WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
At the end of 2011, IBM embarked on a dramatic re-organization of its security assets in an effort to consolidate strategy and product offerings. The new IBM Security Systems division was formed around the acquisition of Q1 Labs, a company IBM purchased last October.
After a year of effort, IBM executives are confident the strategy is paying off. Jack Danahy, Director for Advanced Security, IBM Security Systems, said the push for a consolidated security strategy came from customers. The Q1 Labs technology, which collects and correlates security event information from a variety of sources, integrates multiple IBM security components into one place, Danahy said.
Danahy, the former CTO of static code analysis vendor Ounce Labs, came to IBM via Big Blue's acquisition of that company. The Ounce Labs technology is also a key part of IBM's Security Systems offering.
A key security challenge for many organizations is that as vulnerabilities are discovered in software, it's not always possible to immediately fix underlying problems. A period of time passes between when a problem is identified and when a fix is deployed.
"The amount of messaging that ends up being correlated by the Q1 technology is huge, and by integrating results out of the scanning technologies we can do a much better job of prioritizing and weighting the flows a customer will see," Danahy said.
While there isn't a direct relationship between a developer's desktop and the operational manager's control panel, there is a close connection between the way in which data is shared across the threat surface. "Customers can now do a much more targeted job of applying fixes and figuring out what they want to watch for," Danahy said.
Cutting through the Complexity
Danahy said the enterprises he speaks with are mostly interested in reducing the amount of threat information they need to examine, in an effort to become more efficient. There is no "uber-dashboard" that looks at different screens from different IBM products – and if there was, it wouldn't offer the kind of efficiency customers want.
"We're trying to do better than that and tie all the data into a generalized prioritization that enables enterprises to see a limited suite of things that need to be addressed," he explained. "Customers are looking for unified structure they can operate through, but they don't want it to be just a compendium of all the windows they already have."
The difference between IBM today and the IBM of a year ago, Danahy said, is its focus on making security more manageable and intelligible by using better correlation. IBM's security assets include Q1's expertise in analytics as well as the expertise of the X-Force research division, which is devoted to understanding threats and vulnerabilities.
"We're trying to solve security problems in a more holistic way," Danahy said. "Instead of trying to have all the different products wired together loosely, we're looking at how we take the important information and control of devices and bring it together to solve security problems."
Managing New Threats
While common threats such as SQL injection, cross-site scripting and information disclosure risks remain, IBM Security Systems is aiming to solve an even bigger threat – one over which enterprises can gain more direct control.
"The biggest threat that I hear about all the time is complexity," Danahy said. "It's not about the individual things that I used to hear about as an application security guy."
Danahy noted that organizations are concerned about the impact of mobile and cloud. Thanks to those technologies, there is no longer a hardened perimeter at the edge of every organization that can protect all data.
"You'll still find that a lot of the vulnerabilities we would have talked about two or three years ago or even 10 years ago are still a problem," Danahy said "But most organizations now notice that the areas where they are most exposed has changed. Users are demanding a different style of access to data inside and outside what used to be a hardened perimeter."
The new IBM approach to security also takes into account the simple reality that most organizations already have existing IT security technology assets in place. The IBM security sales force goes into the market with the idea they will be able to help companies solve their big security problems, Danahy said.