IBM's new intelligence tools and services enable enterprises to analyze complex data from multiple sources to determine in real-time how to adjust or change their security strategies. Today, critical information that can affect a company's security profile comes from a variety of sources - including the Cloud, social media networks, and mobile computing applications.
With these new tools and services, business leaders can more clearly map their security, risk and compliance requirements to business needs while allowing for growth and innovation.
Today's announcement strengthens IBM's offerings around advanced security analytics -- following IBM's acquisition of Q1 Labs, a provider of security intelligence software, and the creation of the new IBM Security Systems Division in October. Q1 Labs will join the more than 10 strategic security acquisitions IBM has made in the last decade and the more than 25 analytics-related purchases.
"IBM recognizes a client's need to get ahead of the threats in today's complex security landscape," said Marisa Viveros, vice president, IBM Security Services. "We are applying our nearly five decades of security experience to help clients move from a reactive position to a proactive one, using analytics to anticipate threats as they appear instead of after the fact."
The IBM analytics tools and services include:
-- New Suspicious Host Dashboard provides real-time identification of advanced threats, such as botnets. By using in-and-outbound firewall logs, threat intelligence feeds, intrusion detection and prevention events and geographic Internet Protocol (IP) location data, IBM automatically identifies and prioritizes the most severe threats --before they impact business functionality.
-- New IP Intelligence Report provides on-demand analysis of individual IP addresses in the form of a consolidated, one-page report that contains a deep dive analysis on the threats posed, vulnerabilities that exist and remediation activities under way. The consolidated report gives clients and IBM Threat Analysts increased visibility while reducing the time and complexity of analyzing multiple data sets.
-- Enhanced Automated Intelligence (AI) correlation engine enables IBM to chain together alerts from multiple service offerings to identify sequences of activity that equate to higher severity security incidents. These correlated alerts validate the severity of threats by lowering the rate of false positives and streamlining the identification of advanced threats that target individual customers or attack activities across the entire managed security services (MSS) customer data set.
-- New IP Center Dashboard provides IBM threat analysts enhanced query capabilities across the MSS customer data set, enabling faster profiling of suspected attackers, returning a breakdown of the customers and industries affected, the attacks delivered as well as a threat score. Just as the police can check a driver's license number for information including prior arrests and felony convictions, IBM threat analysts can perform checks to validate the severity of circumstances, streamlining the prioritization of remediation activities.
These new and enhanced capabilities will be offered as part of six subscription services that feed results from firewall logs, intrusion detection and prevention events and vulnerability scans into the X-Force Protection System and its cloud-based analytic engine. When used together, the data sets from the subscription services provide superior visibility into an IT environment, strengthening enterprise security and enabling more rapid remediation of advanced threats.
IBM is also announcing a new managed security information and event management (managed SIEM) solution, coinciding with the October acquisition of Q1 Labs. This solution uses analytics tools to provide a powerful around-the-clock security monitoring and reporting system that can proactively identify and help prevent threats. This customer premise equipment-based solution, which utilizes IBM Tivoli, Q1 Labs and other multivendor SIEM systems, can improve system uptime and performance and add value to existing SIEM investments.
IBM operates the world's broadest security research and development organization, comprising nine security operations centers, nine IBM Research centers, 11 software security development labs and an Institute for Advanced Security, with chapters in the United States, Europe and Asia Pacific. IBM monitors 13 billion security events per day in more than 130 countries and holds 3,000 security patents. IBM has been in the security business for nearly 50 years dating back to the security innovation in its mainframe systems.
For more information on IBM security, please visit: www.ibm.com/security