Infosec: IBM debuts anomaly detection system

News 25 Apr, 2012

Vendor claims latest product will protect end users from new breed of "subtle and sophisticated" hackers.

Vendor giant IBM claims traditional firewalls and anti-virus products are no match for the increasingly subtle and sophisticated attacks hackers are now embarking on.

Speaking to IT Pro at Infosecurity Europe in central London, Marc van Zadelhoff, vice president of strategy and product management at IBM Security Systems, said there has been a marked rise in hackers bypassing firewalls over the past year.

2011 was the year of the breach and this is the right type of technology to detect the threats we saw last year.

So much so, 2011 has been nicknamed “the year of the breach” by IBM’s internal research team, he claimed.

“What we saw in 2011 were hackers that were able to install themselves on servers, protected by firewalls and anti-virus,” said van Zadelhoff.

“They then start to flow out data, a few bits at a time, to a receiver on the outside of the organisation.”

To counteract this, the company has launched a new appliance, based on the technology acquired through its buyout of security intelligence software vendor Q1 Labs last October.

It is called QRadar Network Anomaly Detection and is designed to detect subtle abnormalities in network traffic, where malware may have been installed to send data to unauthorised destinations.

“[The hacker] could be sending out customer details to a FTP or IP address you don’t usually do business with, and you wouldn’t notice it without an anomaly detection system in place,” he said.

However, Martin Borrett, director of the IBM Institute for Advanced Security Europe, told IT Pro the product is not designed to replace firewalls or anti-virus, but provide end users with an extra line of defence.

“Hackers are becoming more sophisticated and you still need intrusion prevention systems and anti-virus to protect against them,” explained Borrett. “But, as the threat evolves, the challenge for end users is to keep up, and they may need an extra layer of protection.”

Especially, as many security breaches are caused by traditional security tools not being set and deployed properly, added van Zadelhoff.

“People have anti-virus, but they haven’t rolled it out to all their servers, for example. Or, they have a firewalls and haven’t tuned the settings properly,” he said.

“It is something that can easily get overlooked, especially when companies get bigger through acquisitions. Hackers prey on that kind of vulnerability, so end users need to find smarter ways to keep them out.”