Q1 Labs Adds IBM i, Social Media Monitoring to SIEM
September 29, 2010 Alex Woodie
An updated security information and event management (SIEM) product from Q1 Labs promises to help businesses crack down on the leakage of sensitive information to social media websites like Facebook, Twitter, and LinkedIn. With qRadar 7.0, the SIEM gains new capabilities for correlating the social media activity of users with their access to company records–including DB2/400 access–thereby putting the kibosh on data leaks before they cause damage.
Businesses are caught between a rock and a hard spot when it comes to social media and social networking websites. On the one hand, businesses don’t want to isolate themselves from the social media, which has a huge potential for attracting new customers and driving revenue growth. The adept use of social media will separate the winners from the losers in the next business cycle. For this very reason, many businesses encourage their employees to participate with social media and be a part of the social networking scene.
Then there’s the potential for data leakage with social media–the larger internal threat, if you will, compared to the smaller external threat posed by hackers and malware. Overeager employees may get a little too enthusiastic with sharing sensitive information about themselves or their companies with their Facebook or Twitter posts. What may seem to an employee to be a perfectly appropriate post at the moment may later cause a PCI auditor to double over in sheer cringe-worthy joy. (You don’t want to give an auditor that kind of satisfaction, do you?)
In short, if you invite Twitter or Facebook into your business, you are accepting a certain amount of risk, whether you’re aware of it or not. With the forthcoming release of qRadar 7.0, Q1 Labs says it can help companies mitigate that risk, while allowing them to maintain a social media presence.
qRadar 7.0 introduces several new social media monitoring capabilities. For starters, the software’s use of deep packet inspection (DPI) technology helps it to spot malware that social media websites may be trying to introduce to the business environment. That’s the easy part.
The hard part is handling employee access to social media. With qRadar 7.0, Q1 Labs says it can track which users are accessing which social media services, and how much they use them. With a baseline of activity established, qRadar can detect anomalous behavior, such as accessing social media sites at odd times or excessive use of the sites.
The software can also use correlation–the most powerful tool of any SIEM–to determine whether a post to a social media website is likely to be inappropriate. For example, if a user attempts a post to a social media site right after accessing a sensitive internal resource, such as payroll data, qRadar can detect it. It could also potentially block the posting, if the customer has it configured that way.
The new version of qRadar can establish a safer zone for organizations that are facing new avenues of attack, says Sandy Bird, co-founder and CTO of Q1 Labs. “They are also faced with keeping productivity up, due to the ‘always-connected’ mentality of employees that want to be constantly connected to their social networks,” he says in a press release. “Leveraging our native capabilities for DPI and content capture, the new version of qRadar allows companies to see into what social media applications are being used on their networks, and determine what types of threats come to light if these types of applications are allowed.”
Q1Labs has done some work recently to boost its support for IBM i and i5/OS environments, according to senior product manager Matt Ward.
“We have included support for AS/400 auditing for over four years, initially through integration with Patrick Townsend and PowerTech Interact agents,” Ward writes in an e-mail. “Last year Q1Labs released our native integration capability to gather and categorize Audit Journal messages as well as QHST/CPF logs. Our integrations with the two above partners provide real-time event streams including their value added capabilities for customers of those agents while our native agent provides very effective, efficient and configurable scheduled gathering at no additional cost.”
Q1 Labs touts itself as the leading provider of SIEM solutions, a position it is now claiming since Arcsight was snapped up by HP. The privately held company, which is based in Waltham, Massachusetts, claims to have 1,250 customers around the world. For more information, see www.q1labs.com.
This article has been corrected. Arcsight was acquired by Hewlett-Packard, not IBM. IT Jungle regrets the error.