Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Network Security

IBM Enhances Security Intelligence Offerings, Launches New Managed SIEM Service

IBM has announced enhancements to its security services portfolio, including improved analytics and new services to provide deeper, real-time analysis of security threats.

IBM has announced enhancements to its security services portfolio, including improved analytics and new services to provide deeper, real-time analysis of security threats.

IBM Security Intelligence SolutionsWith the new intelligence tools and services, customers can analyze data from multiple sources to determine how to adjust or change their security strategies on the fly and more effectively map their security, risk and compliance requirements to business needs.

By detecting outlying behavior and threading together diverse contextual data, the services are designed to help organizations make rapid decisions and prevent security breaches from impacting business.

Big Blue’s new analytics tools and services include:

New Suspicious Host Dashboard provides real-time identification of advanced threats, such as botnets. By using in-and-outbound firewall logs, threat intelligence feeds, intrusion detection and prevention events and geographic Internet Protocol (IP) location data, IBM identifies and prioritizes the most severe threats.

New IP Intelligence Report provides on-demand analysis of individual IP addresses in the form of a consolidated, one-page report that contains a deep dive analysis on the threats posed, vulnerabilities that exist and remediation activities under way. The consolidated report gives clients and IBM Threat Analysts increased visibility while reducing the time and complexity of analyzing multiple data sets.

Enhanced Automated Intelligence (AI) correlation engine enables IBM to chain together alerts from multiple service offerings to identify sequences of activity that equate to higher severity security incidents. These correlated alerts validate the severity of threats by lowering the rate of false positives and streamlining the identification of advanced threats that target individual customers or attack activities across the entire managed security services (MSS) customer data set.

New IP Center Dashboard provides IBM threat analysts enhanced query capabilities across the MSS customer data set, enabling faster profiling of suspected attackers, returning a breakdown of the customers and industries affected, the attacks delivered as well as a threat score. Just as the police can check a driver’s license number for information including prior arrests and felony convictions, IBM threat analysts can perform checks to validate the severity of circumstances, streamlining the prioritization of remediation activities.

Advertisement. Scroll to continue reading.

IBM also announced a new managed SIEM (Security Information and Event Management) to provide a around-the-clock security monitoring and reporting to more effectively identify and respond to threats. The on premise equipment-based solution, utilizes IBM Tivoli, Q1 Labs or other SIEM systems, can improve system uptime and performance and add value to existing SIEM deployments.

Today’s announcement adds to IBM’s existing offerings around security analytics following the company’s recent acquisition of security intelligence and SIEM solution firm Q1 Labs, and the creation of its new Security Systems Division in October.

These new solutions are offered as part of six subscription services that feed results from firewall logs, intrusion detection and prevention events and vulnerability scans into IBM’s X-Force Protection System and its cloud-based analytic engine.

Big Blue operates nine security operations centers, nine IBM Research centers, 11 software security development labs and three Institutes for Advanced Security. In September it launched the Institute for Advanced Security in Asia Pacific, in order to combat growing security threats in the region. The company employs thousands of security experts globally and monitors 12 billion security events per day in more than 130 countries. IBM has been in the security business for nearly 50 years and holds 3,000 security patents.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...