So as I was watching Bear Grylls last night (from the safety of my favorite armchair) I was struck by how unthinkable it would be to set off on an expedition with a rucksack stuffed full of different individual knives, screwdrivers, scissors, bottle openers etc. The good old Swiss Army Knife has all you ever need to in one compact, seamlessly integrated, and easy-to-use package.

There are good reasons for it, I mean when the pressure is on, it’s pitch black, blowing a gale, and you are starving hungry, you don’t want to be trying to locate and swap between the multiple different utensils that you need for survival. Having all the key tools in one place, and in the right place, makes it incredibly valuable.

The Swiss Army Knife for Security Operations

In today’s world of IT security there are a lot of parallels between undertaking a dangerous or challenging expedition and managing security operations. The pressure of the situation; a requirement for multiple tools, visibility and accurate knowledge about the surroundings; the criticality of quick response. In its simplest form the QRadar product vision has always been to be the Swiss Army Knife for security operations, by providing our customers with a capability that can help them manage their own expedition, the security timeline.

This timeline starts right from what is at the root of most security issues, vulnerabilities. Vulnerabilities are everywhere, 1000’s of them in every organization. At some point in time someone or something will try to exploit these vulnerabilities. To stay ahead and survive in this hostile environment, those exploit attempts must be detected and remediated ASAP and then analyzed to discover their impact. What vulnerability was exploited ? What was stolen ? Who did it ? Where else am I vulnerable?

In IT security the pressure is definitely on. There is an ocean of vulnerabilities to potentially address; millions of logs and network flows to analyse to understand the environment, spot exploits and plan next steps. All with limited time, resource and an abundance of disparate, loosely coupled (at best) security tools to manage those vulnerabilities and identify exploits. What is needed is the Swiss Army knife for security.

Introducing IBM Security QRadar Vulnerability Manager

We have been evolving QRadar toward this vision for over ten years, starting at network behavior anomaly detection, then introducing log management, rolling in SIEM functionality, then complementing this with Risk management to understand network topology, firewalls and IPS rules. Now we are adding a key vital security capability that our customers have all asked for, vulnerability management.


We’re excited about these NEW product announcements! Learn more about #QRadar Vulnerability Manager #ibmsecurity — IBM Security (@IBMSecurity) July 25, 2013


Introducing IBM Security QRadar Vulnerability Manager (QVM), an innovative, truly integrated vulnerability management and security intelligence solution. With QVM QRadar users can now scan their network to locate vulnerabilities all without installing any new software and all through the same consistent single UI that gives them complete visibility into what is going on in their networks right now. Not only that but where disparate vulnerability systems are currently deployed, QVM gives QRadar user that single consolidated view of their vulnerabilities.

Crucially, because we put all of these capabilities together we can now leverage additional contextual data such as network and asset usage, known threat sources, who is talking to who, network topology and security configuration to optimize the vulnerability management process. This helps users focus on the vulnerabilities that are most exploitable at any given time, instead of looking at a sea of red.

In addition to improving the pre-exploit phase, the exploit detection and remediation processes are also optimized due to enriched vulnerability and asset configuration information. All through a single, consistent asset model and user interface.

Just like a Swiss Army knife for the IT security engineer, this new capability enables QRadar users to manage their timeline expedition, in one seamlessly integrated, easy to use package. It is almost unthinkable to address IT security without it.

What are your thoughts about this announcement? Let me know in the comments below.


IBM Unveils New Software To Help Organizations Identify And Predict Security Risk

QRadar Vulnerability Manager helps identify, sort, contextualize, and prioritize network vulnerabilities

IBM QRadar Vulnerability Manager gives security officers a prioritized view across their entire network, helping them to quickly strengthen and fortify their defenses. By aggregating vulnerability information into a single view, security teams can see the results from multiple network, endpoint, database or application scanners where it can be quickly reviewed and managed.

Security Intelligence Services Ramp Up

The security industry is now trying to deliver the intelligence that IT departments need to defend themselves from cyberattacks before they occur.

For that reason the security industry’s focus is moving from not just trying to defend IT organizations from attacks, but delivering the intelligence that IT organizations need to defend themselves from attacks before they hit.

The basic idea is that while there isn’t a way to prevent the attacks from occurring, the meantime to remediation can be much faster. In fact, once an attack is detected, IT organizations could be alerted to not only what vulnerability that attack is trying to exploit, but also just how vulnerable their IT systems are to that specific type of attack.

IBM unveils QRadar Vulnerability Manager security tool

IBM has launched new real-time security management tools, including its QRadar Vulnerability Manager (QVM), which it said combs through potential security flaws and presents them to security officers in a more manageable format.

Brendan Hannigan, general manager at IBM Security Systems said the firm’s new product launch was a timely one. “Traditional vulnerability management solutions are fundamentally broken,” he explained. “Vulnerability scanning today lacks network-wide visibility, contextual awareness and real-time scanning. These gaps mean even well-known and preventable vulnerabilities can be lost in an overload of data, leaving organisations exposed to high risks.”

Murray Benadie, managing director of IBM partner Zenith Systems said he believed the new software was significant. “It can cut a huge list of vulnerabilities in half, if not more,” he said. “Users will quickly see vulnerabilities on their networks, without trying to mash products together – that is how information falls through the cracks.”

IBM unveils vulnerability manager as part of QRadar SIEM

QRadar Vulnerability manager “provides actionable intelligence about vulnerabilities.”

The QRadar Vulnerability Manager, which resides on top of the SIEM, can  scan the corporate network and can also take in data from third-party scanners, including those from Qualys, Rapid7, Nessus, nCircle, McAfee, according to Kevin Skapinetz, program director of product strategy at IBM Security Solutions. “It provides actionable intelligence about vulnerabilities based on the context of assets,” he says.

A SIEM is used to centralize and correlate alerts from security equipment such as firewalls and intrusion-detection systems, as well as corporate computing assets such as servers.


More from Intelligence & Analytics

2022 Industry Threat Recap: Manufacturing

It seems like yesterday that industries were fumbling to understand the threats posed by post-pandemic economic and technological changes. While every disruption provides opportunities for positive change, it's hard to ignore the impact that global supply chains, rising labor costs, digital currency and environmental regulations have had on commerce worldwide. Many sectors are starting to see the light at the end of the tunnel. But 2022 has shown us that manufacturing still faces some dark clouds ahead when combatting persistent…

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

The 13 Costliest Cyberattacks of 2022: Looking Back

2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets alike. While organizations may choose not to disclose the costs associated with a cyberattack, the loss of consumer trust will always be a risk after any significant attack. Let’s look at the 13 costliest cyberattacks of the past year and…