July 25, 2013 By Chris Meenan 5 min read

So as I was watching Bear Grylls last night (from the safety of my favorite armchair) I was struck by how unthinkable it would be to set off on an expedition with a rucksack stuffed full of different individual knives, screwdrivers, scissors, bottle openers etc. The good old Swiss Army Knife has all you ever need to in one compact, seamlessly integrated, and easy-to-use package.

There are good reasons for it, I mean when the pressure is on, it’s pitch black, blowing a gale, and you are starving hungry, you don’t want to be trying to locate and swap between the multiple different utensils that you need for survival. Having all the key tools in one place, and in the right place, makes it incredibly valuable.

The Swiss Army Knife for Security Operations

In today’s world of IT security there are a lot of parallels between undertaking a dangerous or challenging expedition and managing security operations. The pressure of the situation; a requirement for multiple tools, visibility and accurate knowledge about the surroundings; the criticality of quick response. In its simplest form the QRadar product vision has always been to be the Swiss Army Knife for security operations, by providing our customers with a capability that can help them manage their own expedition, the security timeline.

This timeline starts right from what is at the root of most security issues, vulnerabilities. Vulnerabilities are everywhere, 1000’s of them in every organization. At some point in time someone or something will try to exploit these vulnerabilities. To stay ahead and survive in this hostile environment, those exploit attempts must be detected and remediated ASAP and then analyzed to discover their impact. What vulnerability was exploited ? What was stolen ? Who did it ? Where else am I vulnerable?

In IT security the pressure is definitely on. There is an ocean of vulnerabilities to potentially address; millions of logs and network flows to analyse to understand the environment, spot exploits and plan next steps. All with limited time, resource and an abundance of disparate, loosely coupled (at best) security tools to manage those vulnerabilities and identify exploits. What is needed is the Swiss Army knife for security.

Introducing IBM Security QRadar Vulnerability Manager

We have been evolving QRadar toward this vision for over ten years, starting at network behavior anomaly detection, then introducing log management, rolling in SIEM functionality, then complementing this with Risk management to understand network topology, firewalls and IPS rules. Now we are adding a key vital security capability that our customers have all asked for, vulnerability management.


We’re excited about these NEW product announcements! Learn more about #QRadar Vulnerability Manager http://t.co/5DbAYNHTlR #ibmsecurity — IBM Security (@IBMSecurity) July 25, 2013


Introducing IBM Security QRadar Vulnerability Manager (QVM), an innovative, truly integrated vulnerability management and security intelligence solution. With QVM QRadar users can now scan their network to locate vulnerabilities all without installing any new software and all through the same consistent single UI that gives them complete visibility into what is going on in their networks right now. Not only that but where disparate vulnerability systems are currently deployed, QVM gives QRadar user that single consolidated view of their vulnerabilities.

Crucially, because we put all of these capabilities together we can now leverage additional contextual data such as network and asset usage, known threat sources, who is talking to who, network topology and security configuration to optimize the vulnerability management process. This helps users focus on the vulnerabilities that are most exploitable at any given time, instead of looking at a sea of red.

In addition to improving the pre-exploit phase, the exploit detection and remediation processes are also optimized due to enriched vulnerability and asset configuration information. All through a single, consistent asset model and user interface.

Just like a Swiss Army knife for the IT security engineer, this new capability enables QRadar users to manage their timeline expedition, in one seamlessly integrated, easy to use package. It is almost unthinkable to address IT security without it.

What are your thoughts about this announcement? Let me know in the comments below.


IBM Unveils New Software To Help Organizations Identify And Predict Security Risk

QRadar Vulnerability Manager helps identify, sort, contextualize, and prioritize network vulnerabilities

IBM QRadar Vulnerability Manager gives security officers a prioritized view across their entire network, helping them to quickly strengthen and fortify their defenses. By aggregating vulnerability information into a single view, security teams can see the results from multiple network, endpoint, database or application scanners where it can be quickly reviewed and managed.

Security Intelligence Services Ramp Up

The security industry is now trying to deliver the intelligence that IT departments need to defend themselves from cyberattacks before they occur.

For that reason the security industry’s focus is moving from not just trying to defend IT organizations from attacks, but delivering the intelligence that IT organizations need to defend themselves from attacks before they hit.

The basic idea is that while there isn’t a way to prevent the attacks from occurring, the meantime to remediation can be much faster. In fact, once an attack is detected, IT organizations could be alerted to not only what vulnerability that attack is trying to exploit, but also just how vulnerable their IT systems are to that specific type of attack.

IBM unveils QRadar Vulnerability Manager security tool

IBM has launched new real-time security management tools, including its QRadar Vulnerability Manager (QVM), which it said combs through potential security flaws and presents them to security officers in a more manageable format.

Brendan Hannigan, general manager at IBM Security Systems said the firm’s new product launch was a timely one. “Traditional vulnerability management solutions are fundamentally broken,” he explained. “Vulnerability scanning today lacks network-wide visibility, contextual awareness and real-time scanning. These gaps mean even well-known and preventable vulnerabilities can be lost in an overload of data, leaving organisations exposed to high risks.”

Murray Benadie, managing director of IBM partner Zenith Systems said he believed the new software was significant. “It can cut a huge list of vulnerabilities in half, if not more,” he said. “Users will quickly see vulnerabilities on their networks, without trying to mash products together – that is how information falls through the cracks.”

IBM unveils vulnerability manager as part of QRadar SIEM

QRadar Vulnerability manager “provides actionable intelligence about vulnerabilities.”

The QRadar Vulnerability Manager, which resides on top of the SIEM, can  scan the corporate network and can also take in data from third-party scanners, including those from Qualys, Rapid7, Nessus, nCircle, McAfee, according to Kevin Skapinetz, program director of product strategy at IBM Security Solutions. “It provides actionable intelligence about vulnerabilities based on the context of assets,” he says.

A SIEM is used to centralize and correlate alerts from security equipment such as firewalls and intrusion-detection systems, as well as corporate computing assets such as servers.


More from Intelligence & Analytics

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today