There's been much discussion in the security industry that preventing malware-based infiltrations into the enterprise is nigh on impossible, and the new security mantra should be "rapid detection is the new prevention." On that, IBM begs to differ.
"There's a lot of talk in the industry that prevention is dead,'" says Marc van Zadelhoff, vice president strategy, product management and alliances, IBM Security Systems, which today introduced software and services oriented around the counter-argument that prevention ought to be a realistic expectation in IT security defense. "In our view, sure it's hard, but it's possible." It's not a 100% guarantee that prevention will always be possible, he acknowledges, but prevention should be the focus of enterprise security strategy.
To that end, IBM is offering what it calls the IBM Threat Protection System, which includes an endpoint security agent for Microsoft Windows and the Apple Mac that was developed out of the Rapport software that IBM gained in its acquisition of of security firm Trusteer.
The Rapport software has been widely distributed by financial services firms to online banking customers to protect them against financially-focused malware threats like ZeuS botnets. IBM took that core anti-malware technology and developed additional software intended for the enterprise which it calls the Apex Malware Prevention capability. It takes on detection of zero-day attacks by looking at how malware is behaving and blocking actions against the user that are deemed malicious. "It stops it from installing," says van Zadelhoff.
As part of this, IBM is also offering what it calls the Threat Detection Appliance which can integrate threat intelligence gathered by the Apex endpoint software and share it with IBM's security information and resource management product, QRadar, which is used for security management.
As part of its threat-protection push this week, IBM has also established a program called Critical Data Protection in which its security advisers will help companies identify the most critical and sensitive information the company has to determine how best to secure it.
"It's about the crown jewels," says Kris Lovejoy, general manager of IBM Security Services. She notes that insurance companies want to write cyber-insurance policies around the "crown jewels" of an organization but one challenge is that many times the IT department isn't necessarily even aware of where those jewels actually exist in the massive amounts of data stored in some companies.
Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: [email protected]