New security software and services from IBM aim to help organizations protect their critical data in an environment where advanced persistent threats, zero day attacks, breaches and the financial impact on an organization continue to rise.
According to two IBM-commissioned studies announced from the Ponemon Institute, the average cost of a data breach increased by 15% globally, reaching an average of $3.5 million. The majority of companies surveyed say targeted attacks are the greatest threat, costing them on average $9.4 million in brand equity alone.
The intro of the IBM Threat Protection System and Critical Data Protection Program is the result of two years of investment in organic development and the acquisition of companies, including Q1 Labs, Trusteer, Guardium, Ounce Labs, Watchfire and Fiberlink/MaaS360.
The solution leverages security intelligence and behavioral analytics to go beyond traditional signature-based defenses and firewalls to disrupt attacks across the entire attack chain—from break-in to exfiltrate.
It includes an end-to-end architecture of analytics and forensics software that helps organizations continuously prevent, detect and respond to ongoing and sophisticated cyber attacks, and in some cases, eliminate the threat before the damage has occurred. Among the highlights:
For prevention, IBM offers the new Trusteer Apex solution for endpoint malware blocking, significant enhancements to the IBM Network Protection appliance for quarantining against attacks and new integrations with key partners’ network sandbox capabilities.
For detection, the QRadar Security Intelligence platform is being enhanced with new capabilities to allow organizations to detect attacks at new scale and actively block exploits with a click.
For response, the IBM Security QRadar Incident Forensics expands emergency response services globally.
The solution has been tested by enterprise IT and in one example, a healthcare provider with thousands of endpoints immediately found dozens of instances of malware present, despite their use of many more traditional security tools. This malicious code could be used to remote control endpoints or exfiltrate data, but instead was instantly disabled. Likewise a large European bank recently tried this capability and was able to disable undetected malware across the enterprise.
“Advanced Persistent Threats have fundamentally changed the way organizations have to approach data security,” said Brendan Hannigan, General Manager, IBM Security Systems. “Today, defending against cyberattacks requires more than a signature-based or perimeter approach. Deep analytic capabilities and forensics are vital and need to include endpoint prevention, perimeter protection and the ability to guard against attacks before they can do damage.”
Critical Data Protection
The new Critical Data Protection Program helps safeguard critical data. In fact, an organization’s fortune is often driven by less than 2% of its enterprise data, which has major impact on competitive advantage, brand reputation, market value and business growth.
This critical data—which may include such high value data assets as acquisition and divestiture plans, executive and board deliberations and intellectual property—accounts for an estimated 70% of the value of a publicly traded corporation. As a result, this type of data is extremely valuable to hostile forces, whether company insiders or sophisticated attackers.
Despite the importance and value of critical enterprise data, many organizations are not aware of what that information is, where it resides, who has access to it, or how it is protected, making it more difficult to monitor and protect. In fact, data loss can take days or more to discover in more than 95% of cases, and weeks or more to contain in more than 90% of cases, a lag that can have a catastrophic impact on a business.
The new protection program offers an iterative multi-phased approach of define, discover, baseline, secure and monitor for a full lifecycle of data security.