As a father, it’s impossible to miss the latest children’s movie hitting theaters. One of my recent encounters was with “Angry Birds.”
Sipping on my drink and munching on popcorn, I realized the movie was not making any sense. In a happy town with happy birds — except our protagonist, Red — a group of pigs arrive and make a lot of noise to distract the birds before eventually stealing their eggs. After the birds lose their precious crown jewels (or eggs), they become very angry and attack the pigs to get them back.
I was struck by the similarity between the movie and the IT security threats in the real world. Why the birds could not make any sense of the racket created by the pigs to distract them is beyond me, though my kids weren’t as puzzled. Similar to a security threat, the pigs were strangers, acting suspiciously and demonstrating abnormal behaviors. Hence, they should have been identified as a threat to the birds. It would have been brilliant if the birds had a mechanism that could prioritize the suspicious activities to make sense of a threat and then act to conquer the unknown.
Learning From ‘Angry Birds’
Security teams today face similar issues — how can they make sense of the noise or data being collected in their environment? Security operations center (SOC) analysts live in a world of constant surprises. Just as the pigs were a surprise for the birds, cybercriminals can stealthily breach the organization’s environment and hunt for vulnerable data while covering their tracks.
It becomes vital to detect abnormal risky behaviors across users, entities, applications and data. To the birds, the threat of the pigs was more or less obvious. In a real-world scenario, security threats stay hidden by lying low and are otherwise undetected across the environment.
In “Angry Birds,” when the pigs first turned up on the island, Leonard the piggy king declared they were the only two pigs on the ship. It is later discovered they were actually there in hoards that then went on to distract the birds while carrying on with their original plan (stealing the eggs) in the background. Similarly, cybercriminals use decoys by planting various other incidents on the network to keep the security team busy while the real threat is being set up to steal the crown jewels.
Security teams need a prioritized list of events to counter an actual attack. SOCs need an automated engine that can deploy rapidly across an entire network and detect subtle anomalies in an environment, such as lurking intruders or rogue insiders. The system should use advanced analytics to discover attacks without depending upon a few highly trained specialists by collecting, normalizing and correlating billions of events, prioritized to a handful of issues.
Security Intelligence Makes Sense of the Chaos
IBM QRadar is the only security intelligence offering powered by the advanced, integrated Sense Analytics engine to detect abnormal risky behaviors and discover threats in real time, bringing hidden indicators of attacks and risks to the surface. It helps find and prioritize weaknesses in your system before they’re exploited.
Having an advantage of a single platform with unified visibility, QRadar easily deploys to help users consolidate insights while achieving deep and automated integration with many third-party sources. It can collect billions of events on-premises or in the cloud per day and provide unified threat monitoring, vulnerability and risk management, forensics and incident response. Using the power of threat intelligence and collaboration, QRadar enables security experts across organizations to take action against threats.
If the birds had figured out the pigs’ antics, they might not have become so angry. They could have saved themselves a lot of time and energy by not trusting the pigs and not putting their eggs in danger in the first place. With the help of IBM QRadar, powered by Sense Analytics, security teams can examine the data being collected and prioritize the most threatening elements while prioritizing the threats to act upon. I am sure this will make the security teams in any organization happy.
Register for the on-demand webinar, “How to Sense and Act On Cyberthreats With the Most Advanced Security Analytics Platform,” to learn more. In this session IBM Security experts explain the increasing role of analytics in breach detection activities and how the advanced analytics platform can help you transform cryptic, raw security data into evidence of adversary actions throughout the attack chain.
You can also download this white paper or watch this video to learn more about the IBM Sense Analytics Engine.