Businesses today face a skill shortage around cyber-security, while attackers have become more patient and clever—leaving little evidence an intrusion ever occurred.
Too often existing tools are fragmented and don’t present a complete picture. So how do organizations discover they have been hacked, in a timely, and effective manner? The solution demands a forensics approach that is easy-to-deploy, but can quickly search and analyse clues to provide critical, in-depth information, minimize its impact and prevent further breaches, says Marc van Zadelhoff, vice-president of strategy and product management for IBM Security Systems.
IT and IT security professionals are finding traditional forensic tools effective but complicated, according to a recent Network Forensic Investigations Market Study conducted by Ponemon Institute LLC. The study found that although more than half (55 per cent) of respondents have positive or better impressions of their forensic tools and 69 per cent find them effective, nearly three-quarters (73 per cent) find their existing forensic/analysis tool difficult (43 per cent) or very difficult (40 per cent) to use.
To this end, van Zadelhoff notes, IBM® Security QRadar® Incident Forensics—a recently released solution— aims to help businesses shore up their security by providing easier ability to retrace the step-by-step occurrences of a security incident leveraging data collection. It is the culmination of more than a decade of evolution in IBM’s security platform to meet client needs. “For us forensics is yet another feed of information that allows you to handle the security problem, give it more context, give it more colour, so that you can understand it quickly,” van Zadelhoff says. “So, the more you collect, actually, the faster you can get through the data and find out what the problem is.”
Speed is of the essence, says Kevin Skapinetz, director of product marketing and strategy for IBM Security Systems. “Security incidents are really a race against time.” He says IBM is flipping the traditional, segmented approach taken by other solutions which require IT security professionals to know what they are looking for—specific correlations that might indicate an attack—into one that relies on QRadar’s embedded intelligence and analytics to point to events and then linking forensics ability to those events to dig deeper and even highlight relationships that may signal potential threats.