IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst"

Transcription

1 ESG Brief IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: Many enterprise organizations claim that they already consider security data collection and analysis as big data, but they don t have security analytics solutions capable of addressing their scalability, performance, or operational needs. ESG believes that tactical security analytics solutions and compliance-centric SIEM tools are no match for today s big data security analytics needs. Leading vendors are addressing this gap with real-time and asymmetric big data security analytics systems built for scale and intelligence. IBM is one of few vendors offering an integrated approach that spans the entire continuum of enterprise security analytics needs. Overview In many respects, enterprise organizations have been moving toward big data security analytics for a number of years long before the industry was talking about technologies like Hadoop, MapReduce, and NoSQL. Security analytics is now seen as a big data problem because of: The growing volume of security data. In the early 2000s, security data collection and analysis focused on network perimeter devices like firewalls and IDS/IPS. Over time, security analysts expanded data collection to include internal network devices, servers, applications, and databases. New IT initiatives like BYOD, cloud computing, and server virtualization exacerbated security data collection needs as did the increasing volume of machine-based data. Little wonder then that, according to ESG research, 86% of enterprise organizations collect substantially more or somewhat more security data today than they did two years ago (see Figure 1). 1 Figure 1. Growth in Amount of Data Collected for Information Security Activities How has the amount of data your organization collects to support its information security activities changed in the last 2 years? (Percent of respondents, N=257) We collect about the same amount of data to support our information security activities today as we did 2 years ago, 14% We collect somewhat more data to support our information security activities today than we did 2 years ago, 43% We collect substantially more data to support our information security activities today than we did 2 years ago, 43% Source: Enterprise Strategy Group, Source: ESG Research Report, The Emerging Intersection Between Big Data and Security Analytics, November 2012.

2 ESG Brief: IBM: An Early Leader across the Big Data Security Analytics Continuum 2 Security data retention. Driven by a combination of compliance requirements, lower storage costs, and the frequency of security investigations, large organizations are keeping security data online for longer periods of time. In fact, 21% of enterprise organizations surveyed by ESG keep the security data they collect online for a substantially longer period of time than they did two years ago, while 46% keep the security data they collect online for a somewhat longer period of time than they did two years ago. 2 A multitude of security analytics use cases. Security data is used to analyze activities and metrics associated with risk management, incident detection/response, regulatory compliance, and investigations/forensics. It is not unusual for a security analyst to engage in more than a dozen security investigations simultaneously. Many of these investigations now include analysis of nontraditional data sources such as social media, customer browsing history, and business transactions. Security professionals are being asked to crosscorrelate this data alongside security analytics for fraud detection and long-term historical investigations. To support business requirements, manage risk, and respond to security events, CISOs collect, retain, and analyze a larger repository of data than they did in the past. Security data growth and utilization will only increase in the future. Big Data Security Analytics Defined At a high level, big data security analytics is simply a collection of security data sets so large and complex that it becomes difficult to process using on-hand database management tools or traditional security data processing applications. This is the exact situation occurring at large organizations where tactical security analytics and compliancecentric legacy SIEM tools can no longer keep up with the growing volume of security data. To address this volume of data, big data security analytics solutions distinguish themselves based upon three basic characteristics: Scale. Big data security analytics solutions must have the ability to collect, process, and store hundreds of terabytes (if not petabytes) of data for an assortment of security analytics activities. Analytical flexibility. Big data security analytics solutions must provide users with the ability to interact, query, and visualize this volume of data. Performance. Big data security analytics must be built on top of an appropriate compute architecture in order to collect and process data analytic algorithms and complex queries in an acceptable timeframe. The Big Data Security Analytics Continuum Aside from the general characteristics described previously, ESG believes it is useful to think of big data security analytics solutions along a continuum (see Figure 2). Two poles make up this scale: 1. Real-time big data security analytics 2. Asymmetric big data security analytics Big data security analytics solutions will tend to lean toward one end of the continuum or the other, although individual solutions may offer some features and functionality in both areas. 2 Source: Ibid.

3 ESG Brief: IBM: An Early Leader across the Big Data Security Analytics Continuum 3 Figure 2. The Big Data Security Analytics Continuum Real-time Big Data Security Analytics Source: Enterprise Strategy Group, These solutions may be quite familiar to CISOs because they are basic evolutionary iterations of existing SIEM, log management, network flow analysis, and IP packet capture tools. This new breed of real-time big data security analytics solutions is distinguished from legacy SIEM platforms by the solutions scalability, analytics intelligence, and performance characteristics. Real-time big data security analytics solutions generally feature: A highly distributed architecture. Real-time big data security analytics solutions are typically built upon multiple distributed data collection appliances. Individual collectors are responsible for collecting, processing, storing, and enriching local network data (i.e., adding metadata to enhance raw data with security context). High-speed stream processing engines. Aside from collecting data, distributed appliances are also responsible for high-speed stream processing of local data sets. Stream processing is used to accommodate the high I/O rate needed to process massive amounts of security data (i.e., logs, flows, packet capture, etc.). A proprietary data management repository. To address volume, performance, scale, and analytics requirements, real-time big data security analytics solutions tend to be built on top of proprietary distributed data management repositories rather than traditional SQL databases or big data platforms. In fact, the only SIEM platforms that truly qualify as big data security analytics are those designed with proprietary, highly scalable data repositories. Specific types of data feeds. Real-time security analytics solutions are finely tuned to understand and interpret activities associated with specific types of data typically logs, network flows, and/or IP packets. Real-time big data analytics may also accept security intelligence data feeds, providing further insight for incident detection/response based upon input like IP address reputation, command and control (C&C) communications, or malware profiles.

