Posts Tagged ‘IBM’
Posted by Michael Applebaum in Cybersecurity, In the Industry, Security Intelligence
We’ve written extensively in this blog about what Security Intelligence means in concept and practice. As a new solution category, it benefits from wide discussion and exploration. My colleague Chris Poulin recently shared Security Intelligence insights from a client and partner panel he moderated at IBM Pulse 2012, where Security Intelligence was a pervasive theme. In this post, I’ll share a few more data points I picked up from clients at Pulse who discussed what Security Intelligence means and the business value they’re obtaining from it.
One panel discussion included the information security executive of a major media company, the global head of IT security at a global manufacturer, and IBM’s own Vice President of IT Risk, Kris Lovejoy.
The opening question – “What is Security Intelligence?” – elicited some interesting views:
- The ability to learn something germane and relevant at the time you need to make a decision. (Media co. exec)
- It’s less about the technology and more about the destination. Understanding the different threats, instrumenting our architecture in a way that is consumable and actionable. (Lovejoy)
And my personal favorite:
- Knowing what the hell is going on! (Manufacturing co. exec)
The last comment really speaks to the pain experienced by security, risk and IT executives who are wrestling with an explosion of threats, limited visibility and information silos that are tough to bridge. (Not to mention fixed/shrinking budgets.) Who doesn’t worry about what’s taking place out of sight in their organization?
Kris Lovejoy also shared a deeper insight about the impact of Security Intelligence:
Viewing Security Intelligence as a destination brings along a new way of thinking. Security Intelligence can be an effective marketing tool internally. You start to think about security differently and strategically.
This is powerful. Security Intelligence is not just a set of technologies, processes, or even the insights resulting from them. It’s also an approach – one focused on up-leveling the security and compliance conversation, focusing on end goals (especially stretch goals), and delivering greater value to both IT and the Line of Business.
An answer to the next question – “How do you justify security investments?” – also emphasized the need to tie security and risk initiatives back to business value:
Focus on business outcomes that are made possible through the investments. (Manufacturing co. exec)
In other words, what supply chain initiatives are you enabling through careful security controls? What cloud services are you making possible through policies, controls and monitoring? And ideally, are you leveraging your security investments to gain tangible insights that drive revenue opportunities?
One client who presented at Pulse is doing just that, leveraging his Security Intelligence solution to gain Business Intelligence. This security executive from a financial services firm is not only using Security Intelligence to detect fraud (as Chris Poulin describes), but also to pinpoint commercial customers whose business has started to decline. Because his Security Intelligence solution is easily customizable, he uses it to identify falling sales volumes as easily as fast-rising ones. They feed this information to their Sales team in real-time, who reach out to those customers and can often reverse the negative trend, making a meaningful impact on the company’s bottom line.
In fact, the business insights produced by the Security Intelligence solution are so valuable that this company’s executive team specifically praised the IT Security organization’s work during one of the company’s recent earnings conference calls. Imagine becoming a hero to your CEO.
Last, I wanted to share the panelists’ perspectives on where the IT security and risk field is headed. In response to the question “What will be different about security in five years?”, they shared the following:
- We won’t need so much audit preparation effort. The information will just be there, accessible. (Media co. exec)
- The bulk of the organization will focus on risk management and business processes, not compliance. (Lovejoy)
Again, note the themes of information visibility and better connecting IT Security with the Line of Business.
To sum up what I heard from clients at Pulse: Security and risk executives are pursuing Security Intelligence initiatives to raise enterprise-wide visibility, gain actionable and tailored information, and transform security and risk management from a tactical pursuit to a strategic initiative driving bottom-line business value.
For help with your own Security Intelligence journey, be sure to check out this comprehensive Resource Center.
Posted by Heather Howland in In the Industry, Security Intelligence
This year, Q1 Labs will be at RSA Conference 2012 as part of the greater IBM Security presence. If you’re attending the event, make sure you take advantage of this great opportunity to meet with us and gain an understanding of IBM’s strategic vision for the future of cybersecurity. You can find us in the IBM booth (#2233) armed with a live demo. Feel free to stop by and see the QRadar Security Intelligence Platform in action and hear more about planned integrations with IBM Security solutions, more third-party product integrations, and other recently introduced features including instant search and virtual appliances.
There are also three opportunities to see IBM speakers:
- Session Title: Security Enters the Boardroom: Evolving the Role of the CISO
Abstract: Due to the increasing importance of security to a company’s brand and financial position, the CISO role is more strategic than ever before. Leveraging her own rich experience, Linda Betz, IBM CISO, will lead a discussion on relevant issues such as reporting structures, budget responsibilities, performance metrics and the increasing influence of CISOs in being transformational business leaders.
Speaker: Kristin Lovejoy, Vice President, IT Risk, IBM Corporation
Time: Tuesday, February 28, 2:40 PM – Room 510
- Session Title: Security Enters the Boardroom: How Does Security Articulate Business Value?
Abstract: Business executives today understand the importance of having a strong security infrastructure. However in today’s challenging economy, CIOs need to see and be able to articulate true business value from their investment in security.
