IBM has introduced comprehensive new security software and services to help organizations protect their critical data in an environment where advanced persistent threats, zero day attacks, breaches and the financial impact on an organization continue to rise.
According to two IBM-commissioned studies announced from the Ponemon Institute, the average cost of a data breach increased by 15 percent globally, reaching an average of $3.5 million. The majority of companies surveyed say targeted attacks are the greatest threat, costing them on average $9.4 million in brand equity alone.
The introduction of the IBM Threat Protection System and Critical Data Protection Program represent two years of significant investment in organic development and the acquisition of companies, including Q1 Labs, Trusteer, Guardium, Ounce Labs, Watchfire and Fiberlink/MaaS360. Since forming a dedicated cyber security business in late 2011, IBM has risen to become one of the largest players in enterprise security and has achieved six straight quarters of double-digit growth. According to IDC's Software Tracker, IBM significantly outpaced the overall security software market, and has moved from the 4th largest security vendor to the 3rd for 2013.
IBM's new Threat Protection System leverages security intelligence and behavioral analytics to go beyond traditional signature-based defenses and firewalls to disrupt attacks across the entire attack chain — from break-in to exfiltrate.
The IBM Threat Protection System includes an end-to-end architecture of analytic and forensics software that helps organizations continuously prevent, detect and respond to ongoing and sophisticated cyber attacks, and in some cases, eliminate the threat before the damage has occurred. Among the highlights:
- For prevention, IBM is announcing a new Trusteer Apex solution for endpoint malware blocking, significant enhancements to the IBM Network Protection appliance for quarantining against attacks and new integrations with key partners' network sandbox capabilities.
- For detection, IBM is enhancing its QRadar Security Intelligence platform with new capabilities – allowing organizations to detect attacks at new scale and actively block exploits with a click.
- For response, IBM is introducing IBM Security QRadar Incident Forensics. IBM also continues to expand its emergency response services globally.
Clients testing the IBM Threat Protection System have seen quick results. For example, a health care provider with thousands of endpoints immediately found dozens of instances of malware present, despite their use of many more traditional security tools. This malicious code could be used to remote control endpoints or exfiltrate data, but instead was instantly disabled. Likewise a large European bank recently tried this capability and was able to disable undetected malware across the enterprise.
The IBM Threat Protection System is supported around the world by IBM's managed security operations centers (SOC), which can monitor the system once deployed by clients. IBM's SOC Optimization consultants can also deploy and integrate them into customer SOCs.
"Advanced Persistent Threats have fundamentally changed the way organizations have to approach data security," said Brendan Hannigan, General Manager, IBM Security Systems. "Today, defending against cyber attacks requires more than a signature-based or perimeter approach. Deep analytic capabilities and forensics are vital and need to include endpoint prevention, perimeter protection and the ability to guard against attacks before they can do damage."
The new Critical Data Protection Program helps safeguard critical data — a corporation's "Crown Jewels." An organization's fortune is often driven by less than two percent of its enterprise data, which has major impact on competitive advantage, brand reputation, market value and business growth.
"Concerns over the ability to protect critical data from cyber attacks have moved center stage in the board room," said Kris Lovejoy, General Manager, IBM Security Services. "Cyber attacks and loss of data have the ability to impact brand reputation, reduce shareholder value and open an organization to litigation. IBM's new software and services are designed to provide these executives with a unique solution that lets them keep their focus on the day-to-day needs of their customers and driving business revenue."
The new security consulting services are based on IBM's unique Data Centric Security Model, under which IBM deploys assets from Guardium, StoredIQ and IBM Research to help protect this business critical information.
This critical data — which may include such high value data assets as acquisition and divestiture plans, executive and board deliberations and intellectual property — accounts for an estimated 70 percent of the value of a publicly traded corporation. As a result, this type of data is extremely valuable to hostile forces – whether company insiders or sophisticated attackers.
Despite the importance and value of critical enterprise data, many organizations are not aware of what their Crown Jewel information is, where it resides, who has access to it, or how it is protected, making it more difficult to monitor and protect. In fact, data loss can take days or more to discover in more than 95 percent of cases, and weeks or more to contain in more than 90 percent of cases, a lag that can have a catastrophic impact on a business.
IBM's new Critical Data Protection Program offers an iterative multi-phased approach of Define, Discover, Baseline, Secure and Monitor for a full lifecycle of data security to protect profitability, competitive position and reputation.