IBM is extending its security services portfolio to include enhanced analytic tools and services to provide deeper, real-time analysis of advance threats. By detecting outlying behavior and threading together diverse contextual data, these services can help organizations make rapid decisions to prevent security breaches from affecting the business.
IBM's new intelligence tools and services enable enterprises to analyze complex data from multiple sources to determine in real-time how to adjust or change their security strategies. Today, critical information that can affect a company's security profile comes from a variety of sources – including the Cloud, social media networks, and mobile computing applications.
With these new tools and services, business leaders can more clearly map their security, risk and compliance requirements to business needs while allowing for growth and innovation.
The IBM analytics tools and services include:
- New Suspicious Host Dashboard provides real-time identification of advanced threats, such as botnets. By using in-and-outbound firewall logs, threat intelligence feeds, intrusion detection and prevention events and geographic Internet Protocol (IP) location data, IBM automatically identifies and prioritizes the most severe threats —before they affect business functionality.
- New IP Intelligence Report provides on-demand analysis of individual IP addresses in the form of a consolidated, one-page report that contains a deep dive analysis on the threats posed, vulnerabilities that exist and remediation activities under way. The consolidated report gives clients and IBM Threat Analysts increased visibility while reducing the time and complexity of analyzing multiple data sets.
- Enhanced Automated Intelligence (AI) correlation engine enables IBM to chain together alerts from multiple service offerings to identify sequences of activity that equate to higher severity security incidents. These correlated alerts validate the severity of threats by lowering the rate of false positives and streamlining the identification of advanced threats that target individual customers or attack activities across the entire managed security services (MSS) customer data set.
- New IP Center Dashboard provides IBM threat analysts enhanced query capabilities across the MSS customer data set, enabling faster profiling of suspected attackers, returning a breakdown of the customers and industries affected, the attacks delivered as well as a threat score. Just as the police can check a driver's license number for information including prior arrests and felony convictions, IBM threat analysts can perform checks to validate the severity of circumstances, streamlining the prioritization of remediation activities.
These new and enhanced capabilities will be offered as part of six subscription services that feed results from firewall logs, intrusion detection and prevention events and vulnerability scans into the X-Force Protection System and its cloud-based analytic engine. When used together, the data sets from the subscription services provide superior visibility into an IT environment, strengthening enterprise security and enabling more rapid remediation of advanced threats.
IBM is also announcing a new managed security information and event management (managed SIEM) solution, coinciding with the October acquisition of Q1 Labs. This solution uses analytics tools to provide a powerful around-the-clock security monitoring and reporting system that can proactively identify and help prevent threats. This customer premise equipment-based solution, which uses IBM Tivoli, Q1 Labs and other multivendor SIEM systems, can improve system uptime and performance and add value to existing SIEM investments.