Searching for Trouble: Finding a Security Breach Just Got a Lot Easier
The Importance of User Interface
Having been a PC/Microsoft user for most of my professional career, I was introduced to the Apple user interface improvements about the time my oldest son–age 11 at the time–was convinced he needed an iPod touch. He dragged me into the store, picked-up the device and began building his case for why it would effectively ruin his life if I were to say no. I was immediately amazed and began to regret not buying a large block of Apple stock back when it was $23 a share.
Moving between applications, zooming-in on images, etc. were all pretty simple and required someone to just touch the screen with intuitive gestures. Still not being an early adopter of gadget technology, what finally sold me was his ability to create HD videos in addition to the stuff he really wanted to do (Angry Birds). He was only too happy to agree we needed the 32GB version so he could hone his creative talents.
Nothing accelerates technology adoption like getting the user interface right, and that’s why we’re so pumped about the newest planned addition to the QRadar Security Intelligence Platform. With the upcoming release of QRadar Incident Forensics, any member of an IT security team will be able to intuitively investigate offense records like a technically trained pro, and even though it’s not a touchscreen kind of approach, it’s really the next best thing. The solution uses a free-form, Internet search engine interface similar to the one from the other company I wish I’d invested in back when the stock was under $200/share. And like all of its brethren, the new module is integrated within the familiar tab/dashboard/one console design of QRadar.
Skip the Training; Go Straight to the Search
There are two primary benefits of using the upcoming QRadar Incident Forensics: find trouble fast and apply effective vision and clarity to resolve, remediate or mitigate the malicious security incident. The technology is a natural complement to QRadar SIEM that combs through mountains of log events and netflows to identify those worthy of further investigation based on normalization activities and correlation rules that surface high probability security incidents as QRadar offense database records. QRadar Incident Forensics (QRIF) is designed to help security teams take the next step, collecting and reconstructing network packet data associated with a suspected network security incident including metadata. Adding PCAP-based insights to QRadar’s already advanced network anomaly detection capabilities is anticipated to be a game changer for understanding how an attack succeeded and the steps required to defeat it.
There are numerous studies and resources that document the time required to investigate and remediate a typical breach. The figures range from days to weeks to months using conventional tools and approaches, but we believe the automation planned to be delivered in QRadar Incident Forensics represents a turning point for these activities. This planned intuitive solution is designed to allow security teams to research both identified offenses and new threat profiles indicated by intelligent feeds such as X-Force within hours, in many cases, and apply their discoveries either as prompt mitigations or correlation rule refinements to help further defeat true threats and reduce false positives.
IBM Announces Security Forensics Capabilities to Help Protect Critical Data
New analytics and automation helps any IT security team quickly identify and defend against hidden threats
ARMONK, N.Y. – 18 Feb 2014: IBM (NYSE: IBM) today announced a powerful appliance for helping organizations diagnose and defend their critical data and enterprise networks against sophisticated external attacks and unauthorized insider activities.
Since 2010, the IBM X-Force Trend & Risk Report has been reporting on the alarming rate of how cyber attacks continue to occur. As data breaches continue to impact organizations, the need to reduce detection time and investigate these threats before they can significantly impact the business is critical. Cyber criminals often gain access to a corporate network weeks or months before actual data is compromised. According to the IBM X-Force Threat Intelligence Quarterly to be released next week, in 2013, more than half a billion records of personally identifiable information were leaked through a number of attacks against strategic targets. By detecting malicious activity earlier, organizations can more quickly stop, or reduce the potential loss of data.
IBM Security QRadar Incident Forensics, a new software product designed as a module for the QRadar Security Intelligence Platform, can help security teams retrace the step-by-step actions of sophisticated cyber criminals. By adding this forensics capture and search module to its QRadar Security Intelligence platform, IBM can further strengthen its clients’abilities to efficiently investigate security incidents and understand the impact of any suspicious activity. QRadar Incident Forensics provides a record of activity on the network, enabling organizations to retrace suspicious activity, provide alerts to growing concerns, and provide forensics search capabilities.
“Every breach is a race against time. This new forensics module further expands the breadth and depth of IBM’s security intelligence capabilities,”said Brendan Hannigan, general manager of IBM Security Systems. “QRadar Incident Forensics further helps IT staff prevent emerging threats and better determine the impact of any intrusion.”
QRadar Security Incident Forensics will help any member of an IT security team quickly and efficiently research security incidents or test for conditions associated with an observed attack pattern from an Internet threat intelligence feed such as X-Force. By using this guidance, security teams can avoid spending valuable time searching through petabytes of network traffic, and potentially discovering nothing of immediate value. With QRadar, security analysts can quickly collect security data related to an incident.
This solution is just one of IBM’s new initiatives to expand its security intelligence capabilities. In the second quarter of 2014, IBM will introduce new capabilities to help organizations better understand the threat landscape. IBM Advanced Cyberthreat Intelligence Service will provide customers with insight into the threat landscape, targeted attacks and attacker tools, tactics and practices, incorporating IBM’s own research with that of strategic partners specializing in threat visibility.
Additionally, IBM’s Active Threat Assessment complements this ongoing threat intelligence and visibility. It leverages technical assessment capabilities and best-of-breed tools to identify previously unrealized, active threats while also modeling threats to unmitigated vulnerabilities in an enterprise environment.
IBM Security QRadar Incident Forensics, currently planned to be available in the second quarter of 2014, is an integrated module in IBM’s QRadar Security Intelligence platform. Also part of this announcement, IBM is now allowing existing QRadar clients to test this solution as part of a beta program.
About IBM Security
IBM’s security portfolio provides the security intelligence to help organizations holistically protect their people, data, applications and infrastructure. IBM offers solutions for identity and access management, security information and event management, database security, application development, risk management, endpoint management, next-generation intrusion protection and more. IBM operates one of the world’s broadest security research and development, and delivery organizations. IBM monitors 15 billion security events per day in more than 130 countries and holds more than 3,000 security patents. For more information on IBM security, please visit: www.ibm.com/security.
IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.