Imagine if the U.S. Census were conducted not by the federal government but by each individual state. States would be responsible for determining what data to collect and how to gather it, what formats to use and who could access it. They would also decide individually who could know about the available data. You can imagine how little census data would be used in such a scenario, but the way many organizations manage data today isn’t all that different.

Streamline Data Collection to Boost Security

Security operation centers (SOCs) are collecting more log data than ever — terabytes or even petabytes per week — but they do it for specific purposes, such as detecting intrusions. That data is often squirreled away within the four walls of the SOC, never to be seen by others.

As a result, a lot of wheels get reinvented. The average enterprise uses products from more than 50 vendors. In many cases, each of those companies has to go through its own data collection process to populate its security database, which is a wasteful duplication of effort.

It’s also a security risk. A recent study found that two-thirds of IT decision-makers weren’t completely sure how many vendors had access to their systems, CSO Online reported. Of those who said they were sure, an average of 89 distinct outside parties logged in every week.

Linking Logs

Log data has all sorts of uses, particularly when data from multiple sources is combined. Database, system administration and authentication server logs can be combined with network logs, for example, to uncover patterns that wouldn’t be apparent in isolation. In addition to intrusion detection, logs can yield insight on shadow IT use, insider threats, data leakage and performance anomalies. But because each department collects data for its own use, those logs often exist on islands.

The security industry is a hotbed of innovation right now, with more than 1,200 startups competing to solve problems as quickly as possible. What they often lack is good data. That’s why IBM devised an approach to streamline data collection and increase the value of real-time and archival information by opening its trove to third parties.

A Growing Library of Security Apps

Borrowing a page from the smartphone industry, we came up with the IBM Security App Exchange, powered by QRadar SIEM. QRadar collects log data from across the enterprise, including from network devices, operating systems, applications and user activity logs. Our customers can then analyze this information in QRadar or tap into a growing library of third-party applications.

The E8 Security App for QRadar, for example, applies behavior intelligence to QRadar data, enabling administrators to look for anomalies by comparing normal behavior patterns compiled over time with abnormal events. Similarly, the Sqrrl for QRadar uses kill chain analytics to identify malicious tactics, techniques and procedures. This threat hunting platform can help security teams cut down on the time these threats can lurk inside a network.

There are nearly 70 apps in the Exchange right now, and more are on the way. Most are available on a try-before-you-buy basis, so there’s no risk to customers.

Sharing Data for the Greater Good

The App Exchange takes advantage of QRadar’s powerful features for ingesting and normalizing data from nearly any kind of log. We make this resource available to all QRadar customers to incorporate into their own analytics. When it comes to security, more data is always better than less.

IBM is fortunate to have access to logs from hundreds of sources, allowing it to streamline data collection and distribute information efficiently. Why keep it locked up when others can put it to good use? Like the U.S. Census Bureau, our goal is to share data, not keep it hidden.

More from Intelligence & Analytics

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today