IBM has unveiled new capabilities to its QRadar Security Intelligence Platform, adding theability to integrate threat intelligence feeds for deeper analysis and alerting capabilities.
The updated securityinformation and event management (SIEM) platform, which it plans to roll out in phases thisyear, offers real-time threat intelligence feeds from more than 400 different sources, includingits X-Force security threat analysis service. The QRadar platform enables IT security teamsto apply rules that can trigger alerts based on the data from the threat feeds. IBM attained QRadaras part of its acquisitionof Q1 Labs last fall.
IBM said the threat data enables the systems analytics engine to flag behavior that may beassociated with targeted attacks or sophisticated malware and hacking techniques. Like other SIEMsystems, QRadar collects log data from various IBM and non-IBM systems. The company plans to addsupport modules for Symantec DLP, Websense Triton, Stonesoft Stonegate and other third-partyproducts, A dashboard will display the data along with a threat feeds dashboard view of the X-Forcethreat feed.
"By applying analytics and knowledge of the latest threats and helping integrate key securityelements, IBM plans to deliver predictive insight and broader protection," Brendan Hannigan,general manager, IBM Security Systems said in a statement.
IBM's move is part of a growing trend of security vendors rolling out more powerful SIEMplatforms. Hannigan, who served as CEO of Q1 Labs prior to the acquisition, told SearchSecurity.comin November that he was leading a newly formed IBM division that brings together all of IBMssecurity offerings. With Q1s SIEM platform as the foundation, Hannigan said IBM plans to tietogether its database security, endpoint management, network security and application securityofferings and bolster them with analytical capabilities to get more actionable data out of thosesystems.
In Big Blue's announcement today, the company said it will roll out integration for its SecurityIdentity Manager and IBM Security Access Manager. The company is also building in tighterintegration with its Guardium appliances which monitor and manage connections to and from a widevariety of enterprise database products. It's also providing a connection to its Security AppScanplatform to alert on Web applications that need patching. IBM said the integration will be rolledout in the second half of this year,
IBM acquired Q1 Labs in October, at about the same time NitroSecurity was acquired by McAfee.Analysts say both Q1 and Nitro had strong technologies and solid customer bases, making them keyacquisition targets. Up until now, according to research firm Gartner Inc., mostdeployments of SIEM systems have been to meet compliance mandates -- mainly PCI DSS -- withenterprises deploying SIEM to take advantage of reporting capabilities.
0 comments:
Post a Comment