Data analytics helps organizations hunt for cyber attacks
ARMONK, N.Y. – 31 Jan 2013: Advanced attacks, widespread fraud and the pervasive use of social media, mobile and cloud computing are drastically altering the security landscape. As organizations increasingly need to manage Big Data, the way that corporate data needs to be protected is rapidly changing.
To aid in the detection of stealthy threats that can hide in the increasing mounds of data, IBM today announced IBM Security Intelligence with Big Data, combining leading security intelligence with big data analytics capabilities for both external cyber security threats and internal risk detection and prevention. IBM Security Intelligence with Big Data provides a comprehensive approach that allows security analysts to extend their analysis well beyond typical security data and to hunt for malicious cyber activity.
This new solution combines real-time correlation for continuous insight, custom analytics across massive structured data (such as security device alerts, operating system logs, DNS transactions and network flows) and unstructured data (such as emails, social media content, full packet information and business transactions), and forensic capabilities for evidence gathering. The combination helps organizations address the most vexing security challenges, including advanced persistent threats, fraud and insider threats.
The Depository Trust & Clearing Corporation (DTCC) is a leading financial services transaction clearing and settlement provider linking funds and carriers with their distribution networks and handling more than 3.6 million securities from 122 countries and territories valued at US$39.5 trillion. DTCC protects the financial markets and systems as a whole, using scale and expertise with advanced data analytics to perfect a more robust, unified infrastructure and promote solutions that systematically reduce risks, amplify operating efficiency and minimize cost for the member firms.
“As the sophistication and technological means of cyber-criminals increase, the financial industry and government need to move to a risk-based framework that incorporates the dynamic nature of the threat landscape,” said Mark Clancy, CISO, Managing Director, Technology Risk Management, DTCC. “We need to move from a world where we ‘farm’ security data and alerts with various prevention and detection tools to a situation where we actively ‘hunt’ for cyber-attackers in our networks. IBM’s Security Intelligence with Big Data solution gives us a practical way to gain visibility across our environment. We’re gaining real-time security awareness and meaningful insight into historical activity across years of diverse data.”
“Leveraging assets from across IBM, we are on a relentless push to expand the scope of our security intelligence capabilities for clients,” said Brendan Hannigan, General Manager of IBM’s Security Systems Division. “Our goal is to provide actionable insight into every bit of data, no matter where it resides across the network, and help clients learn from past activity to better secure the future.”
For forward-leaning organizations seeking advanced insight into security risks, IBM Security Intelligence with Big Data helps provide unprecedented powers of detection by combining deep security expertise with analytical insights on a massive scale. The solution helps organizations answer questions they could never ask before, by widening the scope of investigation to new data types. By analyzing structured, enriched security data alongside unstructured enterprise data, the IBM solution helps find malicious activity hidden deep in the masses of an organization’s data.
“Success today is too often defined as the absence of failure by the information security industry, instead of the demonstration of effectiveness. We do a lot of things in our profession that are hard to observe and hard to quantify. But any time you can measure the success or failure in a provable way, you can produce a much better outcome,” Mark Clancy, CISO, Managing Director, Technology Risk Management, DTCC. said.
Integrated Security Intelligence and Big Data Analytics for Advanced Use Cases
Security use cases such as advanced persistent threat detection, fraud detection and insider threat analysis require a new class of solutions that can analyze more data, with more flexibility, and deliver more accurate results.
Made in IBM Labs, IBM Security Intelligence with Big Data unites the real-time security correlation and anomaly detection capabilities of the IBM QRadar Security Intelligence Platform with the custom analysis and exploration of vast business data provided by IBM InfoSphere BigInsights. The result is an integrated solution that combines intelligent monitoring and alerting with a workbench for threat and risk analysts to analyze and explore security and enterprise data in ways previously not possible.
Key capabilities include:
· Real-time correlation and anomaly detection of diverse security and network data
· High-speed querying of security intelligence data
· Flexible big data analytics across structured and unstructured data – including security, email, social media, business process, transactional, device, and other data
· Graphical front-end tool for visualizing and exploring big data
· Forensics for deep visibility into network activity
Rich Solutions with a Robust Roadmap
Included in IBM Security Intelligence with Big Data is an extensive set of pre-packaged security intelligence content, ranging from a comprehensive security data taxonomy and automated data normalization, to pre-defined rules and dashboards that codify industry best practices and accelerate time to value. IBM plans to deliver InfoSphere BigInsights Application Accelerators for specific use cases, to further accelerate deployment and enhance benefits.
The solution is additionally backed by expert professional services from IBM. These capabilities help clients kickstart their big data security initiatives through design best practices and proven implementation expertise. The solution is also supported by IBM Security Services, which helps clients manage day-to-day security operations by providing real-time management and monitoring of diverse technologies, such as SIEM, and complimentary services such as security assessments, and incident response and preparedness.
IBM QRadar Security Intelligence Platform products and IBM Big Data Platform products, including IBM InfoSphere BigInsights, are available immediately.
About IBM Security
IBM’s security portfolio provides the security intelligence to help organizations holistically protect their people, data, applications and infrastructure. IBM offers solutions for identity and access management, security information and event management, database security, application development, risk management, endpoint management, next-generation intrusion protection and more. IBM operates one of the world’s broadest security research and development, and delivery organizations. This comprises 10 security operations centers, nine IBM Research centers, 11 software security development labs and an Institute for Advanced Security with chapters in the United States, Europe and Asia Pacific. IBM monitors 15 billion security events per day in more than 130 countries and holds more than 3,000 security patents.
For more information on IBM security, please visit: www.ibm.com/security.
All client examples cited or described are presented as illustrations of the manner in which some clients have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual client configurations and conditions.
IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.