Earlier this week, IBM showed of the first fruits of its Q1 Labs acquisition, rolling out the QRadar Security Intelligence platform based on technology it acquired last fall.
QRadar serves as a control center that integrates real-time security intelligence from more than 400 different sources. One of the significant planned integrations for the QRadar platform is IBM's X-Force Intelligence Threat Feed, which is based on the real-time monitoring of 13 billion security events per day, on average, for nearly 4,000 clients in more than 130 countries. The QRadar platform will have visibility into the latest security trends worldwide to help protect enterprises against emerging risks.
We caught up with Michael Applebaum, Director of Product Marketing at IBM Security Systems Division, to discuss the QRadar approach to security and how it differs from other security platforms on the market.
Q: The threats are definitely escalating. It seems like the bad guys are moving faster than the good guys.
That's precisely the challenge with traditional security approaches. The volume and variety of attacks of exploit techniques is going to continue growing unabated. You can't catch up simply by trying to plug the gaps and the vulnerabilities that you discover every week. You have to step back and look at the situation holistically. How can we detect and prioritize what's going on across our organization in a unified way? Because the current approaches just don't scale and they don't work.
Q: How is IBM's approach different from competing security platforms?
It's about bringing more integration and automation to bear across a spaghetti, patchwork approach that most organizations have built in. Most security products fulfill a very specific but limited role, but attacks and threats today are multi-faceted. You might see a glimmer of an attack in one part of your enterprise and you might see a glimmer of that attack somewhere else.
But putting the pieces together and connecting the dots is very difficult to do. That's why compromises so often take months to be detected. And once detected, an organization rarely knows what's actually been compromised in terms of data and so on.
What we hear loud and clear from our clients is they're locked in an intelligence arms race and they're looking for tools that can bridge the silos of . It's not just about getting more data to find these threats; it's about what you can do with the data and how you can apply intelligence to ferret out the risks that matter from the ones that don't.
Q: Who are you targeting with this security platform? Enterprises? Small businesses? Both?
The need for this kind of solution it exists everywhere. The challenge might differ a little from a small business to large enterprises in that small businesses are going to have much fewer resources to address these challenges. On the other hand, large enterprises while they might have more resources, are likely facing a much greater volume and variety of attacks. We very much serve both ends of the market.
Q: What's next with QRadar? How will it evolve?
There are two major areas we're going to continue to invest in heavily from an R&D standpoint. One of them is the broader set of integrations with other IBM and non-IBM security products and network products. We're going to continue with an aggressive roadmap of integrations that we'll be delivering quarter after quarter. Beyond that, we'll continue to expand the platform in terms of its capabilities across what we call the security intelligence spectrum.
QRadar has primarily served the SIEM (security information and event management) market. But we've broadened beyond SIEM into other areas including a complementary space like configuration monitoring. The other piece customers are wrestling with is "How can I predict and prevent breaches and compromises before they happen at all?"
Part of that is analyzing the state of the network environment and identifying and prioritizing vulnerabilities and security gaps that might exist. Configuration monitoring does that by looking at the state of the network and identifying errors in how it's configured. So, for example, looking at firewalls and understanding if there are ports inadvertently opened that could expose the internal network to public Internet inappropriately and then expose valuable systems.
You need to pair both the detection and the prevention elements here. That's an example of how we've built out a broader security intelligence platform and you'll see us continue to bring new functional capabilities to market that further broaden that platform.
Q: Talk to me a little more about the virtual appliances IBM is delivering as part of this announcement.
Our new line of virtual appliances are versions of our software that are pre-packaged and ready to deploy onto a virtual infrastructure. Traditionally, Q1 Labs [the company acquired by IBM] has delivered our products to market in a hardware appliance form. What we are doing now is pre-packaging and configuring the software and the operating system on a piece of hardware on the server. Now, we're delivering a full line of virtual appliance products that make [implementation] easy both for customers on the smaller side of the spectrum, as well as large enterprises.