View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

IBM unveils network anomaly detection tool

Big Blue builds on Q1 Labs acquisition with platform that can detect suspicious inbound and outbound traffic

By Steve Evans

IBM has built on its Q1 Labs acquisition with the announcement of the QRadar Network Anomaly Detection platform, which enables companies to pick up on an activity that falls outside normal behaviour patterns.

The new platform will be part of IBM’s ever-expanding Security Systems division, which was set up in October 2011 and which the January 2012 acquisition of Q1 Labs built on. In total 12 acquisitions have contributed to the creation of the division.

Speaking to CBR at Info Security 2012, Martin Borrett, director at the IBM Institute for Advanced Security Europe, said the Security Systems division is aiming to tackle what it considers to be the four security megatrends: cloud, mobile, advanced persistent threats (APT) and security intelligence, which covers areas such as compliance.

The QRadar Network Anomaly Detection platform fits into the third of the megatrends. It monitors both inbound and outbound network traffic in real-time and analyses that flow to detect anything that is outside what Borrett describes as normal baseline behaviour.

It uses Q1 Labs’ QRadar technology and also integrates with IP reputation capability from X-Force. Marc van Zadelhoff, VP of strategy and IBM Security Systems said that the sort of anomalies the system will look for could include communication with a server or host where the company does not normally do business.

The alert will be flagged to users of the platform and they can then allow the traffic to flow if they wish.

"We can assume that if someone really wants to break in they will do it and once it’s on your system you may not know it’s there. But almost all the methods for getting the information back into the hands of the hacker goes through the network. The point of this is to detect those flows," van Zadelhoff said.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Borrett added: "In many ways takes our IPS capabilities up to another level in its ability to detect the more sophisticated attacks that we’ve been seeing over the last year. It looks at much more subtle activity going on in the environment, both at network levels and higher up the stack as well."

Analytics has been a big part of IBM’s strategy over the last few years with the company spending billions of dollars developing and acquiring analytics software that all fit within its Smarter Planet initiative. Applying analytics to the security space will help businesses better protect themselves from the changing threat landscape, Marc van Zadelhoff said.

"IBM’s whole approach to solving the issues we see in the Smarter Planet is around applying analytics and this is another example where we can apply the intelligence we have in a different way than other security vendors have done."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU