices, incorporating IBM’s own research with that of strategic partners specialising in threat visibility.

Additionally, IBM’s Active Threat Assessment complements this ongoing threat intelligence and visibility. It utilises technical assessment capabilities and tools to identify previously unrealised, active threats while also modelling threats in an enterprise environment.

IBM Security QRadar Incident Forensics, currently planned to be available in the second quarter of 2014, is an integrated module in IBM’s QRadar Security Intelligence platform. IBM is now allowing existing QRadar clients to test this solution as part of a beta program.

Are you a security expert? Try our quiz!

Originally published on eWeek.