IBM Brings Data Analytics to Security Services Portfolio
IBM unveiled enhancements to its security services portfolio, promising customers improved data analytics and deeper real-time analysis of security threats.
Customers can analyze data from multiple sources across the enterprise and determine how to tweak their security strategies and make sure security and business needs are aligned using new intelligence tools and services, IBM said Nov. 3. The new services are designed to help organizations make rapid decisions and prevent security breaches from impacting business, the company said.
The analytics tools and services include a new dashboard to provide real-time identification of advanced threats, a new IP intelligence report, an enhanced automated intelligence correlation engine, a new IP center dashboard, and managed security information and event management (SIEM) capabilities, according to Latha Maripuri, director if IBM Security Services. The services detect outlying behavior and threats by correlating a diverse set of data to help organizations make rapid decisions in case of a breach, Maripuri said.
Security executives are saying, "I ve got a lot of the pieces, but I don't have a way to understand what's going on," Maripuri told a group of journalists at a press event on Nov. 2.
IBM created the new Security Systems Division in October after acquiring security intelligence and SIEM vendor Q1 Labs. The new tools and services under the Security Systems umbrella will expand IBM's existing security analytics capabilities, Marisa Viveros, vice president of IBM Security Services, said at the same event. Business intelligence is the "future of security," Viveros said, noting that IBM is pulling together all its recent security and analytics acquisitions to provide customers with deep analysis of threat data. With BI capabilities, organizations can present security insights to businesses and to the board of directors to justify security expenditures and policies, she said.
These tools and services will be offered as part of six subscription services that feed results from firewall logs, intrusion detection and prevention events, and vulnerability scans into the X-Force Protection System and its cloud-based analytic engine, IBM said. The data sets from the subscription services provide IBM analysts with "superior visibility" into an IT environment, strengthen enterprise security and allow security teams to remediate threats more rapidly, according to the company.
The host dashboard will use inbound and outbound firewall logs, threat intelligence feeds, intrusion detection and prevention events, and geographic IP location data to identify and prioritize threats, such as botnets. The ability to combine all the information into a single dashboard was essential because "no one wants multiple dashboards," Viveros said.
The IP intelligence report is a one-page report that analyzes threats, vulnerabilities and remediation activities under way. The report will give organizations insight in all the IP addresses that are hitting their servers and be able to identify which may be malicious and which ones to keep an eye on for now, according to Maripuri.