4 ESG Brief: IBM: An Early Leader across the Big Data Security Analytics Continuum 4 Real-time big data security analytics solutions often enrich raw data feeds with security-centric metadata. This data enrichment can help big data security analytics make sense of disparate security events while also providing some security context to link individual security events together in order to detect anomalous activities spanning multiple technologies. Additionally, incident detection is based upon a combination of programmed rule sets or machine learning. Real-time security analytics solutions may simply be more modern SIEM platforms designed for emerging high-volume, high-scale, and high-performance incident detection/response. While some real-time security analytics solutions offer reporting capabilities to support regulatory compliance requirements, this functionality is purely to support more comprehensive regulatory compliance and GRC activities/tools. Asymmetric Big Data Security Analytics Asymmetric big data security analytics solutions are designed to supplement real-time big data security analytics by providing high-performance platforms for the analysis of massive volumes of structured and unstructured data. In this way, asymmetric big data security analytics can look at data across long periods of time to establish baseline behavior and detect anomalies. Asymmetric big data security analytics solutions are also designed with the assumption that analysts may have no idea what they are looking for, where to start, or how to proceed. Because of this, analysts need the flexibility to analyze the data in a multitude of ways and easily pivot from one query to the next. To provide flexible analytics on massive volumes of security data, asymmetric big data security analytics solutions tend to include: A multitude of data feed types. Asymmetric big data security analytics solutions take in standard security data like logs, flow data, and IP packet capture but enterprises will enhance these with a wide variety of additional data feeds like transactions, s, user click streams, botnet harvesting, attacker data, web logs, etc. It is not unusual for leading-edge organizations to collect, store, and analyze hundreds of different structured and unstructured data types. Support for diverse types of data is critical to enabling the types of wide-ranging investigations typically conducted by security analysts. A centralized architecture. While real-time big data analytics solutions depend upon distributed appliances for data collection and stream processing, asymmetric big data analytics solutions tend to be centrally located in data centers or security operation centers (SOCs). Real-time data feeds are likely captured by log management or SIEM solutions and then shared with asymmetric big data security analytics systems. Other more esoteric data feeds can arrive through APIs or based upon batch-based ETL operations. Emerging big data technologies. While several vendors offer proprietary solutions built for their own parallel processing HPC environments, many asymmetric big data security analytics solutions utilize numerous promising big data technologies such as Hadoop, MapReduce, Mahout, and Pig. Given the innovation and open source community around these technologies, ESG believes that all real-time and asymmetric big data security analytics solutions will include support for a number of these technologies in the future. Some organizations will run big data security analytics on generic big data platforms, but most will look for integrated big data security analytics solutions that offer scale, capacity, and baked-in security analytics. Server clusters. Hadoop, a key technical foundation for asymmetric big data analytics, is based upon a distributed file system (HDFS) and MapReduce (a patented software framework introduced by Google to support distributed computing of large data sets on clusters of standard Intel servers). These technologies provide horizontal scalability for storage and processing. When CISOs want to analyze more data, they simply add more servers to Hadoop clusters for parallel processing performance, load balancing, and highavailability. IBM Security Is Bridging the Big Data Security Analytics Continuum As the big data security analytics market evolves, all products and solutions must provide enterprise functionality like scalability, high-performance, out-of-box intelligence, and strong integration. This will weed out some SMB solutions, leaving vendors with lots of cybersecurity and enterprise software experience.

