On the heels of its successful #IBMImpact event last week, IBM today unveiled a new line of enterprise services aimed at zero-day attacks and protecting critical data.  Dubbed the IBM Threat Protection System and Critical Data Protection Program, it is the result of two years of significant investment in organic development and the acquisition of companies, including Q1 Labs, Trusteer, Guardium, Ounce Labs, Watchfire and Fiberlink/MaaS360.

Modern cyber defense strategies are built around multi-layer components and IBM has put that principle forward with an end-to-end architecture of analytic and forensics software.  The outcome is continuous prevention, detection and response that is appropriate for sophisticated and persistent cyberattacks. IBM adds that in some cases such threats can be neutralized before any damage occurs.

The IBM Security formula

Its Threat Protection Services feature a number of bleeding edge components including the following zero day triad: malware is blocked utilizing Trusteer Apex software, the QRadar Security Intelligence Platform provides detection and Security QRadar Incident Forensics provides response capabilities.  IBM’s Critical Data Protection Program protects the most critical data in accordance to security consulting services, and leverages assets from IBM Research, StoredIQ and Guardium.  By addressing the critical data lifecycle in an enterprise, and introducing policy, processes and technology in accordance with these initiatives, IBM is focused on a data-centric security model.  Protecting the digital lifeblood of an enterprise is the goal in this comprehensive service.

The key to this overall strategy is the continuing movement in the security industry of breaking the chains of traditional security paradigms.  Signature-based defense and firewalls are increasingly being de-emphasized in favor of security intelligence and behavior analytics.  This data intelligence is a hallmark of IBM’s services portfolio, and as a specialized security service, it is something they have been delivering to its customers for some time.  Across the entire attack chain – from break-in to exfiltration — these methods represent the best current state security readiness approach.

IBM: Silent security giant no more

IBM successfully rolled out its dedicated cyber security business in late 2011 and seen tremendous growth, and according to IDC’s Software Tracker is now perched as the third largest security vendor in 2013.  This position is something that has, in my observation, slipped by the minds of many.  This kind of announcement from the company will ensure that won’t be the perception going forward.

IBM cites two commissioned surveys, also announced today, from the Ponemon Institute that show data breach costs increased again this year by 15 percent, reaching an average of $3.5 million per event.  That report showed a number of additional rising statistics that indicate more must be done to prevent these issues, and this is IBM’s answer to that challenge.

IBM is also implementing its managed security operations centers (SOC) around the world.  This advanced, around-the-clock presence of security analysts and monitoring systems is part of the rapid response value at the core of these services.

IBM boasts that a number of clients have seen quick results in testing the Threat Protection System.  In one case a health care provider was able to shut down malicious code instantly on thousands of diverse endpoints.  In another case, a large European bank was also able to detect and rapidly neutralize malware in its environment.   These malicious code incidents had slipped through the traditional security measures in both environments.

photo credits: spettacolopuro & eriwst via photopin cc; Ponemon report screenshot courtesy – Ponemon/IBM