IBM Unveils Security Intel Service, Notes Big Jump In Attacks

Oct 26, 2004 (12:10 PM EDT)

Read the Original Article at

IBM has launched a new intelligence service, giving customers a monthly report showing the big picture of security attacks and other business threats.

As it unveiled the service, IBM disclosed data that claimed attacks against critcal networks climbed 55 percent August over July.

Dubbed the Global Business Security Index, the monthly report will be based on data collected by half a million monitored devices and security sensors, then compiled with additional information provided by IBM's 2,700 information personnel. Currently, IBM tracks 100 million real or suspected attacks per month for clients in 34 countries.

Among the threats that the index will report, said David Mackey, IBM's director of security intelligence services, are the normal worms and viruses that plague enterprises, but also more prosaic -- and overlooked -- threats such as developing natural or man-made disasters. "We'll provide an overall corporate threat perspective," said Mackey. "If it's hurricane season, for instance, we'll analyze the potential impact on specific industries and geographic areas."

The report, which targets the executive suite rather than IT, can be customized by industry, will sell for between $10,000 and $15,000 a year, and ranks threats on a 0 through 10 scale. Some part of it may be made public, said Mackey.

"This is a proactive look at threats," he added, "rather than on the other side, a reactive response to a developing threat."

Analysts generally agree that companies increasingly need some kind of security intelligence-based heads-up to warn them of major problems before they actually occur, or at least in time to mitigate the impact.

Other vendors offer similar services. Symantec, for instance, offers a variety of intelligence services based on its DeepSight Threat Management System of sensors, and Reston, Va.-based iDefense specializes in delivering security intelligence briefings to corporate customers.

"What we're doing is very similar to Symantec's DeepSight," admitted Mackey. "What's different in my book is IBM's huge breadth of technologies and expertise, and the huge amounts of resources we can call on.

"We're able to look more strategically at the threat landscape for trends and patterns," he said.

As part of the launch of the index, IBM noted that threats against its enterprise customers climbed by 27 percent in September over the July-August period, and that attacks against some of the most crucial parts of the country's infrastructure -- utilities, telecommunications companies, and government agencies -- rose by a whopping 55 percent from July to August.

Most general attacks were based on the long-running Sasser and Korgo worms, while assaults against critical links were due to a bump in attacks on Web servers such as Apache's HTTP Server and Microsoft's Internet Information Services server.

IBM noted that the increases may indicate hackers conducting reconnaissance-in-force prior to launching more complex, pointed attacks. But Mackey couldn't say whether that was the case here.

"Security is cyclical," he said, giving one explanation for the spike. "We really don't know the reasons why attacks were up in August. We don't have information about the perpetrators' motives, for one thing."