Information-sharing and threat intelligence is shifting in importance as enterprises and other organizations look for increased visibility across the cloud, and control throughout hybrid IT environments. In order to provide predictive analytics, actionable, open threat intelligence is a necessary piece of the puzzle.
To that end, IBM announced at RSA that it has brought its QRadar platform for threat intelligence to the cloud, available in a software-as-a-service (SaaS) model, with optional IBM Security Managed Services.
According to the 2014 IBM Cyber Index, organizations globally deal with an average of 91 million potential security events every year, creating vast volumes of data that need to be stored and analyzed. Cloud-based threat monitoring and analytics provides the simplicity of a hosted deployment, combined with advanced analytics capabilities and the proven expertise from a security services provider needed to monitor today’s hybrid IT environments.
IBM Security Intelligence on Cloud helps organizations determine whether security-related events are simple anomalies or potential threats. Built as a cloud service using IBM QRadar, enterprises can correlate security event data with threat information from 500+ supported data sources for devices, systems and applications. It goes along with 1,500 pre-defined reports for use cases such as compliance, vulnerability management and security incident response.
Meanwhile, Intelligent Log Management on Cloud uses analytics and a hosted, multi-tenant technology to deliver real-time correlation and anomaly detection capabilities. Through support for more than 400 platforms, security managers can also capture logs from devices across their security operation.
Caleb Barlow, vice president of IBM Security Q1 Labs, said in an interview at RSA 2015 that moving security intelligence to the cloud and adding it as a managed service not only solves an infrastructure problem but also an analysis need, considering that enterprises can see anywhere from 90 million to 2 billion security incidents per day.
“You can’t just hire analysts for that—you’d need a small city,” he explained. “So enterprises are caught in the tactical problem of collapsing several vendors and gathering data, and the question becomes, how do I get to the strategic stuff? If you have a system that can get that number down to maybe 200 actuals that forensics can go investigate, that is a huge value-add.”
Also, the integration of QRadar with IBM’s just-launched cloud-based X-Force Exchange gives security teams access to historical and real time threat intelligence. IBM is monitoring as many as 70 million endpoints at any given time. IBM last week said that it is making a move to open up more than two decades worth of cyber-threat intelligence gleaned from that monitoring via the new data-sharing exchange which is modeled off of social networking.
“ISACs are great, but the information is typically kept in spreadsheets and Word docs, and it’s rarely actionable,” Barlow said. “They’re also just focused on specific verticals. This data didn’t need to remain proprietary.”
The IBM X-Force Exchange offers open access to IBM’s vault of threat intelligence. The move, the company said, is a response to a global shift in organized crime. Similar to the early 20th century mob rings, modern day cybercriminals are rapidly banding together in efficient and complex networks to launch more sophisticated, higher-ROI attacks (like last month’s highly successful Dyre Wolf campaign, launched out of an Eastern European crime ring).