IBM has unveiled new capabilities to its QRadar Security Intelligence Platform, adding the ability to integrate...
threat intelligence feeds for deeper analysis and alerting capabilities.
The updated security information and event management (SIEM) platform, which it plans to roll out in phases this year, offers real-time threat intelligence feeds from more than 400 different sources, including its X-Force security threat analysis service. The QRadar platform enables IT security teams to apply rules that can trigger alerts based on the data from the threat feeds. IBM attained QRadar as part of its acquisition of Q1 Labs last fall.
IBM said the threat data enables the system’s analytics engine to flag behavior that may be associated with targeted attacks or sophisticated malware and hacking techniques. Like other SIEM systems, QRadar collects log data from various IBM and non-IBM systems. The company plans to add support modules for Symantec DLP, Websense Triton, Stonesoft Stonegate and other third-party products, A dashboard will display the data along with a threat feeds dashboard view of the X-Force threat feed.
"By applying analytics and knowledge of the latest threats and helping integrate key security elements, IBM plans to deliver predictive insight and broader protection," Brendan Hannigan, general manager, IBM Security Systems said in a statement.
IBM's move is part of a growing trend of security vendors rolling out more powerful SIEM platforms. Hannigan, who served as CEO of Q1 Labs prior to the acquisition, told SearchSecurity.com in November that he was leading a newly formed IBM division that brings together all of IBM’s security offerings. With Q1’s SIEM platform as the foundation, Hannigan said IBM plans to tie together its database security, endpoint management, network security and application security offerings and bolster them with analytical capabilities to get more actionable data out of those systems.
In Big Blue's announcement today, the company said it will roll out integration for its Security Identity Manager and IBM Security Access Manager. The company is also building in tighter integration with its Guardium appliances which monitor and manage connections to and from a wide variety of enterprise database products. It's also providing a connection to its Security AppScan platform to alert on Web applications that need patching. IBM said the integration will be rolled out in the second half of this year,
IBM acquired Q1 Labs in October, at about the same time NitroSecurity was acquired by McAfee. Analysts say both Q1 and Nitro had strong technologies and solid customer bases, making them key acquisition targets. Up until now, according to research firm Gartner Inc., most deployments of SIEM systems have been to meet compliance mandates -- mainly PCI DSS -- with enterprises deploying SIEM to take advantage of reporting capabilities.