IBM: Context Will Speed Security Vulnerability Resolution

IBM is making a number of additions to its security portfolio, but the most significant – even if it first showed up on the Web a month ago and has been in beta for quite some time – is QRadar Vulnerability Manager. “QVM is a new product that we feel will change the ways security officers prioritize and manage risk across their organizations,” said Kevin Skapinetz, Program Director, Product Strategy, IBM Security Systems.

Big Blue said more than 70,000 security vulnerabilities exist today, with more than a dozen more being reported daily. However, traditional vulnerability management solutions are fundamentally broken, said the company. Current vulnerability scanning lacks network-wide visibility, contextual awareness and real-time scanning, and these gaps mean even well-known and preventable vulnerabilities can be lost in an overload of data, leaving organizations exposed to high risks.

QRadar Vulnerability Manager is ‘a provocative departure’ from many existing approaches, which are often focused solely on vulnerability awareness based on vulnerability data and scans, according to a new IBM-sponsored report from Enterprise Management Associates. It directly addresses some of the most frequently cited frustrations with security technologies voiced by 200 organizations worldwide in recent EMA research. Among the most significant complaints: “poor integration among security tools” (43%), “slow to respond to emerging threats” (39%) and “inadequate visibility into malicious or high-risk activity” (32%).

By delivering vulnerability assessment as part of the QRadar Security Intelligence Platform, IBM integrates vulnerability intelligence directly into the same system widely adopted by many enterprises for actionable, easy-to-deploy Security Information and Event Management (SIEM), stated EMA. ‘This reduces the proliferation of fragmented security tools that hamper security effectiveness – and associated costs – while enriching vulnerability insight and improving the efficiency of vulnerability remediation.’

“The entire goal is to put all of this vulnerability data (thousands, even millions of events) into context,” said Skapinetz. ”The value is not just in the ability to scan the network, but to interpret the results and combine with other information you have.”

Context also figured prominently in last week’s Co3 Systems’ expansion of its Security Module to capture incident artifacts and automatically identify, correlate and diagnose them. Security breaches are going to happen, so the focus has shifted to response, as in the quicker an organization can respond, the quicker a problem can be resolved. One beta user of the Co3 enhancements, a financial services organization with billions of dollars under management, cut their incident response time by 90%.

According to Gartner, the worldwide security technology and services market is forecast to reach $67.2 billion in 2013, up 8.7% from 2012, and to more than $86 billion in 2016. However, with the threatscape escalating, it’s somewhat surprising that less than half (49%) of organizations plan to increase their information security this year, according to a survey by Enterprise Strategy Group.

The three new security offerings will be available as of August 12:

-QRadar Vulnerability Manager is a software module that aggregates vulnerability information from multiple network, endpoint, database or application scanners – alongside the latest X-Force Threat Intelligence alerts and incident reports from the National Vulnerability Database – into a single risk-based view where it can be quickly prioritized; available through the activation of a license key, QVM also includes its own embedded, PCI-certified scanner which can be scheduled to run periodically or triggered based on network events;

-integrated with IBM Security QRadar, the IBM Security Network Protection XGS 5100 platform now provides ongoing network data feeds to help identify stealthy Secure Socket Layer attacks, in addition to providing real-time protection from advanced threats and heightened levels of network visibility and control; this enhanced intrusion prevention platform also includes IBM’s “virtual patch” technology to provide vulnerability protection when a software patch is not yet available; and,

-a new version of the IBM Security zSecure Suite, a mainframe security solution with IBM QRadar Security Intelligence Platform integration for enterprise-wide visibility of mainframe security events, supported with automated real-time threat alerts and customized compliance reporting.



Author: Steve Wexler

Share This Post On

Leave a Reply