IBM says its QRadar Security Intelligence Platform has allowed it to analyze real-time data feeds from more than 400 different sources, says Reuters. QRadar identifies abnormal activity by combining known threats and hackers’ methods with real-time analysis of the traffic on the corporate IT infrastructure, the company said.
For example, IBM said, it can detect when multiple failed logins to a database server are followed by a successful login and access to credit card information, followed by an upload to a questionable site.
So what makes this so different from other efforts at security? For one thing, it looks at more than one thing. It doesn’t just flag a single instance of unusual activity; it actually looks at what goes on afterwards–the actions that could help prove or disprove the criminal intent of those doing the accessing.
Intrusion detection is considered the cutting edge of security technology, but a system that follows an intrusion or unauthorized access through a series of maneuvers is clearer taking that one step beyond. I have to say that I like this approach, because it doesn’t stop at letting users know there is something funny going on.
In a way, the IBM system is doing what a human investigator–should he or she be fortunate enough to encounter an unauthorized access attempt as it happens–might do, in terms of checking out where the culrpit goes and what happens next. Such security, it would seem, is much more likely to prevent the bad guys from their nefarious acts, and isn’t that why we build and buy security systems?
Let’s see how this works as companies begin to adopt this approach from Big Blue.