IBM has built on its Q1 Labs acquisition with the announcement of the QRadar Network Anomaly Detection platform, which enables companies to pick up on an activity that falls outside normal behaviour patterns.
The new platform will be part of IBM’s ever-expanding Security Systems division, which was set up in October 2011 and which the January 2012 acquisition of Q1 Labs built on. In total 12 acquisitions have contributed to the creation of the division.
Speaking to CBR at Info Security 2012, Martin Borrett, director at the IBM Institute for Advanced Security Europe, said the Security Systems division is aiming to tackle what it considers to be the four security megatrends: cloud, mobile, advanced persistent threats (APT) and security intelligence, which covers areas such as compliance.
The QRadar Network Anomaly Detection platform fits into the third of the megatrends. It monitors both inbound and outbound network traffic in real-time and analyses that flow to detect anything that is outside what Borrett describes as normal baseline behaviour.
It uses Q1 Labs’ QRadar technology and also integrates with IP reputation capability from X-Force. Marc van Zadelhoff, VP of strategy and IBM Security Systems said that the sort of anomalies the system will look for could include communication with a server or host where the company does not normally do business.
The alert will be flagged to users of the platform and they can then allow the traffic to flow if they wish.
"We can assume that if someone really wants to break in they will do it and once it’s on your system you may not know it’s there. But almost all the methods for getting the information back into the hands of the hacker goes through the network. The point of this is to detect those flows," van Zadelhoff said.
Borrett added: "In many ways takes our IPS capabilities up to another level in its ability to detect the more sophisticated attacks that we’ve been seeing over the last year. It looks at much more subtle activity going on in the environment, both at network levels and higher up the stack as well."
Analytics has been a big part of IBM’s strategy over the last few years with the company spending billions of dollars developing and acquiring analytics software that all fit within its Smarter Planet initiative. Applying analytics to the security space will help businesses better protect themselves from the changing threat landscape, Marc van Zadelhoff said.
"IBM’s whole approach to solving the issues we see in the Smarter Planet is around applying analytics and this is another example where we can apply the intelligence we have in a different way than other security vendors have done."
