IBM has unveiled new capabilities to its QRadar Security Intelligence Platform, adding the ability to integrate threat intelligence feeds for deeper analysis and alerting capabilities.
The updated security information and event management (SIEM) platform, which it plans to roll out in phases this year, offers real-time threat intelligence feeds from greater than 400 different sources, including its X-Force security threat analysis service. Â The QRadar platform enables IT security teams to use rules that may trigger alerts in accordance with the info from the threat feeds. IBM attained QRadar as a part of its acquisition of Q1 Labs last fall.
IBM said the threat data enables the system's analytics engine to flag behavior which might be related to targeted attacks or sophisticated malware and hacking techniques. Like other SIEM systems, QRadar collects log data from various IBM and non-IBM systems. The corporate plans to feature support modules for Symantec DLP, Websense Triton, Stonesoft Stonegate and other third-party products, A dashboard will display the info at the side of a threat feeds dashboard view of the X-Force threat feed.
"By applying analytics and information of the most recent threats and helping integrate key security elements, IBM plans to deliver predictive insight and broader protection," Brendan Hannigan, general manager, IBM Security Systems said in a press release.
IBM's move is a part of a growing trend of security vendors rolling out more powerful SIEM platforms. Hannigan, who served as CEO of Q1 Labs in advance of the purchase, told SearchSecurity.com in November that he was leading a newly formed IBM division  that brings together all of IBM's security offerings. With Q1's SIEM platform because the foundation, Hannigan said IBM plans to tie together its database security, endpoint management, network security and alertness security offerings and bolster them with analytical capabilities to get more actionable data out of these systems.
In Big Blue's announcement today, the corporate said it could roll out integration for its Security Identity Manager and IBM Security Access Manager. The corporate can be building in tighter integration with its Guardium appliances which monitor and manage connections to and from a large form of enterprise database products. It is also providing a connection to its Security AppScan platform to alert on Web applications that need patching. IBM said the mixing may be rolled out within the second 1/2 this year,
IBM acquired Q1 Labs in October, at in regards to the same time NitroSecurity was acquired by McAfee. Analysts say both Q1 and Nitro had strong technologies and solid customer bases, making them key acquisition targets.  Up formerly, in step with research firm Gartner Inc., most deployments of SIEM systems has been to satisfy compliance mandates -- mainly PCI DSS -- with enterprises deploying SIEM to milk reporting capabilities.
Nessun commento:
Posta un commento
Comments links could be nofollow free