Nothing is ever quite as random as it seems. There are patterns to be discovered in almost everything we do and security is no exception. The challenge is deploying software that not only can identify those patterns, but also ultimately share that intelligence with other systems and applications in a way that is actionable.
According to Brendan Hannigan, general manager of the IBM Security Systems Division, that’s end goal behind IBM’s recent decision to set up a new security division inside the company that combines the recently acquired assets of Q1 Labs, the security technologies IBM marketed under the ISS brand, and a few of the more security specific technologies in IBM’s Tivoli, Rational and InfoSphere product portfolios.
Hannigan says that IT organizations need access to security tools that make it easier to identify anomalies that are usually indicative of a security breach. That “brain” first works to identify the natural operational rhythms of the business. Once those are determined it becomes a lot easier to identify unusual activity, such as a system that is sending large amounts of data at irregular hours of the day.
That capability is then integrated with IBM network operations centers around the globe that work to analyze 13 billion security events a day. Once correlated information about that potential security threat suddenly gains a lot a more context, says Hannigan.
The fact of the matter is that most security breaches are not discovered for months, even years. And it’s usually someone outside the IT organization that discovers it. Security intelligence, says Hannigan, is about giving the internal IT organization the tools they need to identify those breaches before anyone else does.
Of course, the degree to which that insight will result in taking some prescriptive action remains to be seen. There are still too many unknown issues and false positive to start automating responses to security intelligence. But that information is critical in terms of informing security policies, while at the same time giving the IT organization the data it needs to plug a suspected security breach.
Ultimately, Hannigan says advances in terms of integrating security intelligence with IT operational systems and even physical infrastructure will be made. But right now it’s all about giving companies that information they need to combat cyber criminals that are not only becoming increasingly sophisticated, but also more patient in terms of the extremes they are willing to go to in order to compromise a valuable target.