Embed Size (px)
Citation preview
IBM i2 for a safer planet
Detect, disrupt and defeat advanced physical and cyber threats Uncover hidden connections, gain actionable intelligence and accelerate data to decision
IBM Security Thought Leadership White Paper
The threat landscape is constantly changing. In the physical world, new crime rings and terrorist cells continue to form; in the cyber world, threat actors are constantly crafting new ways to steal data, disrupt business and destroy reputations. Those in charge of hunting down physical and cyber threats—whether it’s the chief information security officer, the threat intelligence director, the director of fraud detection, the chief of police or a national security leader—have a tough job to do.
One of the greatest challenges security and intelligence analysts face is being overwhelmed by massive volumes of data from different sources. And they often lack tools that give them the ability to predict and prevent physical and cyber threats.
This is a crucial gap, because for every advanced threat, there’s a human behind it. IBM® i2® solutions offer a cutting-edge analytics and intelligence platform that enables advanced threat-hunting with a human-versus-human approach. The solutions go beyond policy-based capabilities, to help security
and intelligence analysts not only understand, but also anticipate, when and where the next threat actor will strike—whether it’s in the IT network, at the national border or in the local streets.
The solution empowers threat hunters across the public and private sector with the military-grade tools they need to
Overcoming THREAT-HUNTING CHALLENGES across physical and cyber spaces
IBM i2 for a safer planet
Threat actors are getting more sophisticated, while analysts are overwhelmed with the volume and complexity of data.
THREAT HUNTING CHALLENGES DETECT, DISRUPT, DEFEAT OUTTHINK THE BAD GUYS ARM YOUR ANALYSTS BACKED BY IBM
outthink threat actors, arming security and intelligence analysts with tools and technology that enable them to detect, disrupt and defeat advanced cyber and physical threats by correlating and analyzing disparate data sources in near-real time.
Watch a video to learn how IBM i2 solutions help identify and prevent advanced cyber threats.
IBM i2 solutions provide analysts and threat hunters with advanced tools to detect, disrupt and defeat advanced threats.
IBM i2 for a safer planet
DETECT, DISRUPT AND DEFEAT advanced threats
DeliverFund uses IBM i2 to stop human traffickingDeliverFund is a non-profit, private intelligence organization committed to disrupting human-trafficking networks. In one case, the time from a network’s detection to arrest was only 27 days. According to DeliverFund’s founder, “In the counter-human-trafficking world, that is unheard of. This was in large part due to IBM i2 intelligence analysis software.”
IBM i2 applications span a range of industries and threat-hunting needs, including:• National security and defense agencies seeking to gain
immediate insights and arrive at security decisions at speed and scale to support mission-critical operations
• Law enforcement agencies that need a common intelligence picture, with analytics designed for investigative analysts, that optimizes lead generation and crime management
• Advanced security operations centers (SOCs) in enterprises that need to find threats faster and earlier in the kill chain and reduce time to detection and the costs and impact of cyber attacks
• Fraud and financial crime prevention leaders in commercial enterprises seeking to tackle complex investigations and uncover hidden connections to detect fraud and insider threats across their operations
Threat detection doesn’t start with data. It starts with questions. What is the problem that an analyst needs to solve? Is it searching for a malicious insider who’s secretly moving intellectual property data out of our network? Are we trying to shut down a ring of drug dealers? Is it searching for clandestine transactions that could indicate money-laundering? Identifying the problem helps determine the data that’s needed—and where it can be found—whether inside or outside the organization.
Once the needed data sources are determined, IBM i2 advanced analytics and intelligence analysis tools help analysts transform data into decisions in near-real time, uncover hidden connections with visual displays, and turn overwhelming and disparate data—regardless of the source—into actionable intelligence.
THREAT HUNTING CHALLENGES DETECT, DISRUPT, DEFEAT OUTTHINK THE BAD GUYS ARM YOUR ANALYSTS BACKED BY IBM
Watch a video about how DeliverFund uses IBM i2 solutions to battle human trafficking.
IBM i2 solutions combine the power of advanced analytics with the power of human-led advanced intelligence analysis capabilities.
Why enterprises are adopting threat hunting The analysis capabilities of IBM i2 were developed in the domain of the defense, law enforcement and intelligence communities. Today, as advanced threats continue to increase in sophistication, enterprises—especially in the banking and financial services industries—are tapping into these rich, military-grade capabilities to detect fraud, pinpoint money laundering and anticipate cyber threats.
