Archive for February, 2012
Posted by Heather Howland in In the Industry, Security Intelligence
This year, Q1 Labs will be at RSA Conference 2012 as part of the greater IBM Security presence. If you’re attending the event, make sure you take advantage of this great opportunity to meet with us and gain an understanding of IBM’s strategic vision for the future of cybersecurity. You can find us in the IBM booth (#2233) armed with a live demo. Feel free to stop by and see the QRadar Security Intelligence Platform in action and hear more about planned integrations with IBM Security solutions, more third-party product integrations, and other recently introduced features including instant search and virtual appliances.
There are also three opportunities to see IBM speakers:
- Session Title: Security Enters the Boardroom: Evolving the Role of the CISO
Abstract: Due to the increasing importance of security to a company’s brand and financial position, the CISO role is more strategic than ever before. Leveraging her own rich experience, Linda Betz, IBM CISO, will lead a discussion on relevant issues such as reporting structures, budget responsibilities, performance metrics and the increasing influence of CISOs in being transformational business leaders.
Speaker: Kristin Lovejoy, Vice President, IT Risk, IBM Corporation
Time: Tuesday, February 28, 2:40 PM – Room 510
- Session Title: Security Enters the Boardroom: How Does Security Articulate Business Value?
Abstract: Business executives today understand the importance of having a strong security infrastructure. However in today’s challenging economy, CIOs need to see and be able to articulate true business value from their investment in security.
Speaker: Rock Miller, Director, IBM Managed Security Services – Global Technology Services
Time: Wednesday, February 29, 10:40 AM – Room 310
- Session Title: How to Create a Software Security Practice
Abstract: In this presentation IBM’s Ryan Berg and Jack Danahy share best practices and tactical advice for organizations looking to develop software security as an internal or revenue generating expertise.
Speakers: Ryan Berg, Senior Architect Security Research, IBM Corporation – Jack Danahy, Director for Advanced Security & IBM Security Systems, IBM Corporation
Time: Thursday, March 1, 10:40 AM – Room 302
Register for a free expo pass and learn more about IBM Security Solutions at RSA here.
Posted by Michael Applebaum in Cybersecurity, Q1 Labs, Security Intelligence, SIEM, Threat Management
Today, IBM announced the first major deliverable from the acquisition of Q1 Labs back in October – a new and dramatically enhanced QRadar Security Intelligence Platform. The new release combines deep analytic capabilities with real-time data feeds from hundreds of different sources to give organizations the ability to help proactively protect themselves from increasingly sophisticated and complex security threats and attacks.
This is exciting news for many reasons, including that QRadar continues to define the frontier of security intelligence, offering new capabilities for instant search, massive scalability and intelligent data policy management. In addition, QRadar will tap security analytics and threat intelligence from more than 400 sources. IBM X-Force, one of the world’s largest repositories of threat and vulnerability insights, provides an intelligence feed to QRadar based on the real-time monitoring of 13 billion security events per day. This insight can flag behavior that may be associated with new and emerging threats, all in real-time. Whether it’s the newest strain of malware or an advanced exploit technique first being seen halfway around the world, QRadar will monitor this intelligence and correlate it with what’s happening in your own environment, large or small.
To provide one example of how we’re bridging silos, consider the following scenario: An external attacker (or even an insider) compromises a number of user accounts, seeking access to a sensitive corporate database. After failing to login to the database with the first four accounts, he successfully logs in with the fifth account (a privileged user), downloads the organization’s customer list and emails it from the compromised account to a suspicious domain. Most organizations would struggle to piece together these actions into a cohesive picture of the attack and the impact, and almost certainly would not see it in real-time.
But with the combination of QRadar, IBM Guardium Database Security and IBM X-Force threat intelligence, the attack is detected and impact identified immediately. Guardium provides the continuous database monitoring and sends alerts to QRadar SIEM, which enriches the view of the incident with network flows and logs it has collected. It then observes activity involving an IP address (the receiving domain) that IBM X-Force has identified as suspicious. QRadar QFlow also provides insight into the content actually sent by the attacker, via deep packet inspection. And if the organization wanted to apply automated remediation to prevent the data exfiltration, it could even use QRadar to have the perimeter security devices block the data transmission. In sum, the incident is detected in real-time and the impact understood – or even prevented.
We view this as an important step forward in bridging security silos and applying greater intelligence and automation. What do you think?
For more information on today’s announcement, please see the press release here.
Posted by Melissa Stevens in Cybersecurity
It’s not news to security experts; they’ve been saying it for ages. But for the rest of us (and by us, I mean people like me, who work in marketing, accounting, and so forth, and have little understanding of how our behaviors online could be compromising network security) one of the more recent Anonymous breaches is a strong reminder that it’s people who are the weakest link in any security policy.
