IBM intends to make the security information and event management (SIEM) technology gained through the acquisition of Q1 Labs, which was officially closed yesterday, the centerpiece of IBM's broad security product portfolio.
The Q1 Labs SIEM called QRadar - the brand name could change as IBM brings Q1 into the IBM fold - will play a central role in the IBM Security Systems portfolio, said Marc van Zadelhoff, vice president of strategy and product management at the division. "Q1 will be the central dashboard for IBM products," he said. Yesterday, IBM named Brendan Hannigan, Q1 Labs CEO, as general manager of IBM's newly formed Security Systems Division.
A central place to correlate real-time security information
The IBM security products to work with the Q1 SIEM include Guardium database monitoring, BigFix for software patching, AppScan vulnerability-assessment tools, the IBM Rational products and the IBM Identity Manager and Access Manager products. (IBM is dropping the "Tivoli" name from the Identity and Access Management suite, although the longtime Tivoli brand name is expected to continue with Tivoli NetView network management.)
The intent is to have the Q1 Labs SIEM become the central place to correlate real-time security-event information related to IBM products and present a situational analysis for enterprise users. IBM envisions this could work in cloud-based environments as well.
The Q1 SIEM, like other products of its type, already can collect information from a wide variety of network security sources, such as firewall or intrusion-prevention systems. But IBM wants to take this capability further and is proceeding with integrating the IBM identity management products into the Q1 SIEM, which is expected to be completed within the next few months.
More detailed way to track user network activity
The advantage is doing this identity management integration work is that it would allow the SIEM to track real-time user network activity in a more detailed way to understand the security consequences, says van Zadelhoff. This integration work with Q1 at the centre follows through on ideas shared by IBM executives earlier this year at the IBM Innovate Conference.
IBM is also intent on integrating business analytics into the SIEM by drawing from the IBM portfolio that includes Cognos business intelligence, the IBM InfoSphere Stream data analysis tool and IBM SPSS, the predictive analysis software that can be used for fraud control. "These are toolkits we can extend to this," said van Zadelhoff.
He noted that IBM already is involved in capturing 12 billion events a day related to security and log management for 4 million customers around the world. The Q1 acquisition, now complete, lays the foundation for how that can be done going forward.