5 ESG Brief: IBM: An Early Leader across the Big Data Security Analytics Continuum 5 For the most part, big data security analytics solutions will fall into the real-time or asymmetric camp but there are a few exceptions to this rule. For example, IBM already stands out within the big data security analytics market as it: Offers a leading real-time big data security analytics solution. IBM demonstrated real moxy when it abandoned its legacy SIEM and acquired market leader Q1 Labs in QRadar is actually one of few SIEM platforms that qualify as a real-time big data security analytics solution as it offers a distributed architecture for stream/parallel processing combined with deep security algorithms and analytics. This gives QRadar the ability to collect, process, and analyze logs, network flows, IP packets, and X-Force threat intelligence feeds for effective/efficient incident detection and response. Given the current threat landscape featuring hacktivism, cybercrime, and APTs, many enterprise organizations are replacing compliance-centric legacy SIEM tools in favor of real-time big data security analytics delivered by the QRadar Security Intelligence Platform. Utilizes IBM analytics resources for asymmetric big data security analytics. In January 2013, IBM entered the asymmetric big data security analytics market with the announcement of IBM Security Intelligence with Big Data. This solution combines IBM s Hadoop-based analytics engine (i.e., Infosphere BigInsights) with specific algorithms and enhancements designed for cyber security analysts. For example, IBM includes Infosphere Big Sheets (likely based upon Datameer), a prepackaged tooling and visualization technology for emulating spreadsheets, to provide Excel pivot-table-like functionality when working with a Hadoop back-end repository. In addition to addressing both sides of the big data security analytics continuum, IBM Security understands that large enterprises will need both types of solutions within the next few years and will likely demand that all big data security analytics solutions combine into a common architecture. IBM is way ahead in this area with tight integration by offering a combined QRadar/ big data security analytics solution called the Security Intelligence with Big Data. For example, QRadar can, and always has, enriched security events and logs with metadata to add context for investigations and forensics. IBM s asymmetrical big data security analytics can also share data with QRadar when an investigation uncovers a specific network traffic pattern used in a sophisticated attack. This data can then be used to generate new rules, improving real-time security event detection. Clearly, CISOs will appreciate the benefits associated with this twoway integration. The Bigger Truth Big data security analytics isn t some distant vision anymore ESG research reveals that 44% of respondent enterprise organizations believe that their current levels of security data collection, processing, and analysis qualifies as big data today, while another 44% believe that their security data collection, processing, and analysis will qualify as big data within the next two years. 3 Yes, CISOs may be collecting terabytes or petabytes of data, but today s tactical security analytics tools and legacy compliance-centric SIEM systems aren t delivering value. What s needed? Big data security analytics solutions built for scale, intelligence, automation, and complex queries. Leading vendors are already bringing these kinds of solutions to market to meet real-time and asymmetric security analysis needs. Ultimately, large enterprises will need both real-time and asymmetric big data security analytics capabilities for incident detection as well as historical analysis of large volumes of structured and unstructured data. Smart CISOs will plan for these diverse needs by selecting best-of-breed real-time and asymmetric big data security analytics solutions built for two-way data sharing and integration. IBM Security is one of the few vendors already delivering solutions that address these enterprise requirements. All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at Source: Ibid.

The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst

The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst ESG Brief The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: ESG data indicates that many enterprise organizations

More information

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Large organizations have spent millions of dollars on security

More information

Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst

Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: What do large enterprises need in order to address increasingly

More information

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

More information

Information-driven Security and RSA Security Analytics and RSA ECAT

Information-driven Security and RSA Security Analytics and RSA ECAT White Paper Information-driven Security and RSA Security Analytics and RSA ECAT By Jon Oltsik, Senior Principal Analyst September 2014 This ESG White Paper was commissioned by RSA, The Security Division

More information

Virtual Patch Management Offers Automation, Availability, and Cost Benefits Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

Virtual Patch Management Offers Automation, Availability, and Cost Benefits Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Virtual Patch Management Offers Automation, Availability, and Cost Benefits Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: Timely patch management is a security best practice,

More information

ESG Brief. Overview. 2014 by The Enterprise Strategy Group, Inc. All Rights Reserved.

ESG Brief. Overview. 2014 by The Enterprise Strategy Group, Inc. All Rights Reserved. ESG Brief Webroot Delivers Enterprise-Class Threat Intelligence to Security Technology Providers and Large Organizations Date: September 2014 Author: Jon Oltsik, Senior Principal Analyst; Kyle Prigmore,

More information

Security Intelligence: A Key Component of Big Data Security Analytics Date: December 2012 Author: Jon Oltsik, Senior Principal Analyst

Security Intelligence: A Key Component of Big Data Security Analytics Date: December 2012 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Security Intelligence: A Key Component of Big Data Security Analytics Date: December 2012 Author: Jon Oltsik, Senior Principal Analyst Abstract: The intersection of big data and security analytics

More information

Detect & Investigate Threats. OVERVIEW

Detect & Investigate Threats. OVERVIEW Detect & Investigate Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics Enterprise-wide

More information

White. Paper. The Big Data Security Analytics Era Is Here. January 2013

White. Paper. The Big Data Security Analytics Era Is Here. January 2013 White Paper The Big Data Security Analytics Era Is Here By Jon Oltsik, Senior Principal Analyst January 2013 This ESG White Paper was commissioned by RSA Security and is distributed under license from

More information

Discover & Investigate Advanced Threats. OVERVIEW

Discover & Investigate Advanced Threats. OVERVIEW Discover & Investigate Advanced Threats. OVERVIEW HIGHLIGHTS Introducing RSA Security Analytics, Providing: Security monitoring Incident investigation Compliance reporting Providing Big Data Security Analytics

