March 31, 2016 By Sandy Bird 3 min read

The process of developing actionable security intelligence requires gathering multiple insights regarding the identity, methods and motivation of the attacker and the device or technique used to breach an organization’s defenses. Just one data point makes for bad guesses, kind of like the early play in the classic board game Clue.

In the game of Clue, there are six characters, six murder weapons and nine rooms, leaving the players with 324 possibilities of who did what and where it happened. The permutations for security incidents are a bit higher, but then again, nobody used a computer for the board game. Nevertheless, the point is that the more data you collect, the better the odds are that you’ll guess correctly and solve the mystery.

Using Sense Analytics to Solve the Puzzle

IBM Security QRadar powered by the Sense Analytics Engine helps security teams focus their defensive efforts on the most damaging conditions by reducing the number of variables at play.

From the moment it’s installed, QRadar begins building intelligence using mathematical models, observations, network scans and external vulnerability and threat intelligence feeds. It stores this information within itself to help refine the real-time processing of security data. It also eliminates false positives (the guesses) by knowing that it couldn’t have been Miss Scarlet — because she has limited access credentials to critical data and never visits malicious websites. Colonel Mustard, however, clicks on any link that strikes his fancy.

The Benefits of QRadar

The presence of new devices is automatically sensed to create asset and user profiles that highlight the presence of risks, vulnerabilities and linkages to contextual pieces of information. Application traffic is also tracked and the packets deeply inspected.

Sensitive data is monitored and tracked to detect movement outside the norm in volume, time of day or the account accessing it. Issues or exposures associated with any one of these activities may or may not indicate an attack, but the value of QRadar rests in its ability to associate three, four or five related incidents involving the same IP or MAC address, email or chat IDs, etc. to surface a high-probability offense. This is something multiple-point solutions simply can’t do.

Learn More About QRadar Sense Analytics

The real-time analysis and stored intelligence capability of QRadar helps restrict and qualify data so correlation rules are triggered by only a particularly relevant subset of the data, helping speed execution. Security teams can build their own indicators of compromise (IoC) lists or import them from an external service.

It’s similar to what humans do when using sight, sound and smell, combined with instincts and memories, to put a dinner together but avoid buying items from a food recall list. This multivariant processing capability of QRadar is something we refer to as sense analytics, which is the engine driving our security intelligence results.

Integrating Security Solutions

Sense analytics and security intelligence work best if you can cover the complete environment made up of endpoints, network, cloud resources and applications. This eliminates the blind spots — kind of like visiting all the rooms in Clue’s Tudor mansion.

The QRadar platform is available in an easy-to-deploy appliance, managed services or even a SaaS offering, depending on how the customer wants to consume it or if additional skills are needed to help with investigations. Clients realize value within days. Adding more data collection or distributed processing capability is a simple task that’s accomplished, in most cases, without the help of a professional services engagement.

IBM Security QRadar powered by Sense Analytics is the solution you need to solve the mystery. Its ability to collect multiple insights or clues will help your teams focus on the highest probability security scenarios. They can more quickly identify who the attackers were, what technique they used and where the initial breach occurred. If you were playing Clue, it’s like taking the fast lane to open the envelope and confirm that it was Mr. Green in the library with the candlestick.

Learn More About QRadar Sense Analytics

More from Intelligence & Analytics

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today