Network Computingwww.networkcomputing.com

IBM Adds Vulnerability Manager To SIEM Platform

Posted by Brian Prince
July 26, 2013

IBM has expanded its security information and event management (SIEM) platform with new software designed to help organizations find and prioritize network security risks.

QRadar Vulnerability Manager (QVM) is integrated into IBM's QRadar Security Intelligence Platform and draws analysis from a range of sources, including IBM's X-Force research team and BugTraq.

According to IBM, vulnerability information is aggregated into a single view, and security teams can see the results from multiple network, endpoint, database or application scanners alongside the latest X-Force Threat Intelligence alerts and incident reports from the National Vulnerability Database.

QRadar Vulnerability Manager also includes its own embedded, PCI-certified scanner that can be scheduled to run or triggered based on network events.

Alea Fairchild, director of The Constantia Institute, said the integration of QVM with IBM's SIEM gives the company an edge. The Constantia Institute is an independent technology think tank based in Belgium.

"By adding intelligence to the vulnerability management process, it helps in the resource allocation process of what has to be taken care of first, which still has human components to it," Fairchild said.

[A recent study found that most enterprises run outdated, vulnerable versions of Java. Get the details in "Java Vulnerabilities Pervasive In The Enterprise."]

Vulnerability scanners by and large are all pretty good and pretty much a commodity, said Javvad Malik, senior analyst for the enterprise security practice at 451 Research.

"You can take any scanner from the market both commercial and non-commercial, point it and click and they will give you a similar set of results listing out vulnerabilities," he said. "For large organizations, these can be enormously long lists. What we have seen in the market is the need for 'context' to be added to vulnerabilities -- i.e., how important is this vulnerability, or does it really impact systems. So the approach that IBM has taken is very much in line with how we see the vulnerability management space evolving."

"The fact that it is integrated with QRadar gives it a lot of contextual data [and] it can feed off many data streams which enriches the data," he added. "So it will make other vendors take notice. When you look at the broader offering as a whole, it makes an attractive proposition to companies and could lead to IBM displacing other vendors by providing a single unified offering."

Along with QVM, IBM also introduced IBM Security Network Protection XGS 5100, an IPS product that also is integrated with the QRadar platform. XGS 5100 works by inspecting SSL traffic to detect threats masked in encrypted traffic.

Related Reading