IBM Rolls Out Security Analytics and Managed Service Offerings
November 8, 2011 Alex Woodie
IBM last week unveiled a host of new security solutions aimed at helping customers stay on top of the complex and evolving security threat landscape. The new offerings include four new analytics tools that are available as subscriptions, and one managed security information and event management (managed SIEM) offering that uses on-site hardware and IBM know-how on the other end of the wire.
IBM shook up its computer security business a month ago when it created a new Security Services division immediately following its acquisition of SIEM solution provider Q1 Labs. The creation of the division marks a strong push by IBM to focus on the burgeoning market for managed security services (MSS).
IBM fleshed out its MSS lineup last week with the announcement of six new subscription offerings. Among the new offerings is a new Suspicious Host Dashboard, which analyzes security data originating from several sources, and provides real-time identification of advanced threats, such as botnets. The Suspicious Host Dashboard gets data from firewall logs, threat intelligence feeds, intrusion detection and prevention systems, and IP location data. IBM takes this information, prioritizes it, and presents the most severe threats to the user through the dashboard.
Another new offering is the IP Intelligence Report. A subscription to this service provides the customer with a one-page report that identifies the IP addresses that pose the most danger to an organization, as well as the vulnerabilities that exist and the remediation activities under way.
The third new subscription is the Enhanced Automated Intelligence (AI) correlation engine. With this offering, IBM gathers threat information originating from multiple MSS subscriptions, correlates any matching threat activity, and presents that data to the user. In effect, it’s a SIEM that works on MSS data, as opposed to log and network-device data captured by the customer.
The new IP Center Dashboard provides the capability to query MSS data sets. This service, which is also available as a subscription, enables IBM threat analysts to dive deep into all the MSS data gathered by the customer, to validate possible security threats and streamline the prioritization of remediation activities.
IBM’s new managed SIEM offering provides IBM security expertise with on-premise, log-gathering equipment. This solution works with all types of hardware, including hardware from Q1 Labs and other SIEM vendors. The various log data is sent to IBM, where it is identified and correlated by IBM security experts using the Q1 Labs software.
“IBM recognizes a client’s need to get ahead of the threats in today’s complex security landscape,” said Marisa Viveros, a vice president at IBM Security Services. “We are applying our nearly five decades of security experience to help clients move from a reactive position to a proactive one, using analytics to anticipate threats as they appear instead of after the fact.”
For more information on IBM’s MSS offerings, see www-935.ibm.com/services/us/en/it-services/security-services.html.