LONDON April 25, 2012 IBM
Marc van Zadelhoff
Using advanced behavioral algorithms, the QRadar Network Anomaly Detection appliance analyzes disparate data that can collectively indicate an attack – network and traffic flows, intrusion prevention system (IPS) alerts, system and application vulnerabilities, and user activity. It quantifies several risk factors to help evaluate the significance and credibility of a reported threat, such as the business value and vulnerabilities of targeted resources.
By applying behavioral analytics and anomaly detection, the application can flag abnormal events such as:
- Outbound network traffic detected to countries where the company does not have business affairs;
- FTP traffic observed in a department that doesn’t regularly use FTP services; and
- A known application running on a non-standard port or in areas where it is not allowed (e.g. unencrypted traffic running in secure areas of the network).
IBM Security Network IPS with Hybrid Protection
Today IBM is announcing the newest version of its Network IPS, which contains hybrid protection, combining the broad protection found in IBM’s Protocol Analysis Engine with the open source capabilities and common rule syntax of SNORT. This functionality gives IBM clients the ability to easily create and share custom IPS rules in a popular open source format and at the same time provides the confidence that comes with IBM’s protection powered by IBM X-Force Research. IBM’s Protocol Analysis Engine is considered to be one of the industry’s most comprehensive threat detection engines.
IBM’s Advanced Threat Protection Platform
As security is increasingly becoming a big data issue, this appliance is part of IBM’s overall push to combine analytics with real-time feeds to deliver greater security intelligence to clients. IBM offers a range of security-specific appliances targeted at specific needs.
QRadar Network Anomaly Detection appliance with the X-Force IP Reputation Feed is available this quarter. IBM Advanced Threat Protection Portfolio, except the QRadar Network Anomaly Detection appliance, is available today and comprises existing and new product offerings.
About IBM Security
acquired by IBM in October 2011 the United States Europe Asia Pacific
IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.
"Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY