Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

4/25/2012
08:31 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

IBM Announces New Threat Analytics To Help Organizations Better Identify Hidden Security Attacks

QRadar Network Anomaly Detection appliance analyzes complex network activity in real-time

LONDON, April 25, 2012 /PRNewswire/ -- INFOSEC -- IBM (NYSE: IBM) today unveiled new analytics using advanced security intelligence that can flag suspicious behavior in network activities to help better defend against hidden threats facing organizations.

(Logo: http://photos.prnewswire.com/prnh/20090416/IBMLOGO )

As organizations open up their networks to smartphones and increased social media access, traditional security defenses alone such as firewalls and antivirus software can't adequately protect an organization. According to the 2011 IBM X-Force Trend and Risk Report, adversaries ramped up social engineering attacks, and X-Force witnessed mobile exploits having increased by 19 percent in 2011. Firewalls and traditional security products do little against advanced threats that use unreported techniques or that have already invaded an organization.

To address this, IBM is announcing the QRadar Network Anomaly Detection appliance that analyzes complex network activity in real-time, detecting and reporting activity that falls outside normal baseline behavior. The analytics can look not only at inbound attacks but also can detect outbound network abnormalities where malware may have already infected a "zombie" system to send data outside the organization.

"Advanced attackers are both patient and clever, leaving just a whisper of their presence, and evading many network protection and detection approaches," said Marc van Zadelhoff, vice president of Strategy and Product Management, IBM Security Systems. "Most organizations don't even know they have been infected by malware. An advantage of IBM analytics is that it can detect the harbingers of new attacks from the outside or reveal covert malicious activity from the inside."

Using advanced behavioral algorithms, the QRadar Network Anomaly Detection appliance analyzes disparate data that can collectively indicate an attack - network and traffic flows, intrusion prevention system (IPS) alerts, system and application vulnerabilities, and user activity. It quantifies several risk factors to help evaluate the significance and credibility of a reported threat, such as the business value and vulnerabilities of targeted resources.

By applying behavioral analytics and anomaly detection, the application can flag abnormal events such as:

-- Outbound network traffic detected to countries where the company does not have business affairs; -- FTP traffic observed in a department that doesn't regularly use FTP services; and -- A known application running on a non-standard port or in areas where it is not allowed (e.g. unencrypted traffic running in secure areas of the network). The new QRadar Network Anomaly Detection appliance leverages the QRadar Security Intelligence Platform and is designed to complement IBM SiteProtector and IBM Security Network IPS deployments. The new appliance also receives a threat intelligence feed from IBM X-Force research, providing insight into suspect entities on the Internet based upon knowledge of more than 15 billion Web pages and images. The X-Force IP Reputation Feed provides QRadar Network Anomaly Detection with a real-time list of potentially malicious IP addresses - including malware hosts, spam sources and other threats. If the product sees any traffic to or from these sites, it can immediately alert the organization and provide rich contextual information about the activity.

IBM Security Network IPS with Hybrid Protection

Today IBM is announcing the newest version of its Network IPS, which contains hybrid protection, combining the broad protection found in IBM's Protocol Analysis Engine with the open source capabilities and common rule syntax of SNORT. This functionality gives IBM clients the ability to easily create and share custom IPS rules in a popular open source format and at the same time provides the confidence that comes with IBM's protection powered by IBM X-Force Research. IBM's Protocol Analysis Engine is considered to be one of the industry's most comprehensive threat detection engines.

IBM's Advanced Threat Protection Platform

IBM is announcing its suite of network security offerings, the Advanced Threat Protection Platform, which is now one of the most comprehensive, integrated threat protection portfolios. It comprises IBM Security Network IPS and IBM SiteProtector, and the new QRadar Network Anomaly Detection appliance with the new X-Force IP Reputation Feed. Users can now access X-Force intelligence through their QRadar offenses and reports to identify threats related to malicious IP addresses. The solutions also help protect against network-based threats masked in common network traffic and prevents attackers from exploiting vulnerabilities at the network, host and application layers.

As security is increasingly becoming a big data issue, this appliance is part of IBM's overall push to combine analytics with real-time feeds to deliver greater security intelligence to clients. IBM offers a range of security-specific appliances targeted at specific needs.

Availability

QRadar Network Anomaly Detection appliance with the X-Force IP Reputation Feed is available this quarter. IBM Advanced Threat Protection Portfolio, except the QRadar Network Anomaly Detection appliance, is available today and comprises existing and new product offerings.

About IBM Security

Q1 Labs was acquired by IBM in October 2011, and serves as a cornerstone of IBM's new Security Systems division. IBM's security portfolio provides the security intelligence to help organizations holistically protect their people, data, applications and infrastructure. IBM offers solutions for identity and access management, security information and event management, database security, application development, risk management, endpoint management, network security and more. IBM operates the world's broadest security research and development organization and delivery organization. This comprises nine security operations centers, nine IBM Research centers, 11 software security development labs and an Institute for Advanced Security with chapters in the United States, Europe and Asia Pacific. IBM monitors 13 billion security events per day in more than 130 countries and holds more than 3,000 security patents.

For more information on IBM security, please visit: www.ibm.com/security.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4682
PUBLISHED: 2021-01-28
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
CVE-2020-4888
PUBLISHED: 2021-01-28
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker co...
CVE-2020-13569
PUBLISHED: 2021-01-28
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can...
CVE-2021-20620
PUBLISHED: 2021-01-28
Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2021-20621
PUBLISHED: 2021-01-28
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.