Organizations require an intelligent approach to protecting their critical data against advanced threats, zero-day attacks and breaches.

An Intelligent Approach to Stopping Advanced Threats


Advanced Threat Protection: End-to-End, Coordinated Defenses Against Advanced Threats

As you’re reading this article and touching your mouse or mobile phone, a complex network of specialized cells inside your body is hard at work protecting you from infection-causing organisms such as bacteria and viruses. In simple terms, I’m describing your immune system, a remarkable collection of layered defenses. Skin provides a physical barrier to block and expel foreign organisms; a second line of protection detects and eliminates invaders with a cellular counterattack; and if unsuccessful, a third layer of tailored responses or antibodies quickly eliminate the threat based on intelligence from earlier infections. In order for this system to work successfully — protecting you from sickness or disease — immune cells must not only communicate, but also cooperate effectively. Individual defenses are no match for advanced diseases, but taken as a whole, you have an amazing protection system enabling your body to operate as intended.

Why the lesson in biology? With the introduction of the IBM Threat Protection System, we are going after the same level of end-to-end, coordinated defenses — in this case, with technology to limit the success of cyber attacks. The IBM Threat Protection System is the result of a laser-focused effort two years in the making, bringing together innovative security capabilities to prevent, detect and respond to advanced threats in a continuous and coordinated fashion. It’s designed to help disrupt the entire life cycle of an attack — from the initial break-in to the final exfiltration of sensitive data — with preemptive defenses, powerful analytics and open integrations. This is the level of protection required to stop today’s extremely motivated and well-trained attackers.

On-Demand Webinar: 4 Undeniable Truths About Threat Protection

Up to now, many organizations have responded to security concerns by deploying separate new tools to address each new risk, and the heightened awareness caused by high-profile security breaches has only intensified this trend. I spoke to a government client recently that has 85 different security products across their environment. That alone is a security problem, not to mention the level of complexity as they try to make sense of dozens of disconnected solutions with limited views of the threat landscape. Adding more and more point solutions is unsustainable and, in many cases, has the opposite effect of what was intended. We call this “security sprawl,” and the IBM approach is designed to help drive this complexity down over time.

At the same time, organizations must also evolve their defenses to deal with new breeds of attack. To help our customers build an effective advanced threat protection strategy, the IBM Threat Protection System delivers unique capabilities in three integrated layers of defense:

  • Prevent even the most sophisticated attacks. Real-time prevention is essential to stop advanced attacks from penetrating the organization. This is no easy task, but with behavioral-based defenses working together, the IBM system can block the initial phases of an attack at the endpoint and network. An innovative new product called Trusteer Apex disrupts exploits leading to advanced malware on users’ computers, while IBM Security Network Protection (XGS) prevents attacks from reaching vulnerable hosts; they also work in tandem to block attackers from establishing external control channels. With new integrations linking these components to other IBM and third-party security technologies, we’re helping customers achieve coordinated defense today.
  • Detect advanced threats across the entire infrastructure. Even the strongest immune system cannot prevent 100 percent of invaders from getting inside, making it essential to quickly detect active threats before they cause damage. We solve this problem with data. Working as the central nervous system of our approach, the IBM QRadar Security Intelligence Platform includes new processing horsepower to combine massive amounts of data from network traffic, user behavior, security events and numerous other sources to automatically identify unknown or previously undetected threats. Real-time analytics find stealthy attackers lurking within the enterprise, while pre-attack analytics predict and prioritize security weaknesses before someone else does. This is the meaning of Security Intelligence.
  • Respond continuously to security incidents. Finally, in the event of a successful security breach, it’s important to quickly minimize its impact, understand exactly how the intrusion occurred and learn from findings to prevent another incident. This is exactly why we recently announced IBM Security QRadar Incident Forensics, a brand new offering enabling security teams to quickly retrace breaches step-by-step, often in hours instead of days. This new solution, coupled with the expertise of our IBM Emergency Response Services, helps organizations mount a strong and adaptive response to future occurrences of attack.

Open Integration Is Key: Real-Time Threat Intelligence Sharing to Block Advanced Attacks

To help our customers combine the power of numerous new and existing security investments, we have also expanded our highly successful “Ready for IBM Security Intelligence Partner Program” with new open integrations for real-time intelligence sharing with the IBM Security Network Protection (XGS) product. We are initially working with partners including Trend Micro, FireEye, and Damballa to share real-time threat indicators for immediate quarantine and blocking of advanced attacks. This further complements the hundreds of existing integrations we’ve built across the security community — including solutions from the partners mentioned above — with QRadar and other IBM Security products.

Finally, the IBM Threat Protection System is built on an extensive global threat intelligence network driven by our X-Force team and recently enhanced with incredible Trusteer intelligence on advanced malware and cyber crime campaigns. This means QRadar and XGS customers can now take advantage of Trusteer insights on malware, leveraging an installed base of more than 100 million endpoints.

On-Demand Webinar: 4 Undeniable Truths About Threat Protection

Like any evolving system, the IBM Threat Protection System is comprised of new and existing capabilities; in fact, customers are taking advantage of its components today. With this announcement, we are introducing a new, coordinated approach optimized specifically to address advanced threats. Furthermore, this launch represents a rigorous series of efforts within IBM to deliver the innovative defenses, analytics and integrations making it all possible. We are committed to continue this journey along with our customers and partners. The introduction of the IBM Threat Protection System is a decisive step along that path.

Topics: , , , , , , , , , , , , , , ,

Related Content

2 comments
Nuritje
Nuritje

Hello

I like the analogy with the immune system  ( I am a biologist and fascinated with this kind of subjects)  As the immune system has memory , I think the last category of data protection would be related to it? " a strong and adaptive response to future occurrences of attack"

Francesco Trama
Francesco Trama

This sounds like a another great tool in the defense, prevention, and elimination of #CyberThreats  IBM has always poured its heart into its technologies, so I'm sure its well made without actually using this personally. One big problem right now we are in information overload for those who have security teams, or some type of SIEM, and UTM. What about the small/medium business? Not knowing the pricing of this, it seems this is priced out of range. I've always said the Achilles heel of network security is small/medium business. These small/medium businesses are overexposed, less managed and protected, and "this" is what's fueling the cyber wild fire: And NO. Providing a subset, limited, base protection, or economical version of firewall products is not the answer to their problem.  We have to reduce the amount of traffic the security systems are evaluating, without disrupting the customers ability to do business globally. Identification / Detection / Prevention is important but we MUST reduce the inspection chaos through security environments.  There is so much traffic waste hitting every publicly exposed network port/gateway it requires products such as this to try and make sense of it.  Because we feel we have to accept everything; causes the information overload, wastes much of the security teams time, which ultimately makes them us overlook things. Bring the security data together and collaborate attack data, great!, But we have to stop wasting our time on traffic, which never should have never been there in the first place.  Then fix the bigger security problem, which is protecting the heart that drives the economic engine, small-medium businesses. Again looks like another cool product, but what good is it to the flower shop down the corner, which is being used as jump off points to enterprise network across the street.  - Francesco Trama, CEO, PacketViper, LLC.