This might come across as a “duh” moment, but organizations who make it a practice to constantly train ALL employees on online security practices are going to have a huge advantage when it comes to staying safe. As a marketeer, I am online all the time. I do my best to keep things locked down:
– bolt my lap top to my desk
– follow prompts and reminders to keep my passwords varied and secure
– remember to send passwords in separate emails if I need to share log in information with new users
–Encrypt and password protect attachments
–Check with security when I’m not sure about a link I’ve been sent
You get the gist. I work for a security company, so of course, we have people out there looking to make sure we follow the rules. And knowing that someone is watching me makes me all the more vigilant (you can call me a brown-noser, but I hate getting in trouble!).
It always amazes me when I see these articles and am reminded that not all organizations operate this way, even though really, we all should be. In today’s hacker-fueled “targets of choice” environment, it’s really important that security professionals take their job to the next level. That means not only relying on technology and policies to keep their networks safe; it means investing time and energy to make sure that everyone with network access has been trained and retrained and possibly certified. Some people might see that as over kill, but I just see it as being prepared.
What are you doing to make sure your employees are taking necessary precautions to keep your network safe? Please share your insights below.
Posted by Melissa Stevens in Security Intelligence
Recently, Michael Applebaum, Director of Product Marketing at Q1 Labs, was interviewed for a post on Security Intelligence by Wes Simonds, a writer for the IBM Software blog. As you can imagine, in a company as large as IBM (offering thousands of solutions to a whole variety of business challenges), we encounter a lot of people who want to know more about the concept of Security Intelligence and have a lot of questions about exactly what it is we do here at Q1 Labs!
With that in mind, I’d like to share an excerpt from this short post that I think you’ll find fairly entertaining. After all, it’s not everyday that we get to hear about a grandma in an article about next-generation SIEM architectures.
Quite a few of today’s organizations could learn a little something about security from my grandmother — a thoughtful, yet paranoid creature who maintained a watchful vigilance over her home. I recall once she was going to Europe for two weeks. So, anticipating hordes of burglars, she developed an advanced domestic security architecture:
1. Data must be continually collected from many sources and analyzed for relevance, using proven heuristics
2. Point solutions like firewalls, though useful, are far from adequate by themselves
3. Proactive measures should be taken to address potential security gaps
4. Assets should be protected in proportion to their business value
5. Strategies spanning multiple domains should be pursued to maximize holistic security
6. Centralized oversight of those strategies will simplify and accelerate managementI believe quite a few IT security concepts can be extrapolated from this ad hoc architecture. Let’s go down that list and rephrase things a bit…
Perhaps this article can help you explain security intelligence and next-generation SIEM to your business and IT operations colleagues. Click here to read the full article. For more information on Security Intelligence, download our white paper, “The IT Executive Guide to Security Intelligence.”
Posted by Heather Howland in Security Intelligence, Webinars
Big data is still big, but looks a heck of a lot different than it has in the past.
For the previous ten years or so, “big data” growth has been defined using the three v’s: volume, velocity, and variety. From an IT security perspective, is there one of these traits that has the most impact? Could it be that the variety of new types of big data is causing most of the headaches for enterprise IT departments? Here are examples of new sources of big data and their impact on IT security departments.
Social Media
According to Q1 Labs’ CSO, Chris Poulin, the social media boom has resulted in two major challenges when it comes to enterprise IT security. In this Forbes article, he states that the first challenge is how to best keep networks safe from hackers utilizing spear-fishing techniques (or similar) to target employees and partners. The second challenge, most applicable to the topic of big data, is how to effectively detect network anomalies, considering the massive quantities and types of data generated by social media applications.
Electronic Health Records
As Healthcare organizations are gradually moving towards electronic patient health records (EHR), it not only demands compliance with HIPAA regulations, but it also presents an immediate leap of data volume and complexity. Why is it complex? Before EHR, patient data was stored in a room, in folders, on shelves. Usually only a handful of administrators would directly access the data for physicians. Now, with EHR in the mix, that same data is available to more people and regularly exchanged between partner health organizations. The chance of sensitive data loss and exposure is exponentially higher.
Given new types of big data resulting from sources including social media applications, credit card data storage (across many locations and providers), and electronic health records, IT departments everywhere are trying to wrap their heads around the best way to monitor and protect it all from internal and external threats.
QRadar operates at a big data scale, with real-time security analytics pin-pointing risks and providing actionable security intelligence. For example, one of our customers operates at a trance inducing 6 billion events per day and is able to isolate critical security information from the noise. Another customer, who happens to be a Fortune 100 energy company, uses QRadar to monitor 6 million card swipes per day and is able to detect 25-50 high priority offenses out of 2 billion daily events.
If I was big data, I’d feel a bit humbled right now.
Read more about security intelligence and be sure to register for our upcoming webcast on Febrary 22, with Dark Reading, titled “No One is Immune to Being Hacked. Strategies for Staying Out of the Headlines”.
The latest on Cyber Security