So as I was watching Bear Grylls last night (from the safety of my favorite armchair) I was struck by how unthinkable it would be to set off on an expedition with a rucksack stuffed full of different individual knives, screwdrivers, scissors, bottle openers etc. The good old Swiss Army Knife has all you ever need to in one compact, seamlessly integrated, and easy-to-use package.
There are good reasons for it, I mean when the pressure is on, it’s pitch black, blowing a gale, and you are starving hungry, you don’t want to be trying to locate and swap between the multiple different utensils that you need for survival. Having all the key tools in one place, and in the right place, makes it incredibly valuable.
The Swiss Army Knife for Security Operations
In today’s world of IT security there are a lot of parallels between undertaking a dangerous or challenging expedition and managing security operations. The pressure of the situation; a requirement for multiple tools, visibility and accurate knowledge about the surroundings; the criticality of quick response. In its simplest form the QRadar product vision has always been to be the Swiss Army Knife for security operations, by providing our customers with a capability that can help them manage their own expedition, the security timeline.
This timeline starts right from what is at the root of most security issues, vulnerabilities. Vulnerabilities are everywhere, 1000’s of them in every organization. At some point in time someone or something will try to exploit these vulnerabilities. To stay ahead and survive in this hostile environment, those exploit attempts must be detected and remediated ASAP and then analyzed to discover their impact. What vulnerability was exploited ? What was stolen ? Who did it ? Where else am I vulnerable?
In IT security the pressure is definitely on. There is an ocean of vulnerabilities to potentially address; millions of logs and network flows to analyse to understand the environment, spot exploits and plan next steps. All with limited time, resource and an abundance of disparate, loosely coupled (at best) security tools to manage those vulnerabilities and identify exploits. What is needed is the Swiss Army knife for security.
Introducing IBM Security QRadar Vulnerability Manager
We have been evolving QRadar toward this vision for over ten years, starting at network behavior anomaly detection, then introducing log management, rolling in SIEM functionality, then complementing this with Risk management to understand network topology, firewalls and IPS rules. Now we are adding a key vital security capability that our customers have all asked for, vulnerability management.
— IBM Security (@IBMSecurity) July 25, 2013
Introducing IBM Security QRadar Vulnerability Manager (QVM), an innovative, truly integrated vulnerability management and security intelligence solution. With QVM QRadar users can now scan their network to locate vulnerabilities all without installing any new software and all through the same consistent single UI that gives them complete visibility into what is going on in their networks right now. Not only that but where disparate vulnerability systems are currently deployed, QVM gives QRadar user that single consolidated view of their vulnerabilities.
Crucially, because we put all of these capabilities together we can now leverage additional contextual data such as network and asset usage, known threat sources, who is talking to who, network topology and security configuration to optimize the vulnerability management process. This helps users focus on the vulnerabilities that are most exploitable at any given time, instead of looking at a sea of red.
In addition to improving the pre-exploit phase, the exploit detection and remediation processes are also optimized due to enriched vulnerability and asset configuration information. All through a single, consistent asset model and user interface.
Just like a Swiss Army knife for the IT security engineer, this new capability enables QRadar users to manage their timeline expedition, in one seamlessly integrated, easy to use package. It is almost unthinkable to address IT security without it.
What are your thoughts about this announcement? Let me know in the comments below.
QRadar Vulnerability Manager helps identify, sort, contextualize, and prioritize network vulnerabilities
IBM QRadar Vulnerability Manager gives security officers a prioritized view across their entire network, helping them to quickly strengthen and fortify their defenses. By aggregating vulnerability information into a single view, security teams can see the results from multiple network, endpoint, database or application scanners where it can be quickly reviewed and managed.
The security industry is now trying to deliver the intelligence that IT departments need to defend themselves from cyberattacks before they occur.
For that reason the security industry’s focus is moving from not just trying to defend IT organizations from attacks, but delivering the intelligence that IT organizations need to defend themselves from attacks before they hit.
The basic idea is that while there isn’t a way to prevent the attacks from occurring, the meantime to remediation can be much faster. In fact, once an attack is detected, IT organizations could be alerted to not only what vulnerability that attack is trying to exploit, but also just how vulnerable their IT systems are to that specific type of attack.
IBM has launched new real-time security management tools, including its QRadar Vulnerability Manager (QVM), which it said combs through potential security flaws and presents them to security officers in a more manageable format.
Brendan Hannigan, general manager at IBM Security Systems said the firm’s new product launch was a timely one. “Traditional vulnerability management solutions are fundamentally broken,” he explained. “Vulnerability scanning today lacks network-wide visibility, contextual awareness and real-time scanning. These gaps mean even well-known and preventable vulnerabilities can be lost in an overload of data, leaving organisations exposed to high risks.”
Murray Benadie, managing director of IBM partner Zenith Systems said he believed the new software was significant. “It can cut a huge list of vulnerabilities in half, if not more,” he said. “Users will quickly see vulnerabilities on their networks, without trying to mash products together – that is how information falls through the cracks.”
QRadar Vulnerability manager “provides actionable intelligence about vulnerabilities.”
The QRadar Vulnerability Manager, which resides on top of the SIEM, can scan the corporate network and can also take in data from third-party scanners, including those from Qualys, Rapid7, Nessus, nCircle, McAfee, according to Kevin Skapinetz, program director of product strategy at IBM Security Solutions. “It provides actionable intelligence about vulnerabilities based on the context of assets,” he says.
A SIEM is used to centralize and correlate alerts from security equipment such as firewalls and intrusion-detection systems, as well as corporate computing assets such as servers.