There are a lot of different assets in an enterprise network that can relay security event information. Collecting all that information and understanding what it means is what IBM’s QRadar Security Intelligence Platform is all about.
IBM (NYSE: IBM) acquired Q1 Labs in October of 2011 and has since been forming its newly assembled IBM Security Systems division around the Q1 assets. QRadar is the flagship product from Q1 Labs.
“We’ve brought all of IBM’s security products together into one division with a single CTO, sales force, and technical services support people,” Phil Neray, VP of Security Intelligence Strategy at IBM Security Systems, told InternetNews.com.
The QRadar platform is what is known in the industry as SIEM (Security Information and Event Management) technology. It is able to take log and data inputs from multiple sources to help inform and alert enterprise IT managers about potential security issues and risks.
As part of the new release, IBM is extending what Q1 Labs had before to deliver deeper integration with a number of IBM technologies and services. At the top of list is integrated threat intelligence from the IBM X-Force threat feed. The X-Force actively tracks security vulnerabilities and has been particularly strong on identifying issues that haven’t been patched. For example, a 2011 report from the X-Force found that 44 percent of all security vulnerabilities did not have a vendor supplied patch by the end of 2010.
With the inclusion of the X-Force data feed, QRadar users will be able to create actionable rules for their network around the threat intelligence.
“We’re taking information from one product and combining it using rules to give people better context into what is going on,” Neray said.
Read the full story at eSecurityPlanet:
IBM Expands QRadar to Deliver Security Intelligence
Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals. Follow him on Twitter @TechJournalist.