Speaker: Rock Miller, Director, IBM Managed Security Services – Global Technology Services
Time: Wednesday, February 29, 10:40 AM – Room 310
- Session Title: How to Create a Software Security Practice
Abstract: In this presentation IBM’s Ryan Berg and Jack Danahy share best practices and tactical advice for organizations looking to develop software security as an internal or revenue generating expertise.
Speakers: Ryan Berg, Senior Architect Security Research, IBM Corporation – Jack Danahy, Director for Advanced Security & IBM Security Systems, IBM Corporation
Time: Thursday, March 1, 10:40 AM – Room 302
Register for a free expo pass and learn more about IBM Security Solutions at RSA here.
Posted by Michael Applebaum in Cybersecurity, Q1 Labs, Security Intelligence, SIEM, Threat Management
Today, IBM announced the first major deliverable from the acquisition of Q1 Labs back in October – a new and dramatically enhanced QRadar Security Intelligence Platform. The new release combines deep analytic capabilities with real-time data feeds from hundreds of different sources to give organizations the ability to help proactively protect themselves from increasingly sophisticated and complex security threats and attacks.
This is exciting news for many reasons, including that QRadar continues to define the frontier of security intelligence, offering new capabilities for instant search, massive scalability and intelligent data policy management. In addition, QRadar will tap security analytics and threat intelligence from more than 400 sources. IBM X-Force, one of the world’s largest repositories of threat and vulnerability insights, provides an intelligence feed to QRadar based on the real-time monitoring of 13 billion security events per day. This insight can flag behavior that may be associated with new and emerging threats, all in real-time. Whether it’s the newest strain of malware or an advanced exploit technique first being seen halfway around the world, QRadar will monitor this intelligence and correlate it with what’s happening in your own environment, large or small.
To provide one example of how we’re bridging silos, consider the following scenario: An external attacker (or even an insider) compromises a number of user accounts, seeking access to a sensitive corporate database. After failing to login to the database with the first four accounts, he successfully logs in with the fifth account (a privileged user), downloads the organization’s customer list and emails it from the compromised account to a suspicious domain. Most organizations would struggle to piece together these actions into a cohesive picture of the attack and the impact, and almost certainly would not see it in real-time.
But with the combination of QRadar, IBM Guardium Database Security and IBM X-Force threat intelligence, the attack is detected and impact identified immediately. Guardium provides the continuous database monitoring and sends alerts to QRadar SIEM, which enriches the view of the incident with network flows and logs it has collected. It then observes activity involving an IP address (the receiving domain) that IBM X-Force has identified as suspicious. QRadar QFlow also provides insight into the content actually sent by the attacker, via deep packet inspection. And if the organization wanted to apply automated remediation to prevent the data exfiltration, it could even use QRadar to have the perimeter security devices block the data transmission. In sum, the incident is detected in real-time and the impact understood – or even prevented.
We view this as an important step forward in bridging security silos and applying greater intelligence and automation. What do you think?
For more information on today’s announcement, please see the press release here.
Posted by Melissa Stevens in Security Intelligence
Recently, Michael Applebaum, Director of Product Marketing at Q1 Labs, was interviewed for a post on Security Intelligence by Wes Simonds, a writer for the IBM Software blog. As you can imagine, in a company as large as IBM (offering thousands of solutions to a whole variety of business challenges), we encounter a lot of people who want to know more about the concept of Security Intelligence and have a lot of questions about exactly what it is we do here at Q1 Labs!
With that in mind, I’d like to share an excerpt from this short post that I think you’ll find fairly entertaining. After all, it’s not everyday that we get to hear about a grandma in an article about next-generation SIEM architectures.
Quite a few of today’s organizations could learn a little something about security from my grandmother — a thoughtful, yet paranoid creature who maintained a watchful vigilance over her home. I recall once she was going to Europe for two weeks. So, anticipating hordes of burglars, she developed an advanced domestic security architecture:
1. Data must be continually collected from many sources and analyzed for relevance, using proven heuristics
2. Point solutions like firewalls, though useful, are far from adequate by themselves
3. Proactive measures should be taken to address potential security gaps
4. Assets should be protected in proportion to their business value
5. Strategies spanning multiple domains should be pursued to maximize holistic security
6. Centralized oversight of those strategies will simplify and accelerate managementI believe quite a few IT security concepts can be extrapolated from this ad hoc architecture. Let’s go down that list and rephrase things a bit…
Perhaps this article can help you explain security intelligence and next-generation SIEM to your business and IT operations colleagues. Click here to read the full article. For more information on Security Intelligence, download our white paper, “The IT Executive Guide to Security Intelligence.”
Posted by Melissa Stevens in Q1 Labs
For a lot of us, when we think about New Brunswick, Canada, it’s not as a technology hot-bed. You probably picture hectares of forests, miles of shoreline and farmlands. In fact, nearly 85% of the land is covered in trees!
But residents of the province are ready for that image to change. Since the late 1980’s, technology has been a slow-growth market in the province, beginning with a focus on access to information and distance learning type technologies, and maturing into the home of technology brands we’re more familiar with like Caris, Aliant, Radian6, and as of now, IBM.
