In effort to help customers detect threats that can hide within the massive amounts of data that reside within enterprise walls, IBM on Wednesday announced “IBM Security Intelligence with Big Data”, a new offering that combines security intelligence with big data analytics capabilities.
Designed to detect both external cyber threats and internal risks, IBM Security Intelligence with Big Data enables security analysts to extend their analysis beyond typical security data and answer questions they could never ask before, the company said.
“The solution combines real-time correlation for continuous insight, custom analytics across massive structured data (such as security device alerts, operating system logs, DNS transactions and network flows) and unstructured data (such as emails, social media content, full packet information and business transactions), and forensic capabilities for evidence gathering,” IBM explained in a statement.
By analyzing structured, enriched security data alongside unstructured enterprise data, the IBM solution helps find malicious activity hidden deep in the masses of an organization’s data.
The offering fuses the real-time security correlation and anomaly detection capabilities from IBM's QRadar Security Intelligence Platform, technology Big Blue gained as a result of the 2011 acquisition of Waltham, Massachusetts-based Q1Labs, with the analysis and exploration of business data provided by IBM InfoSphere BigInsights.
Key capabilities in the IBM Security Intelligence with Big Data solution include:
• Real-time correlation and anomaly detection of diverse security and network data
• High-speed querying of security intelligence data
• Flexible big data analytics across structured and unstructured data – including security, email, social media, business process, transactional, device, and other data
• Graphical front-end tool for visualizing and exploring big data
• Forensics for deep visibility into network activity
The integrated offering includes a set of pre-packaged security intelligence content, ranging from a security data taxonomy and automated data normalization, to pre-defined rules and dashboards that codify industry best practices and accelerate time to value, the company said.
“As the sophistication and technological means of cyber-criminals increase, the financial industry and government need to move to a risk-based framework that incorporates the dynamic nature of the threat landscape,” said Mark Clancy, CISO, Managing Director, Technology Risk Management at The Depository Trust & Clearing Corporation (DTCC), a financial services transaction clearing house.
“We need to move from a world where we ‘farm’ security data and alerts with various prevention and detection tools to a situation where we actively ‘hunt’ for cyber-attackers in our networks,” Clancy said. “IBM’s Security Intelligence with Big Data solution gives us a practical way to gain visibility across our environment. We’re gaining real-time security awareness and meaningful insight into historical activity across years of diverse data.”
“Success today is too often defined as the absence of failure by the information security industry, instead of the demonstration of effectiveness. We do a lot of things in our profession that are hard to observe and hard to quantify. But any time you can measure the success or failure in a provable way, you can produce a much better outcome,” Clancy said.
The solution is also supported by new Security Intelligence for Big Data Professional Services from IBM, helping customers launch big data security initiatives through design best practices and implementation expertise. The consultancy services are also available to business and solution partners for delivery to end clients, IBM said.