I’ve worked in security for more than 15 years, and in that time I’ve worked with hundreds of customers and practitioners, helping them solve tricky security problems so they can prevent, detect and respond to threats with high levels of efficiency. One of the reasons that I love (and sometimes despise) working in cybersecurity is that it changes literally every day — sometimes every hour!

I vividly remember one incident that occurred a few years ago during a visit to the security operations center (SOC) of a large bank that had deployed IBM’s QRadar. While I was there, a distributed denial-of-service (DDoS) attack began, which had the entire security team scrambling to counter it before it affected critical bank websites. The team did track down the source of the attack and block the IPs within a couple of hours, but a lack of efficiency and automation resulted in a delayed response.

The days of manual root cause analysis and blocking, which can take hours of time and extensive manual labor, are over. That is exactly the reason IBM has added even more efficiency, automation, out-of-the-box content and collaboration capabilities to the latest release of QRadar, V7.2.6.

A Look at QRadar’s Capabilities

Let’s run through this scenario with QRadar V7.2.6’s new capabilities. QRadar’s rule engine detects attacks in many ways, including correlation of the attacker’s source IPs with blacklisted IPs acquired from an external threat feed or by triggering network behavioral anomaly rules.

The QRadar rule(s) can invoke an automated response such as blocking the attacking IPs on the wire, killing the DDoS attack within minutes. Security analysts, alerted to the offense via the QRadar console, can then collaborate with peers via X-Force Exchange and share data on the attack to help others. We call this collaborative defense.

View the webinar to learn more about new features in IBM Security QRadar

Today, the bad guys are innovating faster than the good, and they aren’t just kids hacking away from a dorm room or their parent’s basement. They are well-funded, highly specialized organizations that run their criminal enterprises like businesses. Many are a product of the Internet generation and are extremely adept at using social tools to collaborate via the Dark Web.

The X-Force team recently delivered an interesting and scary webinar on the evolution of threats. Cybercriminals sell their technology to each other and even offer it as malware-as-a-service or exploit kits, available via subscription to lesser skilled individuals for a few bitcoins. This has created a very low barrier to entry at one end of the spectrum and a set of highly sophisticated malware and advanced persistent threats (APTs) on the top end. The scary part is attackers only need to find one or two holes in our defenses and all those security investments and hard work is for naught.

How QRadar Can Save Time and Boost Efficiency

QRadar V7.2.6 includes significant advances in threat detection and response, improved investigative workflows and even more automation to help our customers prevent, detect and respond to threats by increasing staff efficiency and decreasing response times.

My favorite way to communicate the value of what we’re doing is to tell our story in terms of what real people can do with the technology. Here are five ways QRadar is currently helping organizations remain secure.

  1. It is rapidly and automatically detecting advanced threats like APTs and malware outbreaks using powerful analytics such as behavior-based anomaly detection, leveraging that data to drive automated responses such as blocking IPs, shunning users and blacklisting domains. This automatically fixes security exposures with little or no human intervention required.
  2. QRadar combines forensics data, including full packet capture, with real-time threat detection so that it can be used in the context of ongoing investigations. It helps to track down perpetrators while the crime is being committed rather than days or months after the fact.
  3. The solution leverages collaboration tools to enable customers to work directly with peers in the industry and other security experts. It provides a common platform for knowledge sharing to help detect emerging threats like zero-day attacks and other indicators of compromise (IOCs) as they occur.
  4. QRadar also provides a mechanism with which IBM engineers and business partners can quickly and easily build and deliver new security intelligence capabilities through a curated app market, the IBM Security App Exchange.
  5. Finally, the platform centralizes, normalizes and prioritizes vulnerability data from many sources, correlating it with a rich set of external and internal data including threat feeds, network activity monitoring and detected IOCs. It then uses that data to determine which machines represent the highest risk to the business. By feeding that data directly into the patching process as an actionable set of high-priority patches, security holes are closed within hours or minutes.

We’re all extremely excited about the new security breakthroughs we’ve made in the new QRadar V7.2.6 release.

To Learn More

If you would like to learn more, please watch my webinar, “5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016.” In it, I’ll dive even deeper into this and many more topics.

More from Intelligence & Analytics

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today