IBM touts anomaly detection to counter smarter hackers

 

Gallery

By Caroline Donnelly

Posted on 25 Apr 2012 at 09:24

Traditional firewalls and antivirus are no match for increasingly sophisticated hacking attacks, IBM has claimed, as the company announced its “anomaly detection” hardware.

Speaking to our sister site IT Pro at Infosecurity Europe in London, Marc van Zadelhoff, vice president of strategy and product management at IBM Security Systems, said there had been a marked rise in hackers bypassing firewalls over the past year.

“What we saw in 2011 were hackers that were able to install themselves on servers, protected by firewalls and antivirus,” said van Zadelhoff.

“They then start to flow out data, a few bits at a time, to a receiver on the outside of the organisation.”

Hackers could be sending out customer details to an FTP or IP address you don’t usually do business with, and you wouldn’t notice it without an anomaly detection system

To counteract this, the company has launched a new appliance, based on the technology acquired through its buyout of security intelligence software vendor Q1 Labs last October.

IBM said the QRadar Network Anomaly Detection device was designed to detect subtle abnormalities in network traffic, where malware may have been installed to send data to unauthorised destinations.

“[The hacker] could be sending out customer details to an FTP or IP address you don’t usually do business with, and you wouldn’t notice it without an anomaly detection system in place,” he said.

However, the company said the product was not designed to replace firewalls or antivirus, merely provide users with an extra line of defence for outgoing traffic.