Threats from cyber attacks are at an all time high. These threat agents can be external, as well as internal, to an organization. Since ‘data’ is the new oil, most of these attacks are to directed to the data. It is either to illegitimately gain access to the data or to maliciously corrupt the data or to lock the data from legitimate access – all resulting in negative business impact.
Data is now the crown jewel of any business. What can your business do to proactively protect your data from such cyber threats?
IBM’s QRadar provides intelligent security analytics to quickly identify threats to your data and automatically begin the containment process. IBM Security has been named a Gartner Magic Quadrant Leader in SIEM for 10 years in a row. This world leading Security Information and Event Management system has now been integrated into IBM’s Spectrum Scale data storage system. Spectrum Scale is a distributed, parallel file system that is used on many of the world’s largest computers, including the current top two: Summit and Sierra. Spectrum Scale was once again named a Gartner Magic Quadrant Leader for Distributed File Systems. This integration of world class security with world class storage creates a proactive cyber security solution from all threats to your data regardless of the amount of data and whether its stored on-premise, in the cloud or any hybrid. All access to your data is tracked and monitored for a comprehensive, intelligent security solution. Innovation via Integration !
Let us take a simple example (while there could be many such manifestations).
Organization are required to protect their critical data from being maliciously accessed. One of the common reason for malicious access of data resulting in data theft or data breach is misuse or compromise of user credentials.
Let us take an example:
Spectrum Scale provides a unified namespace where all the data is centrally managed and hosted. Data can be accessed via different protocols (NFS,SMB,Object,POSIX). Consider a case where a IBM Spectrum Scale user credentials has been compromised. Now there can be situation where the data is being accessed at the ‘same time’ or ‘within a given period of time’ by the ‘same user’ but from ‘different geographies’. This is a case of data breach where the same user credential is being used to access data from different geographies. This can happen either because the user credential got compromised or the user has illegally shared is credentials. How can one detect such a situation and take measures to control/minimize the impact ?
Solution: IBM Spectrum Scale has a file audit logging feature that audit logs access to files which are stored in immutable storage. These audit logs include information like the user accessing the files, the time of access, the IP address of the system from where the access is originated, etc. By relaying these Spectrum Scale file audit logs to IBM QRadar, IBM QRadar can in real time monitor and alert if it detects any access to data (hosted on IBM Spectrum Scale) happening via the ‘same user’ but the from ‘different geographies’ at the ‘same time’ or within’ short interval of time’ (where detection of geographies that is derived from IP address is an IBM QRadar plugin feature functionality). This threat alert can be configured with an action script like – indicate IBM Spectrum Scale to take a filesystem snapshot so that the data is protected and can be rolled back – thus proactively protecting your data. Alternatively the threat alert can also be configured to indicate the administration to take action like preventing or blocking the data access.
IBM Spectrum Scale and IBM QRadar solution is an innovation via integration which unites the best of both the worlds for businesses to host their data securely.
More details on this solution can be found at : http://www.redbooks.ibm.com/abstracts/redp5560.html?Open