So as I was watching Bear Grylls last night (from the safety of my favorite armchair) I was struck by how unthinkable it would be to set off on an expedition with a rucksack stuffed full of different individual knives, screwdrivers, scissors, bottle openers etc. The good old Swiss Army Knife has all you ever need to in one compact, seamlessly integrated, and easy-to-use package.

There are good reasons for it, I mean when the pressure is on, it’s pitch black, blowing a gale, and you are starving hungry, you don’t want to be trying to locate and swap between the multiple different utensils that you need for survival. Having all the key tools in one place, and in the right place, makes it incredibly valuable.

The Swiss Army Knife for Security Operations

In today’s world of IT security there are a lot of parallels between undertaking a dangerous or challenging expedition and managing security operations. The pressure of the situation; a requirement for multiple tools, visibility and accurate knowledge about the surroundings; the criticality of quick response. In its simplest form the QRadar product vision has always been to be the Swiss Army Knife for security operations, by providing our customers with a capability that can help them manage their own expedition, the security timeline.

This timeline starts right from what is at the root of most security issues, vulnerabilities. Vulnerabilities are everywhere, 1000’s of them in every organization. At some point in time someone or something will try to exploit these vulnerabilities. To stay ahead and survive in this hostile environment, those exploit attempts must be detected and remediated ASAP and then analyzed to discover their impact. What vulnerability was exploited ? What was stolen ? Who did it ? Where else am I vulnerable?

In IT security the pressure is definitely on. There is an ocean of vulnerabilities to potentially address; millions of logs and network flows to analyse to understand the environment, spot exploits and plan next steps. All with limited time, resource and an abundance of disparate, loosely coupled (at best) security tools to manage those vulnerabilities and identify exploits. What is needed is the Swiss Army knife for security.

Introducing IBM Security QRadar Vulnerability Manager

We have been evolving QRadar toward this vision for over ten years, starting at network behavior anomaly detection, then introducing log management, rolling in SIEM functionality, then complementing this with Risk management to understand network topology, firewalls and IPS rules. Now we are adding a key vital security capability that our customers have all asked for, vulnerability management.



Introducing IBM Security QRadar Vulnerability Manager (QVM), an innovative, truly integrated vulnerability management and security intelligence solution. With QVM QRadar users can now scan their network to locate vulnerabilities all without installing any new software and all through the same consistent single UI that gives them complete visibility into what is going on in their networks right now. Not only that but where disparate vulnerability systems are currently deployed, QVM gives QRadar user that single consolidated view of their vulnerabilities.

Crucially, because we put all of these capabilities together we can now leverage additional contextual data such as network and asset usage, known threat sources, who is talking to who, network topology and security configuration to optimize the vulnerability management process. This helps users focus on the vulnerabilities that are most exploitable at any given time, instead of looking at a sea of red.

In addition to improving the pre-exploit phase, the exploit detection and remediation processes are also optimized due to enriched vulnerability and asset configuration information. All through a single, consistent asset model and user interface.

Just like a Swiss Army knife for the IT security engineer, this new capability enables QRadar users to manage their timeline expedition, in one seamlessly integrated, easy to use package. It is almost unthinkable to address IT security without it.

What are your thoughts about this announcement? Let me know in the comments below.


IBM Unveils New Software To Help Organizations Identify And Predict Security Risk

QRadar Vulnerability Manager helps identify, sort, contextualize, and prioritize network vulnerabilities

IBM QRadar Vulnerability Manager gives security officers a prioritized view across their entire network, helping them to quickly strengthen and fortify their defenses. By aggregating vulnerability information into a single view, security teams can see the results from multiple network, endpoint, database or application scanners where it can be quickly reviewed and managed.

Security Intelligence Services Ramp Up

The security industry is now trying to deliver the intelligence that IT departments need to defend themselves from cyberattacks before they occur.

For that reason the security industry’s focus is moving from not just trying to defend IT organizations from attacks, but delivering the intelligence that IT organizations need to defend themselves from attacks before they hit.

The basic idea is that while there isn’t a way to prevent the attacks from occurring, the meantime to remediation can be much faster. In fact, once an attack is detected, IT organizations could be alerted to not only what vulnerability that attack is trying to exploit, but also just how vulnerable their IT systems are to that specific type of attack.

IBM unveils QRadar Vulnerability Manager security tool

IBM has launched new real-time security management tools, including its QRadar Vulnerability Manager (QVM), which it said combs through potential security flaws and presents them to security officers in a more manageable format.

Brendan Hannigan, general manager at IBM Security Systems said the firm’s new product launch was a timely one. “Traditional vulnerability management solutions are fundamentally broken,” he explained. “Vulnerability scanning today lacks network-wide visibility, contextual awareness and real-time scanning. These gaps mean even well-known and preventable vulnerabilities can be lost in an overload of data, leaving organisations exposed to high risks.”

Murray Benadie, managing director of IBM partner Zenith Systems said he believed the new software was significant. “It can cut a huge list of vulnerabilities in half, if not more,” he said. “Users will quickly see vulnerabilities on their networks, without trying to mash products together – that is how information falls through the cracks.”

IBM unveils vulnerability manager as part of QRadar SIEM

QRadar Vulnerability manager “provides actionable intelligence about vulnerabilities.”

The QRadar Vulnerability Manager, which resides on top of the SIEM, can  scan the corporate network and can also take in data from third-party scanners, including those from Qualys, Rapid7, Nessus, nCircle, McAfee, according to Kevin Skapinetz, program director of product strategy at IBM Security Solutions. “It provides actionable intelligence about vulnerabilities based on the context of assets,” he says.

A SIEM is used to centralize and correlate alerts from security equipment such as firewalls and intrusion-detection systems, as well as corporate computing assets such as servers.


More from Intelligence & Analytics

RansomExx Upgrades to Rust

IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that has been rewritten in the Rust programming language, joining a growing trend of ransomware developers switching to the language. Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language. For example, the sample analyzed in this report was not detected as malicious in the…

Moving at the Speed of Business — Challenging Our Assumptions About Cybersecurity

The traditional narrative for cybersecurity has been about limited visibility and operational constraints — not business opportunities. These conversations are grounded in various assumptions, such as limited budgets, scarce resources, skills being at a premium, the attack surface growing, and increased complexity. For years, conventional thinking has been that cybersecurity costs a lot, takes a long time, and is more of a cost center than an enabler of growth. In our upcoming paper, Prosper in the Cyber Economy, published by…

Overcoming Distrust in Information Sharing: What More is There to Do?

As cyber threats increase in frequency and intensity worldwide, it has never been more crucial for governments and private organizations to work together to identify, analyze and combat attacks. Yet while the federal government has strongly supported this model of private-public information sharing, the reality is less than impressive. Many companies feel that intel sharing is too one-sided, as businesses share as much threat intel as governments want but receive very little in return. The question is, have government entities…

Tackling Today’s Attacks and Preparing for Tomorrow’s Threats: A Leader in 2022 Gartner® Magic Quadrant™ for SIEM

Get the latest on IBM Security QRadar SIEM, recognized as a Leader in the 2022 Gartner Magic Quadrant. As I talk to security leaders across the globe, four main themes teams constantly struggle to keep up with are: The ever-evolving and increasing threat landscape Access to and retaining skilled security analysts Learning and managing increasingly complex IT environments and subsequent security tooling The ability to act on the insights from their security tools including security information and event management software…