Infosec: IBM debuts anomaly detection system

Vendor claims latest product will protect end users from new breed of "subtle and sophisticated" hackers.

Data flow

Vendor giant IBM claims traditional firewalls and anti-virus products are no match for the increasingly subtle and sophisticated attacks hackers are now embarking on.

Speaking to IT Pro at Infosecurity Europe in central London, Marc van Zadelhoff, vice president of strategy and product management at IBM Security Systems, said there has been a marked rise in hackers bypassing firewalls over the past year.

Advertisement - Article continues below

2011 was the year of the breach and this is the right type of technology to detect the threats we saw last year.

So much so, 2011 has been nicknamed "the year of the breach" by IBM's internal research team, he claimed.

"What we saw in 2011 were hackers that were able to install themselves on servers, protected by firewalls and anti-virus," said van Zadelhoff.

"They then start to flow out data, a few bits at a time, to a receiver on the outside of the organisation."

To counteract this, the company has launched a new appliance, based on the technology acquired through its buyout of security intelligence software vendor Q1 Labs last October.

It is called QRadar Network Anomaly Detection and is designed to detect subtle abnormalities in network traffic, where malware may have been installed to send data to unauthorised destinations.

Advertisement - Article continues below

"[The hacker] could be sending out customer details to a FTP or IP address you don't usually do business with, and you wouldn't notice it without an anomaly detection system in place," he said.

Advertisement - Article continues below

However, Martin Borrett, director of the IBM Institute for Advanced Security Europe, told IT Pro the product is not designed to replace firewalls or anti-virus, but provide end users with an extra line of defence.

"Hackers are becoming more sophisticated and you still need intrusion prevention systems and anti-virus to protect against them," explained Borrett. "But, as the threat evolves, the challenge for end users is to keep up, and they may need an extra layer of protection."

Especially, as many security breaches are caused by traditional security tools not being set and deployed properly, added van Zadelhoff.

"People have anti-virus, but they haven't rolled it out to all their servers, for example. Or, they have a firewalls and haven't tuned the settings properly," he said.

"It is something that can easily get overlooked, especially when companies get bigger through acquisitions. Hackers prey on that kind of vulnerability, so end users need to find smarter ways to keep them out."

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now



K2View innovates in data management with new encryption patent

28 May 2020

ZLoader malware returns as a coronavirus phishing scam

27 May 2020

AnarchyGrabber hack steals Discord tokens, IDs and passwords

27 May 2020

Scammers leverage contact-tracing in hacking attempt

27 May 2020

Most Popular

Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020
data protection

NHS yet to understand risks of holding Test and Trace data for 20 years

29 May 2020