Earlier this week, IBM showed of the first fruits of its Q1 Labs acquisition, rolling out the QRadar Security Intelligence platform based on technology it acquired last fall.
QRadar serves as a control center that integrates real-time security intelligence data from more than 400 different sources. One of the significant planned integrations for the QRadar platform is IBM's X-Force Intelligence Threat Feed, which is based on the real-time monitoring of 13 billion security events per day, on average, for nearly 4,000 clients in more than 130 countries. The QRadar platform will have visibility into the latest security trends worldwide to help protect enterprises against emerging risks.
We caught up with Michael Applebaum, Director of Product Marketing at IBM Security Systems Division, to discuss the QRadar approach to security and how it differs from other security platforms on the market.
Q: The threats are definitely escalating. It seems like the bad guys are moving faster than the good guys.
That's precisely the challenge with traditional security approaches. The volume and variety of attacks of exploit techniques is going to continue growing unabated. You can't catch up simply by trying to plug the gaps and the vulnerabilities that you discover every week. You have to step back and look at the situation holistically. How can we detect and prioritize what's going on across our organization in a unified way? Because the current approaches just don't scale and they don't work.
Q: How is IBM's approach different from competing security platforms?
It's about bringing more integration and automation to bear across a spaghetti, patchwork approach that most organizations have built in. Most security products fulfill a very specific but limited role, but attacks and threats today are multi-faceted. You might see a glimmer of an attack in one part of your enterprise and you might see a glimmer of that attack somewhere else.
But putting the pieces together and connecting the dots is very difficult to do. That's why compromises so often take months to be detected. And once detected, an organization rarely knows what's actually been compromised in terms of data and so on.
What we hear loud and clear from our clients is they're locked in an intelligence arms race and they're looking for tools that can bridge the silos of information. It's not just about getting more data to find these threats; it's about what you can do with the data and how you can apply intelligence to ferret out the risks that matter from the ones that don't. (continued...)