IBM Security Tools Add Hadoop Monitoring

IBM Thursday announced a number of new or updated security offerings, spanning mobile computing, big data, security analytics, and cloud applications.

One of the most notable new releases is what IBM describes as a "deep security intelligence" tool for securing systems based on Hadoop against attackers or unauthorized use of stored data. "The good news for security is we have plenty of data," said Steve Robinson, VP of development, strategy, and product management for IBM Security Systems, speaking by phone. "The bad news for security is we have plenty of data." So the question becomes, what's the best way to mine that data for actionable information, such as evidence of attack?

Running an organization's security logs through Hadoop offers the potential to analyze numerous security incidents at once, which might help organizations better identify low-and-slow attacks of the advanced persistent threat (APT) variety.

[ Learn about a much-watched startup's offensive approach to enterprise security. See Crowdstrike Puts APT Attackers On Notice. ]

"Everyone is talking big data, and we're having lots of conversations now with customers around, what does that mean?" said Robinson. "We have many firms who want to take their [security logs] and put them into Hadoop, Cloudera, etc., and do some very massive analytics, and we see a lot of firms now adding a data scientist to their staff, so they can look at some larger trends. ... So, can we really start to find these needles in a haystack, and start to be more predictive about it?"

To help secure Hadoop, Robinson said IBM's InfoSphere Guardium now offers real-time security monitoring, as well as reporting--for compliance purposes--for such Hadoop-based systems as InfoSphere BigInsights and Cloudera. In addition, IBM InfoSphere Optim Data Privacy can be used to mask any data stored in the Hadoop environment, for example to ensure that regulated or sensitive information--such as social security or credit card numbers--get excluded from big data stores.

In other IBM news, on the mobile front, the latest version of the IBM Endpoint Manager for Mobile Devices will help organizations treat any device--mobile or otherwise--as just another endpoint, as well as to enforce security policies across all endpoints. "This is extending risk-based access out to the mobile device," said Robinson. "This is an issue that we're continuing to hear from customers, now that more business is done over mobile." He said the risk-based access controls include such capabilities as reviewing a user's GPS coordinates, the time of day they're logging in, the country they're in, as well as the telecommunications provider being used.

On the cloud security front, IBM Tuesday announced its new IBM Security Access Manager for Cloud and Mobile, which offers federated single sign-on for cloud applications, and integrates--out of the box--with multiple, existing SaaS applications and services. The security tool can also handle privileged users, such as IT administrators who may share root-level access credentials. "Auditors are really starting to zero in on that quite hard, so we're adding more texture to the whole identity framework, so we can do roles, privileged identities, and also to capture more information to help us with analytics downstream," said Robinson.

In mainframe news, IBM announced that it's releasing a new version of IBM Security zSecure that will allow mainframe data to be brought into its Q1 security information and event management (SIEM) tool. "Many CISOs or security teams assumed that the mainframe was safe. They were focused on distributed environments, but weren't focused on the mainframe," said Robinson. "But I think some auditors have rapped some knuckles over this, and we're hearing that login information, access information, system logs are very critical to our overall security data pool, so can we add some of this log information back into the SIEM?"

This year, IBM has been adjusting its approach to information security products and services, and consolidating and integrating a number of its offerings to offer more "think big, see small" capabilities. Earlier this year, the company created a new security division, which is meant to bring together capabilities across IBM, including its numerous, recent information security-related acquisitions, such as trusted code development shop Ounce Labs, cloud-based application testing service Green Hat, network management specialists BigFix, and SIEM toolmaker Q1 Labs.

Are IBM's security changes paying off for the company? IBM announced its third-quarter 2012 profits Tuesday, and--while strong--they fell short of analysts' expectations. But some of IBM's security and storage offerings, reported as Tivoli income, were a revenue bright spot. Compared with the second quarter of 2012, "Tivoli Security [revenue] was up 9% at constant currency, driven by Q1 Labs which provides next-generation security intelligence," IBM senior VP and CFO Mark Loughridge told analysts on a Tuesday conference call.