IBM reveals new security analytics
Software is designed to flag up suspicious inbound and outbound activity
IBM has unveiled new analytics software, which uses advanced security intelligence to flag suspicious behaviour in network activities and is designed to help better defend against hidden threats facing organisations.
The QRadar Network Anomaly Detection appliance is designed to analyse complex network activity in real-time, to detect and report activity that falls outside normal baseline behaviour. The analytics looks at inbound attacks and can detect outbound network abnormalities where malware may have already infected a "zombie" system to send data outside the organisation.
"Advanced attackers are both patient and clever, leaving just a whisper of their presence, and evading many network protection and detection approaches," said Marc van Zadelhoff, vice president of Strategy and Product Management, IBM Security Systems. "Most organisations don't even know they have been infected by malware. An advantage of IBM analytics is that it can detect the harbingers of new attacks from the outside or reveal covert malicious activity from the inside."
Using advanced behavioural algorithms, the QRadar Network Anomaly Detection appliance is designed to analyse disparate data that can collectively indicate an attack - network and traffic flows, intrusion prevention system (IPS) alerts, system and application vulnerabilities, and user activity. It quantifies several risk factors to help evaluate the significance and credibility of a reported threat, such as the business value and vulnerabilities of targeted resources.
By applying behavioural analytics and anomaly detection, the application can flag abnormal events such as: Outbound network traffic detected to countries where the company does not have business affairs; FTP traffic observed in a department that doesn't regularly use FTP services; and A known application running on a non-standard port or in areas where it is not allowed (e.g. unencrypted traffic running in secure areas of the network).
The new QRadar Network Anomaly Detection appliance utilises the QRadar Security Intelligence Platform and is designed to complement IBM SiteProtector and IBM Network Security IPS deployments.
The new appliance also receives a threat intelligence feed from IBM X-Force research, providing insight into suspect entities on the internet based upon knowledge of more than 15 billion Web pages and images. The X-Force IP Reputation Feed is designed to provide QRadar Network Anomaly Detection with a real-time list of potentially malicious IP addresses - including malware hosts, spam sources and other threats. If the product sees any traffic to or from these sites, it can immediately alert the organisation and provide rich contextual information about the activity.
IBM has also announced the newest version of its Network IPS and its suite of network security offerings called Advanced Threat Protection Platform, which comprises IBM Security Network IPS and IBM SiteProtector, and the new QRadar Network Anomaly Detection with the new X-Force IP Reputation Feed.