With employees frequently using the Web, what more can IT departments do to protect against constantly evolving malware? This week, IBM announced a new class of network security
appliances that it believes can help control the risks.
The product line, which the company describes as "next-generation intrusion prevention" devices, offers a simplified security management interface and a more granular view of security conditions. It shows what applications are being used on a company's network and what Web destinations users are visiting, while providing the ability to control such activity -- including protection against "zero-day" exploits.
Database, Granular Control
The first device in this "advanced threat platform" is called the IBM Security Network Protection XGS 5000. It uses core features found in IBM's Security Network Intrusion Prevention System, provides 2.5 Gbps throughput, and can operate on as many as eight network segments.
IBM said that the XGS 5000's overall strategy is to discover what's being accessed, identify misuses if any, and then enforce applicable policies. The device, available in the third quarter, incorporates global threat intelligence from IBM's X-Force Research, including a Web filter database of more than 15 billion Web addresses.
The granular capability includes the ability to have control over which apps and Web sites are permitted for which users or groups, and even which individual actions and activities are permitted with those apps and sites. For instance, an administrator could allow access to Facebook for a given user or group of users, but prevent them from posting, playing games or chatting.
The appliance also integrates with QRadar Security Intelligence Platform, which the company said provides more useful information about anomaly detection and event detection. The company acquired QRadar when it purchased security information management vendor Q1 Labs in late 2011.
'Total Security Intelligence'
With the rise of targeted attacks and the adoption of mobility, clouds and social media, enterprises need to take new approaches, said Brendan Hannigan, general manager of IBM's Security Systems Division.
IBM can help customers address those challenges with its Advanced Protection Platform, Hannigan said, in that it combines "total security intelligence within the enterprise, exhaustive external threat intelligence," and "fine-grained activity detection and control."
IBM says that one of the advantages of the new appliance is that, using X-Force Research, it can stop entire classes of attacks without updates, including new and unknown threats. By contrast, the company said, most other solutions rely on matching individual protection signatures, which IBM said was too slow to stop continually evolving threats.
'The Next Step'
IDC analyst John Grady said the new IBM security appliance product line is "continuing the evolution" of intrusion prevention systems. He said that some firewalls have addressed the need for dealing with advanced malware in the days of Web apps like Facebook, but the IBM line "takes it to the next step."
We asked Joe Anthony, director of IBM Security, Risk and Compliance Product Management, how the new product line differed from what is already out there.
He said that the XGS 5000 represents "a next generation IPS," particularly in that it allows IT to "see so much, the breadth of what is moving" on the network, and provides a fine "level of granularity."
"With the amount of social media being used," Anthony said, security systems "can't be that coarse-grained."
Typically, he said, IT personnel might let the XGS 5000 run for a while to see the typical behavior, work with management to set company policies and then implement those policies through company- or group-wide controls.