More information

Extending security intelligence with big data solutions

Extending security intelligence with big data solutions IBM Software Thought Leadership White Paper January 2013 Extending security intelligence with big data solutions Leverage big data technologies to uncover actionable insights into modern, advanced data

More information

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst ESG Lab Spotlight ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst Abstract: This ESG Lab Spotlight examines the

More information

AccelOps NOC and SOC Analytics in a Single Pane of Glass Date: March 2016 Author: Tony Palmer, Senior ESG Lab Analyst

AccelOps NOC and SOC Analytics in a Single Pane of Glass Date: March 2016 Author: Tony Palmer, Senior ESG Lab Analyst ESG Lab Spotlight AccelOps NOC and SOC Analytics in a Single Pane of Glass Date: March 2016 Author: Tony Palmer, Senior ESG Lab Analyst Abstract: This ESG Lab Spotlight details ESG s hands-on testing of

More information

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst ESG Solution Showcase Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst Abstract: Information security practices are in the midst

More information

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing

More information

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst ESG Lab Review RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst Abstract: This ESG Lab review documents

More information

Security strategies to stay off the Børsen front page

Security strategies to stay off the Børsen front page Security strategies to stay off the Børsen front page Steve Durkin, Channel Director for Europe, Q1 Labs, an IBM Company 1 2012 IBM Corporation Given the dynamic nature of the challenge, measuring the

More information

An Analytics-based Approach to Cybersecurity

An Analytics-based Approach to Cybersecurity ESG Solution Showcase An Analytics-based Approach to Cybersecurity Date: May 2015 Author: Jon Oltsik, Senior Principal Analyst Abstract: Since the Google Aurora incident announced in 2010, large organizations

More information

White. Paper. Rethinking Endpoint Security. February 2015

White. Paper. Rethinking Endpoint Security. February 2015 White Paper Rethinking Endpoint Security By Jon OItsik, Senior Principal Analyst With Kyle Prigmore, Associate Analyst February 2015 This ESG White Paper was commissioned by RSA Security and is distributed

More information

Enterprise Strategy Group Getting to the bigger truth. Network Security Monitoring Trends

Enterprise Strategy Group Getting to the bigger truth. Network Security Monitoring Trends Enterprise Strategy Group Getting to the bigger truth. Network Security Monitoring Trends By Jon Oltsik, ESG Senior Principal Analyst August 2016 Contents Executive Summary.3 Network Security Monitoring

More information

IBM QRadar Security Intelligence April 2013

IBM QRadar Security Intelligence April 2013 IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence

More information

White. Paper. Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS. January 2013

White. Paper. Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS. January 2013 White Paper Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS By Jon Oltsik, Senior Principal Analyst January 2013 This ESG White Paper was commissioned by McAfee. and is distributed

More information

White. Paper. EMC Isilon: A Scalable Storage Platform for Big Data. April 2014

White. Paper. EMC Isilon: A Scalable Storage Platform for Big Data. April 2014 White Paper EMC Isilon: A Scalable Storage Platform for Big Data By Nik Rouda, Senior Analyst and Terri McClure, Senior Analyst April 2014 This ESG White Paper was commissioned by EMC Isilon and is distributed

More information

Research Perspectives

Research Perspectives Research Perspectives Paper Network Security Operations and Cloud Computing By Jon Oltsik, Senior Principal Analyst April 2015 This ESG Research Perspectives Paper was commissioned by Tufin and is distributed

More information

Compensating Security Controls for Windows Server 2003 Security

Compensating Security Controls for Windows Server 2003 Security ESG Solution Showcase Compensating Security Controls for Windows Server 2003 Security Date: May 2015 Author: Jon Oltsik, Senior Principal Analyst Abstract: It is common knowledge by now that Microsoft

More information

QRadar SIEM and Zscaler Nanolog Streaming Service

QRadar SIEM and Zscaler Nanolog Streaming Service QRadar SIEM and Zscaler Nanolog Streaming Service February 2014 1 QRadar SIEM: Security Intelligence Platform QRadar SIEM provides full visibility and actionable insight to protect networks and IT assets

More information

Mucho Big Data y La Seguridad para cuándo?

Mucho Big Data y La Seguridad para cuándo? Mucho Big Data y La Seguridad para cuándo? Juan Carlos Vázquez Sales Systems Engineer, LTAM mayo 9, 2013 Agenda Business Drivers Big Security Data GTI Integration SIEM Architecture & Offering Why McAfee

More information

AMPLIFYING SECURITY INTELLIGENCE

AMPLIFYING SECURITY INTELLIGENCE AMPLIFYING SECURITY INTELLIGENCE WITH BIG DATA AND ADVANCED ANALYTICS Chris Meenan Senior Product Manager, Security Intelligence 1 IBM Security Systems Welcome to a Not So Friendly Cyber World Biggest

More information

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems Proactively address regulatory compliance requirements and protect sensitive data in real time Highlights Monitor and audit data activity

