IBM (News - Alert) announced the release of Security Intelligence with Big Data on Wednesday. The tool is designed to examine terabyes of data for possible internal or external attacks designed to access confidential corporate information and other valuable intellectual property.
Two platforms play a major role in the development of IBM's new security tool: QRadar Security Intelligence and the IBM Big Data Platform.
The QRadar Security Intelligence platform was originally developed by Q1 Labs, which IBM acquired in October 2011. It uses security information and event management (SIEM) to detect anomalies, analyze behavior and manage logs, configs and vulnerabilities.
The Big Data platform manages the volumes of structured and unstructured data that go through a network quickly. IBM states that about 2.5 quintillion bytes of data are created daily. This data could be structured like spreadsheet content or the data in a relational database, or it could be unstructured, such as what’s found in millions of tweets or social media posts.
Processing such data requires sophisticated tools that can provide valuable information. From millions of tweets, it would be possible to spot trends, including those related to public safety. By reading the content of millions of smart electric meters, you could predict usage trends.
Although a typical enterprise does not produce quintillions of bytes of data, it does still have potentially thousands of users sending e-mails, generating graphics, producing documents, entering data, etc. Large volumes of this disparate data are produced quickly. Analyzing such data for security threats was difficult and allowed cyber-intruders to hide in the background.
Security Intelligence with Big Data is being used by several public and private organizations, including Deposit Trust & Clearing Corporation. According to Mark Clancy, CIO of DTCC, the tool is a proactive solution to many security issues:
"We need to move from a world where we 'farm' security data and alerts with various prevention and detection tools to a situation where we actively 'hunt' for cyber-attackers in our networks."
SIEM is considered an emerging technology and if IBM's pricing is typical, the technology is out of reach for all but the largest enterprises. Both the QData and Big Data products start at $50,000 each. It's possible that as this technology develops, it is sold to smaller companies as a service.
Computer security has often been one step behind hackers and cyber-thieves, taking a reactive approach that prevented current and old threats from doing any more damage, but nothing to stop new threats. With the sophisticated technology to analyze big data for intrusions, the hackers' advantage has been significantly reduced.