With the exponential growth of the Internet and associated information technology (IT), security breaches across all sectors are fast developing into a serious risk for governments and corporate enterprises.
Global computing group IBM security technology GM Brendan Hannigan says that, over the years, security breaches have advanced from random attacks on software vulnerabilities, such as the email replicating viruses that were popular in the 1990s, to targeted attacks on specified external entities – the personal vendetta of ‘hacktivists’ who are determined to infiltrate a corporation’s or government’s internal information systems.
“The amount of information available today is vast and exploding and there is now a whole generation that has grown up with IT. “Hackers are becoming more sophisticated,” he says.
He identifies accelerated attacks on corporations and governments as advanced persistent threats.
“Today, rather than searching for a random software vulnerability, a person or group of people will persistently try for 12 to 18 months to hack into a particular organisation’s information systems. Businesses are fundamentally at risk.”
Hannigan says IBM’s customers are concerned about the changing nature of security breaches and the various challenges facing the industry in general.
“Despite a variety of [security] technologies being deployed, companies are still concerned about the increased level of threat and are asking for help.”
In response to this growing concern, IBM launched its Security Systems division in January, after acquiring security intelligence products provider Q1 Labs late last year.
Hannigan was previously the CEO of Q1 Labs, a company that continues to focus on security analytics under IBM’s banner.
“We realised that the type of technology needed to mitigate the increasing threat of a security breach is already in IBM’s wheelhouse in terms of software, analytics and other complex technologies that we deliver in a simple way.”
Hannigan further mentions that, while there are hundreds of small vendors delivering security technology, the advancing security threat is unfortunately too complex to face alone. IBM, therefore, saw an opportunity for integration and further simplification of the security environment.
“We realised we were capable of integrating the company’s diverse sets of technologies and helping our customers implement them,” he says.
Security analytics is the aggregation of a variety of information sources, ranging from security logs and application logs to access logs, besides others, which amount to billions of logged records a day.
“There is too much information aggregated in one company for a person to manage. Automated analytics, however, can manage this information with ease,” says Hannigan.
IBM has established security centres worldwide, helping companies manage their data environments. These centres gather vast amounts of data records, but are still able to identify a possible external threat and notify a company about it.
“We have teams of researchers around the world constantly looking at data and the types of threats being initiated against certain companies,” he says.
Further, IBM offers automated analytics agents which comb the Internet in search of common threats, giving the IT giant an idea of new hacking methods.
Hannigan notes that the group’s research has revealed an increase in sophisticated phishing attacks, where the common method of security breaching is accessing one computer in a network and using it as a platform to further infiltrate the organisation, usually targeting senior employees.
This is because senior employees are considered “privileged users” who will inevitably have more access to a company’s classified information.
As a result of these types of attacks on employees who are higher up on the corporate ladder, IBM has started helping customers move beyond basic security and become proficient in the more advanced security arena, which will enable them to prioritise the identification and monitoring of high-risk company members who are likely to be targeted by ‘hacktivists’.
“IBM also helps customers with the early detection of possible threats and the ability to identify data that poses significant threats to their company. They need to understand risk,” stresses Hannigan.
He adds that, in addition to researching emerging threats, IBM is also focused on gathering best practice solutions from its customers worldwide in terms of the role security plays in an organisation.
Despite heightened alarm at the increased sophistication of security breaches, Hannigan says that, in recent years, governments and corporations have managed to improve their basic security measures, patching vulnerabilities in their software before attackers have the chance to find them.
“Companies have started analysing and scanning their own software to check for vulnerabilities and weaknesses. This means less margin for error,” Hannigan states.
IBM’s automated solutions also alert companies to suspicious behaviour – for example, when a computer is connected to an unusual outbound connection.
He explains that IBM’s automated security solutions are, through analytics, able to pinpoint unusual occurrences amid a sea of information – occurrences that would otherwise go unnoticed.
“What seems suspicious could be valid communication within a company, but everything still needs to be investigated,” Hannigan concludes.