IBM adds vulnerability tool to security arsenal
IBM introduced a “security intelligence” tool the firm says will help organizations identify serious vulnerabilities in real-time, including malware, spam, phishing, Web-based threats and general cyber criminal activity.
IBM says its QRadar Vulnerability Manager (QVM) provides security managers a single view of vulnerability information across the enterprise, scooped up and aggregated from multiple network, endpoint database and application scanners.
According to an Air Force Software Protection Initiative report, a vulnerability involves the intersection of a system flaw, attacker access to it and the capability to exploit the flaw with a “tool or technique that can connect to a system weakness.”
IBM estimates more than 70,000 of these security vulnerabilities exist today, spurred by the shift to social, mobile and cloud computing. To help stay ahead of new threats, the firm maintains a database of computer security vulnerabilities fed by its global Web crawler and its international spam collectors.
In addressing those vulnerabilities, QVM users can activate a license key to set up an automatic network scan to identify security holes and analyze their significance. IBM says the tool provides a unified view of vulnerability data, helping security teams marshal limited resources against the threat.
“What QVM does is correlate all that vulnerability data with static data we have collected from various devices out there, [including] the event data; the anomaly data, the log data, the flow data,” said Marc van Zadelhoff, a vice president of product management at IBM security systems.
“That means when we look at a vulnerability coming in, we can add intelligence data that reduces false positives — and that’s the challenge of vulnerability management.”
QRadar will also include an enhanced version of IBM’s intrusion detection tool, the IBM Security Network Protection XGS 5100, the firm said. The system supplies network feeds that help identify attacks on the Secure Socket Layer, a security protocol that lets websites pass sensitive information in an encrypted format. The XGS 5100 also includes IBM’s “virtual patch” technology that offers vulnerability protection when a software patch is not yet available.
Kevin Skapinetz, program director of product strategy with IBM Security systems, said the new offering expands the firm’s ability to provide information about the growing threat landscape.
“We’re not just taking this vulnerability data in a silo by scanning and looking at vulnerability and applications in a small piece of the overall picture,” he said. “We’re expanding the notion of vulnerability management by layering on and adding in vulnerability as a key component of what security intelligence is all about.”
Connect with the GCN staff on Twitter @GCNtech.