Volume 10, Number 34 -- September 28, 2010

Q1 Labs Adds IBM i, Social Media Monitoring to SIEM

Corrected: September 29, 2010

by Alex Woodie

An updated security information and event management (SIEM) product from Q1 Labs promises to help businesses crack down on the leakage of sensitive information to social media websites like Facebook, Twitter, and LinkedIn. With qRadar 7.0, the SIEM gains new capabilities for correlating the social media activity of users with their access to company records--including DB2/400 access--thereby putting the kibosh on data leaks before they cause damage.

Businesses are caught between a rock and a hard spot when it comes to social media and social networking websites. On the one hand, businesses don't want to isolate themselves from the social media, which has a huge potential for attracting new customers and driving revenue growth. The adept use of social media will separate the winners from the losers in the next business cycle. For this very reason, many businesses encourage their employees to participate with social media and be a part of the social networking scene.

But the social media infrastructure also poses a unique security challenge to businesses. As the world's most popular website, Facebook is constantly under attack from bad people wishing to do bad things to the site's 400 million users--maybe even you or your business. Hackers last week exploited a cross-site scripting flaw in Twitter that allowed a series of worms that spread malware and pornography to users. The reported cause of the flaw: JavaScript (the Web 2.0 lover's dream, and the security officer's nightmare) had been accidentally enabled in tweets. Whoops.

Then there's the potential for data leakage with social media--the larger internal threat, if you will, compared to the smaller external threat posed by hackers and malware. Overeager employees may get a little too enthusiastic with sharing sensitive information about themselves or their companies with their Facebook or Twitter posts. What may seem to an employee to be a perfectly appropriate post at the moment may later cause a PCI auditor to double over in sheer cringe-worthy joy. (You don't want to give an auditor that kind of satisfaction, do you?)

In short, if you invite Twitter or Facebook into your business, you are accepting a certain amount of risk, whether you're aware of it or not. With the forthcoming release of qRadar 7.0, Q1 Labs says it can help companies mitigate that risk, while allowing them to maintain a social media presence.

qRadar 7.0 introduces several new social media monitoring capabilities. For starters, the software's use of deep packet inspection (DPI) technology helps it to spot malware that social media websites may be trying to introduce to the business environment. That's the easy part.

The hard part is handling employee access to social media. With qRadar 7.0, Q1 Labs says it can track which users are accessing which social media services, and how much they use them. With a baseline of activity established, qRadar can detect anomalous behavior, such as accessing social media sites at odd times or excessive use of the sites.

The newly released qRadar 7.0 SIEM software from Q1Labs can track users social media activity and correlate it with use of back office applications and databases.

The software can also use correlation--the most powerful tool of any SIEM--to determine whether a post to a social media website is likely to be inappropriate. For example, if a user attempts a post to a social media site right after accessing a sensitive internal resource, such as payroll data, qRadar can detect it. It could also potentially block the posting, if the customer has it configured that way.

The new version of qRadar can establish a safer zone for organizations that are facing new avenues of attack, says Sandy Bird, co-founder and CTO of Q1 Labs. "They are also faced with keeping productivity up, due to the 'always-connected' mentality of employees that want to be constantly connected to their social networks," he says in a press release. "Leveraging our native capabilities for DPI and content capture, the new version of qRadar allows companies to see into what social media applications are being used on their networks, and determine what types of threats come to light if these types of applications are allowed."

Q1Labs has done some work recently to boost its support for IBM i and i5/OS environments, according to senior product manager Matt Ward.

"We have included support for AS/400 auditing for over four years, initially through integration with Patrick Townsend and PowerTech Interact agents," Ward writes in an e-mail. "Last year Q1Labs released our native integration capability to gather and categorize Audit Journal messages as well as QHST/CPF logs. Our integrations with the two above partners provide real-time event streams including their value added capabilities for customers of those agents while our native agent provides very effective, efficient and configurable scheduled gathering at no additional cost."

Q1 Labs touts itself as the leading provider of SIEM solutions, a position it is now claiming since Arcsight was snapped up by HP. The privately held company, which is based in Waltham, Massachusetts, claims to have 1,250 customers around the world. For more information, see www.q1labs.com.

This article has been corrected. Arcsight was acquired by Hewlett-Packard, not IBM. IT Jungle regrets the error.

                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Sponsored By

FREE Webinar:
October 7, 9 a.m. CST

Satisfy audit requirements and make paperless audits your new reality
while reducing your print volume (and costs) by 50 percent.

Attend this free online seminar to learn how Robot/REPORTS
can help you split large IBM i reports into usable parts that you can view,
document, annotate, archive, and retrieve quickly using a Web browser.

Click here to learn more.

Editor: Alex Woodie
Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

PowerTech:  FREE Webinar! Reduce the Cost and Effort of IBM i Auditing. Sept. 29, 10 a.m. CT
LANSA:  2010 iPulse Survey. Taking the pulse of the IBM i market. Get a chance to win an iPad!
COMMON:  Join us at the Fall 2010 Conference & Expo, Oct. 4 - 6, in San Antonio, Texas


IT Jungle Store Top Book Picks

Easy Steps to Internet Programming for AS/400, iSeries, and System i: List Price, $49.95
The iSeries Express Web Implementer's Guide: List Price, $49.95
The System i RPG & RPG IV Tutorial and Lab Exercises: List Price, $59.95
The System i Pocket RPG & RPG IV Guide: List Price, $69.95
The iSeries Pocket Database Guide: List Price, $59.00
The iSeries Pocket SQL Guide: List Price, $59.00
The iSeries Pocket Query Guide: List Price, $49.00
The iSeries Pocket WebFacing Primer: List Price, $39.00
Migrating to WebSphere Express for iSeries: List Price, $49.00
Getting Started With WebSphere Development Studio Client for iSeries: List Price, $89.00
Getting Started with WebSphere Express for iSeries: List Price, $49.00
Can the AS/400 Survive IBM?: List Price, $49.00
Chip Wars: List Price, $29.95

The Four Hundred
Power 720: Same Entry Price, But More Room to Grow at Less Cost

Microsoft Technologies Gaining Ground in the IBM Midrange

IBM Offers Sun, HP Shops Generous Leases--What About iSeries Shops?

As I See It: Of Better Jobs and Billy Joel

Oracle Gets Systems Design, and Starts Proving It

Four Hundred Guru
Get Thee to the Web, Part 3

Merge Into the Synchronization Fast Lane with DB2 for i 7.1

Changing i/OS Password Expiration Settings

Four Hundred Monitor
Four Hundred Monitor's
Full iSeries Events Calendar

System i PTF Guide
September 25, 2010: Volume 12, Number 39

September 18, 2010: Volume 12, Number 38

September 11, 2010: Volume 12, Number 37

September 4, 2010: Volume 12, Number 36

August 28, 2010: Volume 12, Number 35

August 21, 2010: Volume 12, Number 34

TPM at The Register
IBM eats Blade Network for switches

HP purges Cisco gear from data centers

HP gooses Integrity server virt with PA-RISC emulation

AMD chops Q3 sales forecast

IBM punts first z196 mainframes

NextIO squeezes Nvidia GPUs into super-dense package

Yahoo! opens chicken coop data center

Red Hat revenues bulge 20%

Power Assure revs data center power control wares

Startup takes WAN optimization to the clouds

Server makers leap on GPU bandwagon

The GPU tails wag the CPU dogs at NVIDIA show


iSeries DevCon2010
Connectria Hosting

Printer Friendly Version

Software Vendors Adapt to the Social Media

Q1 Labs Adds IBM i, Social Media Monitoring to SIEM

JDE Fulfillment App Efficiently Allocates Constrained Supply

Big Blue and Brown: Varsity and UPS Join SAP in Partnership

ASG Revs Job Scheduler, Which Supports IBM i

News Briefs and Product Shorts:

IBM Updates Optim Data Archiving Software . . . Safestone Goes AIX with Log Management and Compliance . . . Connectria to Run IBM i Servers for Ansell Healthcare . . . Infor Bolsters Hotel Software Business with Acquisition . . . Q Software to Widen Market for Security Tools . . .

Four Hundred Stuff


Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2010 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement