Jul 31, 2012 (05:07 AM EDT)
IBM Launches Advanced Threat Detection Appliances

Read the Original Article at InformationWeek

Want to control how and when employees can use social networks or online services while at work?

IBM announced Tuesday the release of a new class of intrusion prevention system (IPS), dubbed IBM Security Network Protection, to help information security managers keep a closer eye on which applications and websites their employees are accessing, so they can more easily prevent inappropriate or risky behavior. The devices allow organizations to create and enforce security policies that can be customized to a user's role in the organization, the time of day, as well as the type of site being visited.

The first appliance in what IBM calls the new "advanced threat platform" product line is the midrange XGS 5000, which offers 2.5-Gbps throughput and works on up to eight network segments. "The XGS 5000 appliance is a next-generation IPS," said John Cloonan, program director for product management at IBM Security Systems, in an interview at last week's Black Hat conference in Las Vegas. "The idea behind it is it takes our existing threat protection, and adds to that better visibility and control." He said the appliances will pull data from any LDAP source, meaning security managers can create policies customized to different groups of employees.

As that suggests, when it comes to security policies and social media, one size doesn't fit all. For example, a beta user of the new appliances was St. Vincent's Hospital in Australia, which has 1,000 unique network users. According to Paul Kaspian, a senior product marketing manager for IBM Security Systems, the hospital made a few interesting discoveries thanks to the appliance, including a previously unknown Trojan application infection, as well as heavy use of YouTube by physicians. But while the hospital's security team immediately eradicated the malware, they left the YouTube access for physicians intact, because it turns out that many physicians use YouTube to review procedures, refresh their knowledge, or share what they've learned with their peers.

[ Is your money safe? See More Than 50% Of Major Banks Have Malware. ]

On the other hand, many businesses deem certain social media or streaming-media sites to be clearly out of bounds. Earlier this year, for example, consumer goods manufacturer Procter & Gamble revealed that it had found that each day its employees were watching 50,000 YouTube videos, streaming 4,000 hours of music on Pandora, as well as streaming a significant number of movies via Netflix. In the name of recovering bandwidth, if not productivity, the organization blocked access to Netflix and Pandora. But since Procter & Gamble uses YouTube--as well as Facebook--for marketing and internal communications, they were spared.

On a similar note, the new line of IBM security appliances enables more than just allowing or blocking a social networking site such as Facebook. "Granularity is key, because you can't just unilaterally block Facebook anymore," said Kaspian, in an interview at Black Hat. Notably, many employees now use Facebook, Twitter, Google+, and other social networks to keep in touch not just with each other, but also customers.

So instead of blocking such sites, "maybe I want to ... say that people can go to their Facebook page over lunch, but they can't post, play games, or chat," said Cloonan. "We're not approaching this from a dictatorship of, 'you shouldn't be allowed to have any fun during work hours,' but more about, 'how can I protect work information?'"

The new range of appliances is part of IBM's effort to provide a big-picture approach to enterprise security, by blending numerous types of prevention, detection, and correction capabilities. For example, Cloonan said the new range of appliances incorporates a threat-intelligence feed via IBM's X-Force, which includes a database of 15 billion URLs, slotted into 68 different categories, and which have been automatically reviewed for any sign that they might be malicious. IBM said its device also offers native support for 1,000 different types of online applications or actions, including Dropbox and Evernote, and can block such things as IM chats or attachments. It also integrates with IBM's QRadar Security Intelligence Platform.

According to Kaspian, IBM gained the URL database back with its acquisition of ISS, which had purchased Cobion. "We're taking that technology and using it to make all of the decisions around Web control," he said. "The granularity is really key. Yes, there are already products that can block things like gambling sites, but the interesting thing here is that we've taken this and integrated it into our threat protection platform. We're using it from the standpoint of preventing risk, rather than governing user behavior."