IBM at InfoSec: security megatrends for application development

IBM the PC company that became IBM the laptop company, that then became IBM the IT services company and then transmogrified into IBM the cloud-focused socially collaborative tools company is (unsurprisingly perhaps) one more version of itself too…

Welcome to IBM the security company!

Well, in fairness, Big Blue has acquired 12 security specific businesses over the last few years.

Plus, when the firm acquired Massachusetts-based provider of security intelligence software Q1 Labs in Jan 2012, it made former Q1 CEO Brendan Hannigan head of the newly-formed IBM Security Systems division.

At the time of its most significant purchase in the security zone IBM said that the new division will target a £60 billion opportunity in security software services, which has a nearly 12 percent compound annual growth rate, according to IBM estimates.

With this week’s InfoSec show being held in London’s ‘glittering’ Earl’s Court, the Computer Weekly Developer Network spoke to Martin Borrett, director of the IBM Institute for Advanced Security (Europe) and Marc van Zandeloff, VP of strategy and product management for IBM Security Systems.

Borrett and Zandeloff detailed what they call out as the four security megatrends this sector divides up into:

1. cloud-based risks

2. mobile related risks (including Bring Your Own Device)

3. advanced persistent threats

4. security intelligence via deep analytics

IBM’s technology works to analyse data flows looking for anomalies to detect advanced persistent threats and will utilise “enriched IP reputation information” as it aims to flag suspicious behavior across various network activities.

Infosec Reg.jpg

To address the current slew of risks and vulnerabilities IBM is this week announcing the QRadar Network Anomaly Detection appliance that analyses complex network activity in real-time, detecting and reporting activity that falls outside normal baseline behaviour.

The analytics can look not only at inbound attacks, but also can detect outbound network abnormalities, where malware may have already infected a “zombie” system to send data outside the organization.

“Advanced attackers are both patient and clever, leaving just a whisper of their presence, and evading many network protection and detection approaches,” said Zadelhoff. “Most organisations don’t even know they have been infected by malware. An advantage of IBM analytics is that it can detect the harbingers of new attacks from the outside or reveal covert malicious activity from the inside.”

Using advanced behavioral algorithms, the QRadar Network Anomaly Detection appliance analyses disparate data that can collectively indicate an attack – network and traffic flows, intrusion prevention system (IPS) alerts, system and application vulnerabilities, and user activity.

It quantifies several risk factors to help evaluate the significance and credibility of a reported threat, such as the business value and vulnerabilities of targeted resources.

Above all, IBM advocates a “secure by design” approach so that software application development projects are architected around a security consideration that spans (at least) the four “megatrends” highlighted here throughout the entire development lifecycle.

What’s next? IBM the reality TV company?