More information

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform WHITE PAPER Cloud-Based, Automated Breach Detection The Seculert Platform Table of Contents Introduction 3 Automatic Traffic Log Analysis 4 Elastic Sandbox 5 Botnet Interception 7 Speed and Precision 9

More information

White. Paper. Understanding and Addressing APTs. September 2012

White. Paper. Understanding and Addressing APTs. September 2012 White Paper Understanding and Addressing APTs By Jon Oltsik, Senior Principal Analyst September 2012 This ESG White Paper was commissioned by Trend Micro and is distributed under license from ESG. 2012,

More information

Reducing the Critical Time from Incident Detection to Containment

Reducing the Critical Time from Incident Detection to Containment White Paper Reducing the Critical Time from Incident Detection to Containment By Jon Oltsik, Senior Principal Analyst May 2014 This ESG White Paper was commissioned by Bradford Networks and is distributed

More information

Detecting Anomalous Behavior with the Business Data Lake. Reference Architecture and Enterprise Approaches.

Detecting Anomalous Behavior with the Business Data Lake. Reference Architecture and Enterprise Approaches. Detecting Anomalous Behavior with the Business Data Lake Reference Architecture and Enterprise Approaches. 2 Detecting Anomalous Behavior with the Business Data Lake Pivotal the way we see it Reference

More information

The session is about to commence. Please switch your phone to silent!

The session is about to commence. Please switch your phone to silent! The session is about to commence. Please switch your phone to silent! 1 Defend with Confidence Against Advanced Threats Nicholas Chia SE Manager, SEA RSA 2 TRUST? Years to earn, seconds to break 3 Market

More information

Advanced Cyber Threats Demand a New Privileged Account Security Model Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

Advanced Cyber Threats Demand a New Privileged Account Security Model Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Advanced Cyber Threats Demand a New Privileged Account Security Model Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: In spite of marginal progress, privileged accounts

More information

IBM i2 Enterprise Insight Analysis for Cyber Analysis

IBM i2 Enterprise Insight Analysis for Cyber Analysis IBM i2 Enterprise Insight Analysis for Cyber Analysis Protect your organization with cyber intelligence Highlights Quickly identify threats, threat actors and hidden connections with multidimensional analytics

More information

This ESG White Paper was commissioned by Blue Coat and is distributed under license from ESG.

This ESG White Paper was commissioned by Blue Coat and is distributed under license from ESG. White Paper Network Encryption and its Impact on Enterprise Security By Jon Oltsik, Senior Principal Analyst February 2015 This ESG White Paper was commissioned by Blue Coat and is distributed under license

More information

Sicurezza & Big Data: la Security Intelligence aiuta le aziende a difendersi dagli attacchi

Sicurezza & Big Data: la Security Intelligence aiuta le aziende a difendersi dagli attacchi Sicurezza & Big Data: la Security Intelligence aiuta le aziende a difendersi dagli attacchi Giovanni Abbadessa, IBM IT Security Architect Umberto Sansovini, IBM Security Consultant Document number Big

More information

III Big Data Technologies

III Big Data Technologies III Big Data Technologies Today, new technologies make it possible to realize value from Big Data. Big data technologies can replace highly customized, expensive legacy systems with a standard solution

More information

The Sumo Logic Solution: Security and Compliance

The Sumo Logic Solution: Security and Compliance The Sumo Logic Solution: Security and Compliance Introduction With the number of security threats on the rise and the sophistication of attacks evolving, the inability to analyze terabytes of logs using

More information

IBM Security Intelligence Strategy

IBM Security Intelligence Strategy IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational

More information

EMC s Enterprise Hadoop Solution. By Julie Lockner, Senior Analyst, and Terri McClure, Senior Analyst

EMC s Enterprise Hadoop Solution. By Julie Lockner, Senior Analyst, and Terri McClure, Senior Analyst White Paper EMC s Enterprise Hadoop Solution Isilon Scale-out NAS and Greenplum HD By Julie Lockner, Senior Analyst, and Terri McClure, Senior Analyst February 2012 This ESG White Paper was commissioned

More information

The Benefits of an Integrated Approach to Security in the Cloud

The Benefits of an Integrated Approach to Security in the Cloud The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The

More information

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

WHITE PAPER SPLUNK SOFTWARE AS A SIEM SPLUNK SOFTWARE AS A SIEM Improve your security posture by using Splunk as your SIEM HIGHLIGHTS Splunk software can be used to operate security operations centers (SOC) of any size (large, med, small)

More information

QRadar SIEM and FireEye MPS Integration

QRadar SIEM and FireEye MPS Integration QRadar SIEM and FireEye MPS Integration March 2014 1 IBM QRadar Security Intelligence Platform Providing actionable intelligence INTELLIGENT Correlation, analysis and massive data reduction AUTOMATED Driving

More information

IBM Security. 2013 IBM Corporation. 2013 IBM Corporation

IBM Security. 2013 IBM Corporation. 2013 IBM Corporation IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure

More information

Securing and protecting the organization s most sensitive data

Securing and protecting the organization s most sensitive data Securing and protecting the organization s most sensitive data A comprehensive solution using IBM InfoSphere Guardium Data Activity Monitoring and InfoSphere Guardium Data Encryption to provide layered

More information

White. Paper. The Modern Network Monitoring Mandate. April 2014

White. Paper. The Modern Network Monitoring Mandate. April 2014 White Paper The Modern Network Monitoring Mandate By Bob Laliberte, Senior Analyst April 2014 This ESG White Paper was commissioned by Emulex and is distributed under license from ESG. White Paper: The

More information

The SentinelOne Endpoint Protection Platform

The SentinelOne Endpoint Protection Platform Enterprise Strategy Group Getting to the bigger truth. SOLUTION SHOWCASE The SentinelOne Endpoint Protection Platform Date: September 2015 Author: Jon Oltsik, Senior Principal Analyst; and Doug Cahill,

More information

White. Paper. Big Data Advisory Service. September, 2011

White. Paper. Big Data Advisory Service. September, 2011 White Paper Big Data Advisory Service By Julie Lockner& Tom Kornegay September, 2011 This ESG White Paper was commissioned by EMC Corporation and is distributed under license from ESG. 2011, Enterprise

More information

Cybersecurity Skills Shortage: A State of Emergency

Cybersecurity Skills Shortage: A State of Emergency Enterprise Strategy Group Getting to the bigger truth. ESG Brief Cybersecurity Skills Shortage: A State of Emergency Date: February 2016 Author: Jon Oltsik, Principal Analyst, Doug Cahill, Senior Analyst,

More information

Next-generation Security Architecture for the Enterprise

Next-generation Security Architecture for the Enterprise White Paper Next-generation Security Architecture for the Enterprise By Jon Oltsik, Senior Principal Analyst October 2014 This ESG White Paper was commissioned by Palo Alto Networks and is distributed

More information

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management INTRODUCTION Traditional perimeter defense solutions fail against sophisticated adversaries who target their

More information

IBM Security X-Force Threat Intelligence

IBM Security X-Force Threat Intelligence IBM Security X-Force Threat Intelligence Use dynamic IBM X-Force data with IBM Security QRadar to detect the latest Internet threats Highlights Automatically feed IBM X-Force data into IBM QRadar Security

More information

August 2011. Investigating an Insider Threat. A Sensage TechNote highlighting the essential workflow involved in a potential insider breach

August 2011. Investigating an Insider Threat. A Sensage TechNote highlighting the essential workflow involved in a potential insider breach August 2011 A Sensage TechNote highlighting the essential workflow involved in a potential insider breach Table of Contents Executive Summary... 1... 1 What Just Happened?... 2 What did that user account

More information

How to Choose the Right Security Information and Event Management (SIEM) Solution

How to Choose the Right Security Information and Event Management (SIEM) Solution How to Choose the Right Security Information and Event Management (SIEM) Solution John Burnham Director, Strategic Communications and Analyst Relations IBM Security Chris Meenan Director, Security Intelligence

More information

Hadoop Evolution In Organizations. Mark Vervuurt Cluster Data Science & Analytics

Hadoop Evolution In Organizations. Mark Vervuurt Cluster Data Science & Analytics In Organizations Mark Vervuurt Cluster Data Science & Analytics AGENDA 1. Yellow Elephant 2. Data Ingestion & Complex Event Processing 3. SQL on Hadoop 4. NoSQL 5. InMemory 6. Data Science & Machine Learning

More information

QRadar SIEM 6.3 Datasheet

QRadar SIEM 6.3 Datasheet QRadar SIEM 6.3 Datasheet Overview Q1 Labs flagship solution QRadar SIEM is unrivaled in its ability to provide an organization centralized IT security command and control. The unique capabilities of QRadar

More information

REV: 0.1.1 (July 2011) McAfee Security: Intrusion Prevention System

REV: 0.1.1 (July 2011) McAfee Security: Intrusion Prevention System McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload

More information

Total year-over-year spending change in networking, 2009-2012. (Percent of respondents) 37% 36% 35% 37% 29% 26% 16% 13% 0% 20% 40% 60% 80%

Total year-over-year spending change in networking, 2009-2012. (Percent of respondents) 37% 36% 35% 37% 29% 26% 16% 13% 0% 20% 40% 60% 80% Research Brief 2012 Networking Spending Trends Date: March 2012 Author: Jon Oltsik, Senior Principal Analyst; Bob Laliberte, Senior Analyst; and Bill Lundell, Senior Research Analyst Abstract: According

More information

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring NitroView Unified Security and Compliance Unmatched Speed and Scale Application Data Monitoring Database Monitoring Log Management Content Aware SIEM TM IPS Today s security challenges demand a new approach