IBM i2 for a safer planet
OUTTHINK THE BAD GUYS with a human-versus-human approach
Policy-based security solutions such as endpoint protection, network security, and identity and access management are necessary forms of threat protection. But these solutions are even more effective when combined with the power of human insight into human behavior that can be developed through IBM i2 multidimensional analysis. To stay ahead of threats, security and intelligence analysts need to think like the “bad guys” they’re trying to defeat, whether that’s in the world of cybersecurity or mission intelligence.
IBM i2 solutions provide a human-versus-human approach to understanding the enemy. Powerful analytics can help analysts develop insights to understand and anticipate where threat actors might strike next. By connecting, analyzing and visualizing disparate data sources—including open-source and third-party data stores, whether from a human resources system, a crime database or social media—IBM i2 analysis provides near-real-time insight that can help intelligence and SOCs detect, disrupt and defeat threat actors.
THREAT HUNTING CHALLENGES DETECT, DISRUPT, DEFEAT OUTTHINK THE BAD GUYS ARM YOUR ANALYSTS BACKED BY IBM
Watch a webinar to learn more about why enterprises are adopting threat hunting.
Watch a video to learn how IBM i2 solutions help prevent banking fraud.
IBM i2 for a safer planet
THREAT HUNTING CHALLENGES DETECT, DISRUPT, DEFEAT OUTTHINK THE BAD GUYS ARM YOUR ANALYSTS BACKED BY IBM
DATA TO DECISION UNCOVER THREATS ACTIONABLE INTELLIGENCE
IBM i2 force-multiplies the efforts of analysts fighting advanced adversaries across physical and cyberspace.
ARM YOUR ANALYSTS to fight advanced adversaries
Threat data can (and should) be drawn from a variety of sources. But manually sifting through databases, emails, videos, documents, social media and open-source data to uncover threats can be an overwhelming task for those responsible for threat hunting.
IBM i2 solutions are a “force multiplier” for security and intelligence analysts, bringing in structured and unstructured data from internal and external sources. The platform optimizes data by applying a single data model to disparate digital and physical data feeds, empowering analysts to perform visual, temporal and geospatial analysis. And, it arms analysts with the tools they need to connect to new data sources or open-source data—even if the sources are not already imported into the IBM i2 data store.
Analysts can use built-in algorithms or construct visual queries to establish connections between potentially matching items imported from disparate data sources, and then find and merge matching entities. Analysts can also create and share charts with colleagues, other departments or third-party organizations.
Because IBM i2 solutions are built on an open and extensible architecture, they easily integrate with IT investments and are designed to handle concurrent operational queries from multiple workgroups across the organization, sharing a central system with continuous data ingestion. Deployments can range from a single, deployed user through an organization-wide system connected to multiple data sources and used by many analysts.
Watch a demonstration to see how IBM i2 solutions can help analysts find and match seemingly unrelated entities.
Ingest, fuse and analyze data from disparate data sources with multidimensional visual analysis.
Building society uses IBM i2 to combat financial crime Skipton Building Society, the United Kingdom’s fourth largest building society, needed a way to move beyond manual analysis processes for investigating financial crime. Deploying IBM i2 analysis tools helped speed investigations by 80 percent and eliminated hours of spreadsheet-based analysis by presenting data visually.
IBM i2 for a safer planet
THREAT HUNTING CHALLENGES DETECT, DISRUPT, DEFEAT OUTTHINK THE BAD GUYS ARM YOUR ANALYSTS BACKED BY IBM
DATA TO DECISION UNCOVER THREATS ACTIONABLE INTELLIGENCE
Ingest, fuse and analyze data from disparate data sources, including structured, unstructured, open-source intelligence (OSINT) and dark web data, in near-real time.
Accelerate DATA TO DECISION
Once analysts have determined the data they need to analyze, the challenge is leveraging the data in a way that supports immediate decisions. To do this, they need the ability to quickly understand the substance and significance of both stored and incoming information.
Through the ability to integrate with other data sources, IBM i2 solutions can manage hundreds of concurrent complex queries with continuous data ingestion that enables organizations to load data dispersed across various silos—simultaneously.
Data-access-on-demand connectors help users analyze data in near-real time and: • Rapidly uncover abnormal patterns, test hypotheses and
query terabytes of data in seconds• Receive automatic alerts when data is added or altered• Reveal temporal, network hierarchies and critical
geospatial insights• Flexibly view data in a histographical or temporal format to
identify anomalous activity such as Domain Name Server tunneling
Watch to learn how IBM i2 turns data to decision in near- real time.
