IBM Announces Breakthrough with Combination of Security Intelligence and Big
Data analytics helps organizations hunt for cyber attacks
ARMONK, N.Y., Jan. 31, 2013
ARMONK, N.Y., Jan. 31,2013 /PRNewswire/ -- Advanced attacks, widespread fraud
and the pervasive use of social media, mobile and cloud computing are
drastically altering the security landscape. As organizations increasingly
need to manage Big Data, the way that corporate data needs to be protected is
(Logo: http://photos.prnewswire.com/prnh/20090416/IBMLOGO )
To aid in the detection of stealthy threats that can hide in the increasing
mounds of data, IBM (NYSE: IBM) today announced IBM Security Intelligence with
Big Data, combining leading security intelligence with big data analytics
capabilities for both external cyber security threats and internal risk
detection and prevention. IBM Security Intelligence with Big Data provides a
comprehensive approach that allows security analysts to extend their analysis
well beyond typical security data and to hunt for malicious cyber activity.
This new solution combines real-time correlation for continuous insight,
custom analytics across massive structured data (such as security device
alerts, operating system logs, DNS transactions and network flows) and
unstructured data (such as emails, social media content, full packet
information and business transactions), and forensic capabilities for evidence
gathering. The combination helps organizations address the most vexing
security challenges, including advanced persistent threats, fraud and insider
The Depository Trust & Clearing Corporation (DTCC) is a leading financial
services transaction clearing and settlement provider linking funds and
carriers with their distribution networks and handling more than 3.6 million
securities from 122 countries and territories valued at US$39.5 trillion. DTCC
protects the financial markets and systems as a whole, using scale and
expertise with advanced data analytics to perfect a more robust, unified
infrastructure and promote solutions that systematically reduce risks, amplify
operating efficiency and minimize cost for the member firms.
"As the sophistication and technological means of cyber-criminals increase,
the financial industry and government need to move to a risk-based framework
that incorporates the dynamic nature of the threat landscape," said Mark
Clancy, CISO, Managing Director, Technology Risk Management, DTCC. "We need to
move from a world where we 'farm' security data and alerts with various
prevention and detection tools to a situation where we actively 'hunt' for
cyber-attackers in our networks. IBM's Security Intelligence with Big Data
solution gives us a practical way to gain visibility across our environment.
We're gaining real-time security awareness and meaningful insight into
historical activity across years of diverse data."
"Leveraging assets from across IBM, we are on a relentless push to expand the
scope of our security intelligence capabilities for clients," said Brendan
Hannigan, General Manager of IBM's Security Systems Division. "Our goal is to
provide actionable insight into every bit of data, no matter where it resides
across the network, and help clients learn from past activity to better secure
For forward-leaning organizations seeking advanced insight into security
risks, IBM Security Intelligence with Big Data helps provide unprecedented
powers of detection by combining deep security expertise with analytical
insights on a massive scale. The solution helps organizations answer questions
they could never ask before, by widening the scope of investigation to new
data types. By analyzing structured, enriched security data alongside
unstructured enterprise data, the IBM solution helps find malicious activity
hidden deep in the masses of an organization's data.
"Success today is too often defined as the absence of failure by the
information security industry, instead of the demonstration of effectiveness.
We do a lot of things in our profession that are hard to observe and hard to
quantify. But any time you can measure the success or failure in a provable
way, you can produce a much better outcome," Mark Clancy, CISO, Managing
Director, Technology Risk Management, DTCC said.
Integrated Security Intelligence and Big Data Analytics for Advanced Use Cases
Security use cases such as advanced persistent threat detection, fraud
detection and insider threat analysis require a new class of solutions that
can analyze more data, with more flexibility, and deliver more accurate
Made in IBM Labs, IBM Security Intelligence with Big Data unites the real-time
security correlation and anomaly detection capabilities of the IBM QRadar
Security Intelligence Platform with the custom analysis and exploration of
vast business data provided by IBM InfoSphere BigInsights. The result is an
integrated solution that combines intelligent monitoring and alerting with a
workbench for threat and risk analysts to analyze and explore security and
enterprise data in ways previously not possible.
Key capabilities include:
oReal-time correlation and anomaly detection of diverse security and
oHigh-speed querying of security intelligence data
oFlexible big data analytics across structured and unstructured data –
including security, email, social media, business process, transactional,
device, and other data
oGraphical front-end tool for visualizing and exploring big data
oForensics for deep visibility into network activity
Rich Solutions with a Robust Roadmap
Included in IBM Security Intelligence with Big Data is an extensive set of
pre-packaged security intelligence content, ranging from a comprehensive
security data taxonomy and automated data normalization, to pre-defined rules
and dashboards that codify industry best practices and accelerate time to
value. IBM plans to deliver InfoSphere BigInsights Application Accelerators
for specific use cases, to further accelerate deployment and enhance benefits.
The solution is additionally backed by expert professional services from IBM.
These capabilities help clients kickstart their big data security initiatives
through design best practices and proven implementation expertise. The
solution is also supported by IBM Security Services, which helps clients
manage day-to-day security operations by providing real-time management and
monitoring of diverse technologies, such as SIEM, and complimentary services
such as security assessments, and incident response and preparedness.
IBM QRadar Security Intelligence Platform products and IBM Big Data Platform
products, including IBM InfoSphere BigInsights, are available immediately.
Picture Story: A Big Data Approach to Security Intelligence
YouTube video: The role big data plays in solving complex security challenges
Solutions: IBM Security Intelligence with Big Data
About IBM Security
IBM's security portfolio provides the security intelligence to help
organizations holistically protect their people, data, applications and
infrastructure. IBM offers solutions for identity and access management,
security information and event management, database security, application
development, risk management, endpoint management, next-generation intrusion
protection and more. IBM operates one of the world's broadest security
research and development, and delivery organizations. This comprises 10
security operations centers, nine IBM Research centers, 11 software security
development labs and an Institute for Advanced Security with chapters in the
United States, Europe and Asia Pacific. IBM monitors 15 billion security
events per day in more than 130 countries and holds more than 3,000 security
For more information on IBM security, please visit: www.ibm.com/security.
All client examples cited or described are presented as illustrations of the
manner in which some clients have used IBM products and the results they may
have achieved. Actual environmental costs and performance characteristics will
vary depending on individual client configurations and conditions.
IT system security involves protecting systems and information through
prevention, detection and response to improper access from within and outside
your enterprise. Improper access can result in information being altered,
destroyed, misappropriated or misused or can result in damage to or misuse of
your systems, including for use in attacks on others. No IT system or product
should be considered completely secure and no single product, service or
security measure can be completely effective in preventing improper use or
access. IBM systems, products and services are designed to be part of a
comprehensive security approach, which will necessarily involve additional
operational procedures, and may require other systems, products or services to
be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES
ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR
ILLEGAL CONDUCT OF ANY PARTY.
Press spacebar to pause and continue. Press esc to stop.