The IBM InfoSphere BigInsights solution, which is IBM’s optimized version of Hadoop, is being paired with QRadar to form the IBM Security Intelligence with Big Data solution.
Kevin Skapinetz, program director of Product Strategy at IBM Security Systems, explained to eSecurity Planet that the combined solution is all about looking for patterns that are hidden in large volumes of data.
“We’re combining the best of real time analytics with an exploratory approach so you can literally squeeze every last drip of information about attacks from your data,” Skapinetz said.
QRadar on its own was able to obtain, process and correlate large volumes of data. Skapinetz said the addition of InfoSphere BigInsights goes a step further to analyze unstructured data. One example he cited is DNS (domain name system) data analysis that traditionally is not ingested by SIEM due to its high volume.
“With this solution you could store all that DNS data and interrogate it,” Skapinetz said.
That data interrogation could potentially lead to attack discovery information. Additionally text analytics can be used with BigInsights to review multiple years’ worth of data to find patterns. With BigInsights, different types of machine learning algorithms can be written to spot very customized types of attacks and malicious outliers, Skapinetz said.