More information

White. Paper. Cloud Computing Demands Enterprise- class Password Management and Security. April 2013

White. Paper. Cloud Computing Demands Enterprise- class Password Management and Security. April 2013 White Paper Cloud Computing Demands Enterprise- class Password Management and Security By Jon Oltsik, Senior Principal Analyst April 2013 This ESG White Paper was commissioned by McAfee (a Division of

More information

Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices

Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices Research Report Abstract: Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices By Jon Oltsik, Senior Principal Analyst With Bill Lundell, Senior Research Analyst and Jennifer Gahm,

More information

Integrated Network Security Architecture: Threat-focused Nextgeneration

Integrated Network Security Architecture: Threat-focused Nextgeneration White Paper Integrated Network Security Architecture: Threat-focused Nextgeneration Firewall By Jon Oltsik, Senior Principal Analyst September 2014 This ESG White Paper was commissioned by Cisco Systems

More information

Managing Big Data with Hadoop & Vertica. A look at integration between the Cloudera distribution for Hadoop and the Vertica Analytic Database

Managing Big Data with Hadoop & Vertica. A look at integration between the Cloudera distribution for Hadoop and the Vertica Analytic Database Managing Big Data with Hadoop & Vertica A look at integration between the Cloudera distribution for Hadoop and the Vertica Analytic Database Copyright Vertica Systems, Inc. October 2009 Cloudera and Vertica

More information

Is your organization developing its own custom applications specifically for mobile devices? (Percent of respondents, N=242)

Is your organization developing its own custom applications specifically for mobile devices? (Percent of respondents, N=242) Solution Brief Check Point Capsule for Mobile Computing Security, Operations Efficiency, and Business Enablement Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst; Kyle Prigmore, Research

More information

Boosting enterprise security with integrated log management

Boosting enterprise security with integrated log management IBM Software Thought Leadership White Paper May 2013 Boosting enterprise security with integrated log management Reduce security risks and improve compliance across diverse IT environments 2 Boosting enterprise

More information

VMware and the Need for Cyber Supply Chain Security Assurance

VMware and the Need for Cyber Supply Chain Security Assurance White Paper VMware and the Need for Cyber Supply Chain Security Assurance By Jon Oltsik, Senior Principal Analyst September 2015 This ESG White Paper was commissioned by VMware and is distributed under

More information

McAfee Acquires NitroSecurity

McAfee Acquires NitroSecurity McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security

More information

IBM QRadar Security Intelligence Platform appliances

IBM QRadar Security Intelligence Platform appliances IBM QRadar Security Intelligence Platform Comprehensive, state-of-the-art solutions providing next-generation security intelligence Highlights Get integrated log management, security information and event

More information

The ESG Cybersecurity Maturity Model

The ESG Cybersecurity Maturity Model ESG Brief The ESG Cybersecurity Maturity Model Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: As part of its research, ESG regularly uses a scoring system to divide survey populations

More information

The webinar will begin shortly

The webinar will begin shortly The webinar will begin shortly An Introduction to Security Intelligence Presented by IBM Security Chris Ross Senior Security Specialist, IBM Security Agenda The Security Landscape An Introduction to Security

More information

BigData Analytics per la sicurezza delle Infrastrutture Critiche

BigData Analytics per la sicurezza delle Infrastrutture Critiche BigData Analytics per la sicurezza delle Infrastrutture Critiche Vincenzo Conti IBM Security Sales Consultant Energy and utility organizations are at the forefront of attacks Utilities are among the most

More information

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle

More information

Raul F. Chong Senior program manager Big data, DB2, and Cloud IM Cloud Computing Center of Competence - IBM Toronto Lab, Canada

Raul F. Chong Senior program manager Big data, DB2, and Cloud IM Cloud Computing Center of Competence - IBM Toronto Lab, Canada What is big data? Raul F. Chong Senior program manager Big data, DB2, and Cloud IM Cloud Computing Center of Competence - IBM Toronto Lab, Canada 1 2011 IBM Corporation Agenda The world is changing What

More information

IBM Advanced Threat Protection Solution

IBM Advanced Threat Protection Solution IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain

More information

IBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager!

IBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager! IBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager! IBM can provide unmatched global coverage and security awareness! 4,300 Strategic outsourcing security delivery resources 1,200

More information

Strengthen security with intelligent identity and access management

Strengthen security with intelligent identity and access management Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers

More information

Introducing IBM s Advanced Threat Protection Platform

Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM

More information

IBM BigInsights for Apache Hadoop

IBM BigInsights for Apache Hadoop IBM BigInsights for Apache Hadoop Efficiently manage and mine big data for valuable insights Highlights: Enterprise-ready Apache Hadoop based platform for data processing, warehousing and analytics Advanced

More information

REAL-TIME OPERATIONAL INTELLIGENCE. Competitive advantage from unstructured, high-velocity log and machine Big Data

REAL-TIME OPERATIONAL INTELLIGENCE. Competitive advantage from unstructured, high-velocity log and machine Big Data REAL-TIME OPERATIONAL INTELLIGENCE Competitive advantage from unstructured, high-velocity log and machine Big Data 2 SQLstream: Our s-streaming products unlock the value of high-velocity unstructured log

More information

The 3 questions to ask yourself about BIG DATA

The 3 questions to ask yourself about BIG DATA The 3 questions to ask yourself about BIG DATA Do you have a big data problem? Companies looking to tackle big data problems are embarking on a journey that is full of hype, buzz, confusion, and misinformation.

More information

The Challenge of Securing and Managing Data While Meeting Compliance

The Challenge of Securing and Managing Data While Meeting Compliance ESG Brief Commvault: Integrating Enterprise File Sync and Share Capabilities with Data Protection and Backup Date: September 2015 Author: Terri McClure, Senior Analyst, and Leah Matuson, Research Analyst

More information

BIG DATA IS MESSY PARTNER WITH SCALABLE

BIG DATA IS MESSY PARTNER WITH SCALABLE BIG DATA IS MESSY PARTNER WITH SCALABLE SCALABLE SYSTEMS HADOOP SOLUTION WHAT IS BIG DATA? Each day human beings create 2.5 quintillion bytes of data. In the last two years alone over 90% of the data on

More information

Lenovo: Software-defined Storage for a New Generation of Information Technology

Lenovo: Software-defined Storage for a New Generation of Information Technology Enterprise Strategy Group Getting to the bigger truth. White Paper Lenovo: Software-defined Storage for a New Generation of Information Technology An investigation into software-defined storage, and the

More information

Addressing government challenges with big data analytics

Addressing government challenges with big data analytics IBM Software White Paper Government Addressing government challenges with big data analytics 2 Addressing government challenges with big data analytics Contents 2 Introduction 4 How big data analytics

More information

Big Data and Trusted Information

Big Data and Trusted Information Dr. Oliver Adamczak Big Data and Trusted Information CAS Single Point of Truth 7. Mai 2012 The Hype Big Data: The next frontier for innovation, competition and productivity McKinsey Global Institute 2012

More information

Security Intelligence

Security Intelligence IBM Security Security Intelligence Security for a New Era of Computing Erno Doorenspleet Consulting Security Executive 1 PARADIGM SHIFT in crime Sophistication is INCREASING Attacks are More Targeted Attackers

More information

IBM SECURITY QRADAR INCIDENT FORENSICS

IBM SECURITY QRADAR INCIDENT FORENSICS IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise

More information

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning Niara Security Analytics Automatically detect attacks on the inside using machine learning Automatically detect attacks on the inside Supercharge analysts capabilities Enhance existing security investments

More information

Addressing Open Source Big Data, Hadoop, and MapReduce limitations

Addressing Open Source Big Data, Hadoop, and MapReduce limitations Addressing Open Source Big Data, Hadoop, and MapReduce limitations 1 Agenda What is Big Data / Hadoop? Limitations of the existing hadoop distributions Going enterprise with Hadoop 2 How Big are Data?

More information

How the oil and gas industry can gain value from Big Data?

How the oil and gas industry can gain value from Big Data? How the oil and gas industry can gain value from Big Data? Arild Kristensen Nordic Sales Manager, Big Data Analytics arild.kristensen@no.ibm.com, tlf. +4790532591 April 25, 2013 2013 IBM Corporation Dilbert

More information

To the best of your knowledge, does your organization currently utilize video surveillance at any of its locations? (Percent of respondents, N=302)

To the best of your knowledge, does your organization currently utilize video surveillance at any of its locations? (Percent of respondents, N=302) Research Brief Video Surveillance: Now on IT s Watch Date: December 2013 Author: Jon Oltsik, Senior Principal Analyst, Bill Lundell, Senior Research Analyst, and John McKnight, VP Research This ESG Research

More information

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Beyond passwords: Protect the mobile enterprise with smarter security solutions IBM Software Thought Leadership White Paper September 2013 Beyond passwords: Protect the mobile enterprise with smarter security solutions Prevent fraud and improve the user experience with an adaptive

More information

IBM AND NEXT GENERATION ARCHITECTURE FOR BIG DATA & ANALYTICS!

IBM AND NEXT GENERATION ARCHITECTURE FOR BIG DATA & ANALYTICS! The Bloor Group IBM AND NEXT GENERATION ARCHITECTURE FOR BIG DATA & ANALYTICS VENDOR PROFILE The IBM Big Data Landscape IBM can legitimately claim to have been involved in Big Data and to have a much broader

More information

The SIEM Evaluator s Guide

The SIEM Evaluator s Guide Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,

More information

Security Analytics for Smart Grid

Security Analytics for Smart Grid Security Analytics for Smart Grid Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC robert.griffin@rsa.com blogs.rsa.com/author/griffin @RobtWesGriffin 1 No Shortage of Hard

More information

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery

More information