In a move to help enterprises detect stealthy threats in Big Data, IBM just rolled out a new solution called Security Intelligence with Big Data. The new technology combines intelligence with analytics to take a deeper dive into this niche security need.
The idea is to help enterprises address the toughest security challenges, including advanced persistent threats, fraud and insider threats. The new solution aims to do this by combining real-time correlation for continuous insight, custom analytics across both unstructured data (e-mails, social media content, full packet information and business transactions) and structured data (security device alerts, operating system logs, DNS transactions and network flows).
IBM Security Intelligence with Big Data unites the real-time security correlation and anomaly detection capabilities of the IBM QRadar Security Intelligence Platform with the custom analysis and exploration of vast business data provided by IBM InfoSphere BigInsights.
A $39.5 Trillion Job
IBM is already getting a nod from some impressive organizations, including the Depository Trust and Clearing Corp., a financial services transaction clearing and settlement provider that handles more than 3.6 million securities from 122 countries and territories valued at $39.5 trillion.
"As the sophistication and technological means of cyber criminals increase, the financial industry and government need to move to a risk-based framework that incorporates the dynamic nature of the threat landscape," said Mark Clancy, chief information security officer and managing director of Technology Risk Management at DTCC.
"We need to move from a world where we 'farm' security data and alerts with various prevention and detection tools to a situation where we actively 'hunt' for cyber-attackers in our networks. IBM's Security Intelligence with Big Data solution gives us a practical way to gain visibility across our environment. We're gaining real-time security awareness and meaningful insight into historical activity across years of diverse data."
A Practical Solution
IBM is touting real-time correlation and anomaly detection of diverse security and network data as one of the key capabilities. Other key capabilities include high-speed querying of security intelligence data; flexible Big Data analytics across structured and unstructured data; a graphical front-end tool for visualizing and exploring Big Data; and forensics for deep visibility into network activity.
IIBM said the solution helps organizations answer questions they could never ask before by widening the scope of investigation to new data types. By analyzing structured, enriched security data alongside unstructured data, the solution helps find malicious activity hidden deep in the masses of an organization's data.
"Success today is too often defined as the absence of failure by the information security industry, instead of the demonstration of effectiveness," Clancy said. "We do a lot of things in our profession that are hard to observe and hard to quantify. But any time you can measure the success or failure in a provable way, you can produce a much better outcome."
IBM QRadar Security Intelligence Platform products and IBM Big Data Platform products, including IBM InfoSphere BigInsights, are available immediately.