Dwight Spencer has been with Q1 Labs since the very beginning. This post is based off a conversation I had with him about his home town and what it’s been like in Fredericton since news of the IBM acquisition.
Q: How did Q1 Labs start?
Back in November 2000, when Chris Newton first came to Sandy and me, he was still working in ITS at the University of New Brunswick (UNB) , Sandy worked at the University of New Brunswick (UNB) Libraries, and I was working with TeleEducation NB, part of the Department of Education within the provincial government. Chris came to us with this idea he had been working on for about a year. At the recommendation of his managers at the time, he had presented his new idea at a few Atlantic University conferences, showing the project to other institutions. Getting very positive feedback and immediate requests for access to the software, he knew he was on to something. He came to us asking if we would be interested in working with him to get it off the ground. Little did we know what we were getting into!
At about the same time, UNB was working to foster relationships with entrepreneurs, hoping to take ideas from UNB staff to market. It was about this same time, December 2000, that Chris met Brian Flood at one of these presentations. Brian came to us with an amazing amount of energy, and a passion to get things going in New Brunswick. After that, the business grew, and for about a year and a half, the team worked to get a marketable product. The three of us, Chris, Sandy and myself wrote code while Brian and his team worked to get it to market. We split our time between our day jobs and working nights, doing what we needed to do to get the business side of things figured out. Finally, the three of us decided to leave our full time jobs and join Q1 Labs full time in February, 2002.
Q: Today, you’re a part of the Customer Support organization. Can you describe your role over the years?
Like I said, back in the beginning, we did everything. We developed everything… even our own website; we financed early hardware purchases when needed, booked our own hotels, flights. We had to figure out where we were going. Who would work with us? Brian Flood was a lucky find. Once we had the business side going, Chris Newton and Brian were on the road and Sandy and I were back in the office doing development, building our website, managing the code production. As we brought on early customer evaluations, I would often visit the customers getting the system up, running, and collecting data, then supporting them with their questions once installed.
This early exposure to both pre and post-sales support was what lead me to develop our support organization, to ensure that customers were happy with the product and got what they needed to be successful.
Q: Sounds like things have changed a lot since the early days! What’s stayed the same?
As the team has grown, we’ve been lucky to work with really amazing people. These people are dedicated to success and have a real passion for this company. It’s been said before, but not enough. We really do work with a great team of people, and that remains constant.
Q: What benefits do you think a start up like Q1 Labs gained by “growing up” in Fredericton?
The university (UNB) was phenomenal in helping us out early on. Chris and Sandy were still working there fulltime, and had been taking their own holidays off to go on work trips, customer visits, etc., for Q1 Labs. After they ran out of holidays, their managers said that as long as nothing was in crisis, let them do what they needed to do: take days off, go to meetings and then make up time later when they could. They were truly interested and invested in our success- and Chris still tells that story.
Chris’s idea was one of the first to come in from the staff side. In fact, UNB uses our product, and just recently completed a major upgrade. UNB has been a partner from the start.
Q: Is the relationship with UNB still a source of strength for Q1 Labs?
Absolutely. We have a very close relationship with the staff at the university. In 2007 we launched an official partnership with them to form the Information Security Centre of Excellence. Through this relationship and other research relationships that Sandy still works on, we’ve developed new products like QRadar Risk Manager and gained access to research that has been crucial in our roadmaps. We also have access to incredible talent coming out of the university, so it’s a great source of strength for us.
Q: How has news of the IBM acquisition been received in Fredericton?
We’re really excited about our new relationship with IBM because it opens up so much possibility for people interested in pursuing technology careers in Fredericton. With the strength of the IBM brand, awareness of Q1 Labs is really growing. Not only does this allow us to attract more people to continue growth on what Q1 Labs has created, it now also brings opportunities for people from Fredericton and New Brunswick to consider working for IBM, and not need to move away to do it.
Overall, this acquisition means great things to people in Fredericton. Historically, buyouts haven’t been a good thing. Companies were closed down and jobs were lost. Much of New Brunswick’s economic history has been through natural resources – forestry, fisheries, agriculture, various forms of mining, etc. Today, our local industries are struggling. I hear about mill shutdowns, fisheries cutbacks, mining reductions, all resulting in the loss of countless jobs. What this news shows is that new fields are opening and there is still opportunity in New Brunswick.
Q1 Labs being purchased by a company like IBM, who has shown dedication to our vision and promise to continue growing our business by creating the Security Systems Division with our team at the helm, just opens up so much possibility. In the province, this means that people who live here will have potential to develop careers in technology. And that’s a good thing.
Read up on more news about the IBM acquisition and what it means to New Brunswick, Canada.
- Acquisition: Fredericton Startup company second New Brunswick firm purchased by multinational this year
- Q1 Labs sale validates innovation in the province
- High-tech deals spawn new generation of tycoons, new image for New Brunswick
- Q1 Labs deal shows strength of N.B. education, investment
The latest on Cyber Security