1 Introduction
IBM Corporation is a multinational technology and consulting company headquartered in Armonk, New York, USA. With over 100 years of history, IBM has evolved from a computing hardware manufacturer towards offering a broad range of software solutions and infrastructure, hosting and consulting services in such high-value markets as business intelligence, data analytics, cloud computing, virtualization and, of course, information security. With over 370 thousand employees and market presence in 160 countries, IBM ranks as one of the world’s largest companies both in terms of size and profitability.
In recent years the company has been undergoing another round of reinventing itself to address the massive and inevitable Digital Transformation challenge. Often compared to the industrial revolution, the term “Digital Transformation” refers to the profound impact of digital technologies on business models, activities and processes and the whole society in general. Organizations, particularly those producing physical goods, but finance, transportation and utilities as well, are affected by this transformation the most. Driven by continuous technological innovations, growing customer demands and, last but not least, regulatory changes, organizations must continuously adapt and evolve, adopting new business models, introducing new services for their customers and developing new operational processes.
For IBM, the current strategic goal is to become a cloud platform and cognitive solutions company, not just to reinvent itself, but to be able to help other companies tackle the digital transformation challenge. With massive investments into analytics, mobile, cloud and security divisions recently, IBM has brought numerous new technologies into their product portfolio, both from acquisitions as well as their own research and development.
IBM Security, as one of the strategic units within the company, has been rapidly growing both in terms of revenue and innovation. The company’s security solutions portfolio is built around the integrated security analytics platform known as QRadar. Originally conceived as a traditional network security tool, QRadar has evolved into a full-featured Real Time Security Intelligence (RTSI) solution, as stated in our previous review from 2014. However, the recent innovations in such areas as threat intelligence, cognitive technologies, continued development of IBM’s cloud platform, as well as strategic acquisitions like Resilient Systems have introduced many new functions into the platform, so an update to our review is certainly overdue.
Continued deperimeterization of corporate networks in modern increasingly connected enterprises and rapidly growing number of complex targeted attacks for purposes of hacking, industrial espionage or government surveillance have led to a sharp increase in the number of data breaches. Cyber criminals are constantly developing new sophisticated methods of infiltrating corporate IT systems for malicious purposes, and traditional perimeter security tools like firewalls and intrusion detection systems are no longer able to keep intruders at bay.
Adoption of cloud and mobile technologies has led to erosion of the very notion of a corporate network perimeter; the focus of information security has gradually shifted from perimeter protection towards monitoring and detecting malicious activities within corporate networks. However, successful detection of Advanced Persistent Threats, combining multiple attack vectors and consisting of several covert stages, is an increasingly difficult task. Often, these attacks go undetected for months or are uncovered by third parties, adding reputation damage to financial losses.
By the mid-2000s, Security Information and Event Management (SIEM) solutions were introduced as a universal solution to these problems. A unified platform for gathering, analyzing and correlating security events from multiple sources could provide a centralized overview of all security-related events across the whole enterprise, alert the team of security experts and provide tools for forensic analysis. Unfortunately, an overwhelming number of alerts without meaningful risk scoring makes SIEM tools difficult to operate without a large team of experts and reduces the chance to recognize and mitigate a threat in time.
This has led to the emergence of a new generation of security solutions based on Real-Time Security Intelligence. Such tools utilize Big Data analytics technologies and machine learning algorithms to correlate large amounts of security data, apply threat intelligence from external sources, detect anomalies in activity patterns and provide a small number of actionable alarms clearly ranked by their risk scores.
An essential component of modern RTSI solutions are Managed Services. Since the rapid evolution of threats makes it nearly impossible for a single organization to keep up with the changes, customers are increasingly relying on managed services to provide the latest threat intelligence information, support daily operations and reduce administrative effort for smaller companies.
In the past couple of years, many innovative technologies have emerged on the RTSI solution market, such as user behavior analytics and network anomaly detection. However, many traditional security solutions like vulnerability management or endpoint protection are also evolving to incorporate security intelligence. The evolution does not show any signs of stopping – the most recent developments in the area of cognitive technologies are promising to unlock vast amounts of unstructured security-related information previously only available for human analysis. Incorporating this data into security intelligence platforms will provide new powerful tools for security experts and help address the dramatic lack of skilled workforce that industry is now facing.