IBM has announced enhancements to its security services portfolio, including improved analytics and new services to provide deeper, real-time analysis of security threats.
By detecting outlying behavior and threading together diverse contextual data, the services are designed to help organizations make rapid decisions and prevent security breaches from impacting business.
Big Blue’s new analytics tools and services include:
• New Suspicious Host Dashboard provides real-time identification of advanced threats, such as botnets. By using in-and-outbound firewall logs, threat intelligence feeds, intrusion detection and prevention events and geographic Internet Protocol (IP) location data, IBM identifies and prioritizes the most severe threats.
• New IP Intelligence Report provides on-demand analysis of individual IP addresses in the form of a consolidated, one-page report that contains a deep dive analysis on the threats posed, vulnerabilities that exist and remediation activities under way. The consolidated report gives clients and IBM Threat Analysts increased visibility while reducing the time and complexity of analyzing multiple data sets.
• Enhanced Automated Intelligence (AI) correlation engine enables IBM to chain together alerts from multiple service offerings to identify sequences of activity that equate to higher severity security incidents. These correlated alerts validate the severity of threats by lowering the rate of false positives and streamlining the identification of advanced threats that target individual customers or attack activities across the entire managed security services (MSS) customer data set.
• New IP Center Dashboard provides IBM threat analysts enhanced query capabilities across the MSS customer data set, enabling faster profiling of suspected attackers, returning a breakdown of the customers and industries affected, the attacks delivered as well as a threat score. Just as the police can check a driver’s license number for information including prior arrests and felony convictions, IBM threat analysts can perform checks to validate the severity of circumstances, streamlining the prioritization of remediation activities.
IBM also announced a new managed SIEM (Security Information and Event Management) to provide a around-the-clock security monitoring and reporting to more effectively identify and respond to threats. The on premise equipment-based solution, utilizes IBM Tivoli, Q1 Labs or other SIEM systems, can improve system uptime and performance and add value to existing SIEM deployments.
Today’s announcement adds to IBM’s existing offerings around security analytics following the company’s recent acquisition of security intelligence and SIEM solution firm Q1 Labs, and the creation of its new Security Systems Division in October.
These new solutions are offered as part of six subscription services that feed results from firewall logs, intrusion detection and prevention events and vulnerability scans into IBM’s X-Force Protection System and its cloud-based analytic engine.
Big Blue operates nine security operations centers, nine IBM Research centers, 11 software security development labs and three Institutes for Advanced Security. In September it launched the Institute for Advanced Security in Asia Pacific, in order to combat growing security threats in the region. The company employs thousands of security experts globally and monitors 12 billion security events per day in more than 130 countries. IBM has been in the security business for nearly 50 years and holds 3,000 security patents.