IBM Security Tool Can Catch Insider Threats, Fraud

IBM today rolled out a tool it says can cull massive terabytes of data, including email -- to help customers detect external attacks aimed at stealing sensitive information or insider threats that might reveal corporate secrets.

By Ellen Messmer
Wed, January 30, 2013

Network World — IBM today rolled out a tool it says can cull massive terabytes of data, including email -- to help customers detect external attacks aimed at stealing sensitive information or insider threats that might reveal corporate secrets.

Slideshow: Security Quiz: How Well Do You Know the Insider Threat?

The tool, called IBM Security Intelligence with Big Data, is built on top of two core IBM products: the IBM enterprise version of open-source Hadoop database with analytics tools known as InfoSphere BigInsights, plus the IBM QRadar security event and information management (SIEM) product that IBM obtained when it acquired Q1 Labs back in 2011.

At its heart, IBM Security Intelligence with Big Data -- IBM thinks 500 terabytes cluster size would be a likely starting point -- would collect and analyze data at high speed data that would include packet-capture data, security-event information from firewalls and other gear, and analyze a stream of content that might include anything from raw email to scrapped SharePoint content, among other business information. The idea is to pull from this voluminous stream the clues that indicate a company is under attack or has been compromised and how.

MORE: IBM's Watson going to college for Web science, big data and artificial intelligence ]

IBM's CTO Sandy Bird said the technology is most likely to first be adopted by large companies with data scientists on staff. He acknowledged there's still a lot to be learned about which analytical models and patterns will be the most successful in threat detection. IBM Security Intelligence with Big Data can be theory be applied to cloud-based services, but its starting point is likely to be deployment near the enterprise data center where massive amounts of data are the moist easily accessed for it to work.

The tool is already being deployed in some large corporations and governments. Mark Clancy, chief information security officer at financial firm Depository Trust & Clearing Corporation, said the bank is using IBM's technology to get real-time security awareness. "We need to move from a world where we 'farm' security data and alerts with various prevention and detection tools to a situation where we actively 'hunt' for cyber-attackers in our networks."

IBM is not alone in talking up big data as a critical tool for security threat detection in the coming years. RSA, the security division of EMC, recently disclosed it's getting into it, too, even betting the company's future on it, with a product announcement anticipated soon.

1 2 next page »

Originally published on www.networkworld.com. Click here to read the original story.

More from CIO

You are here: Technology Topics » Security » News

Most Recent Security Stories

White Papers »

2012 Confidential Documents at Risk Study by the Ponemon Institute

This study, which surveyed 622 IT and security practitioners with an average of more than 11 years of experience, answers this question.

IDC: Benefits of Unified Endpoint Data Management in Embracing BYOD

This report describes how a unified approach to endpoint data management addresses the challenges IT faces with BYOD and the consumerization of IT.

Inquiry Spotlight: Consumer-Facing Identity

The challenges of consumer-facing identity management, access management, and authentication differ in ways subtle and dramatic from those of the employee-facing variety.

Top 10 Endpoint Backup Mistakes

When considering endpoint backup options, be sure you're making the right decisions. Protecting data on endpoints has become more challenging because of recent trends like exponential data growth, the rise in endpoints, BYOD, and SaaS applications.

8 Must-Have Features for Endpoint Backup

Save IT time and maximize user productivity by choosing the right features. Protect corporate data while benefiting administrators and users.

Gartner Critical Capabilities Report

Gartner rates Druva "Excellent" for endpoint backup in Critical Capabilities report. Given the rise of mobility and BYOD, endpoint backup must evolve to meet the unique needs of the mobile & office workforce.

Webcasts »

Customer Success Video (State of Michigan)

Learn how the State of Michigan is utilizing DeepSight security intelligence to protect critical infrastructure.

PGI Customer Success Video

Learn how PGI is using Symantec Managed Security Services to protect their systems, while allowing them to focus on running, and building, their business.

Simplifying the Complexity of Mobility: A Holistic Approach to Develop a Mobile Enterprise Strategy

Simplifying the Complexity of Mobility

Vblock Specialized System for SAP HANA

Overview video from DJ Long about the new Vblock Specialized System for SAP HANA.

ActiveSync on BlackBerry 10: What Does it Enable?

Find out how ActiveSync works with BlackBerry® 10 to enable basic security and device management features. See what's involved in setup. And learn about BlackBerry® Enterprise Service 10, for full Enterprise Mobility Management.

Software Asset Management - Program Considerations to Help Reduce Risk and Lower Costs

SAM: A must have IT tool to help reduce costs and minimize business and legal risks.