IBM i2 solutions enable organizations to fuse data from multiple internal and external sources, including social media.
IBM i2 for a safer planet
THREAT HUNTING CHALLENGES DETECT, DISRUPT, DEFEAT OUTTHINK THE BAD GUYS ARM YOUR ANALYSTS BACKED BY IBM
DATA TO DECISION UNCOVER THREATS ACTIONABLE INTELLIGENCE
Analysts can ask and answer complex questions with simple and easy-to-use capabilities to uncover hidden connections and find the signal in the noise.
UNCOVER HIDDEN CONNECTIONS and gain new insights
Analysts are tasked with interpreting massive amounts of data from multiple sources, including databases, emails, videos, social media and open data sources. Whether they’re looking to detect, disrupt and defeat multiple login attempts at 2 a.m. from a remote location in China, under-the-radar movement of arms across borders, or suspicious funds transfers too small to trigger a regulatory review, it’s difficult for analysts to mine these massive data volumes for hidden connections.
With IBM i2 solutions, collected information can be integrated and visualized with open-source information to create a comprehensive view of even non-obvious connections and patterns. Analysts can also ask the system to “find connecting networks” to uncover relationships separated by several degrees.
Connections and trends buried in terabytes of data can be viewed in near-real time with multidimensional visualizations—including geospatial, temporal and relationship analytics. An identity resolution and recommendation engine provides assisted analysis by consolidating massive data sets and reconciling
Watch a video to learn how IBM i2 solutions can help stop insider threats.
Multidimensional analysis capabilities help to quickly find hidden connections and patterns.
duplicate entities masked by aliases. Through the engine, users can set alerts to track new and critical information, 24x7.
Analysts can ask complex questions using visual query, using icons to draw or diagram questions with no coding or special support required.
IBM i2 for a safer planet
THREAT HUNTING CHALLENGES DETECT, DISRUPT, DEFEAT OUTTHINK THE BAD GUYS ARM YOUR ANALYSTS BACKED BY IBM
DATA TO DECISION UNCOVER THREATS ACTIONABLE INTELLIGENCE
Make confident decisions and take confident action by turning overwhelming and disparate data into actionable intelligence in near-real time.
Turn overwhelming and disparate data into ACTIONABLE INTELLIGENCE
To truly defeat threats, the intelligence gathered about them must be something that can be acted on—whether that means blocking network access for a suspicious user or alerting authorities about criminal activity. However, technologies such as social media, the Internet of Things and the cloud have produced a massive amount of complex data that threat actors are busy using to mask their identities and activities. Rich extraction, analysis and visualization within IBM i2 solutions can effectively turn data complexity into actionable intelligence, helping to reveal the who, what, where, when and why behind threats.
IBM i2 solutions can automatically link seemingly unrelated entities, running complex queries across hundreds of terabytes of data, and applying three-dimensional, advanced analytics—simultaneously. With a comprehensive view, analysts can develop a holistic understanding of their attack surfaces and vulnerabilities and can proactively develop physical- and cyber-attack scenarios.
IBM i2 empowers analysts to apply visual, geospatial and temporal analysis to conduct precise and complex queries that deliver actionable intelligence.
Making intelligence actionable also means making it accessible as your organization transitions. Whether it’s security personnel changes in an enterprise or unit transfers in military and intelligence, evolving workforces can potentially disrupt the flow of critical threat information.
IBM i2 solutions enable organizations to create a robust data repository that remains in place throughout such transitions. Both predefined and custom-built templates can help to quickly populate the repository.
Due to their open design, IBM i2 solutions can enable application programming interfaces (APIs) that allow organizations to customize analytics that meet their specific needs and requirements.
Watch a video to learn how IBM i2 solutions are helping the intelligence community create a safer planet.
IBM i2 is the trusted intelligence analysis platform for government and the private sector, spanning national security and defense, law enforcement, fraud investigations and cyber threat hunting.
IBM i2 for a safer planet
© Copyright IBM Corporation 2018
IBM Security New Orchard Road Armonk, NY 10504
Produced in the United States of America April 2018 IBM, the IBM logo, ibm.com, and i2 are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. It is the user’s responsibility to evaluate and verify the operation of any other products or programs with IBM products and programs. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. Statements regarding IBM’s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
95014195-USEN-00
IBM i2 software is based on nearly three decades of analyst input from more than 4,000 organizations and is the trusted intelligence analysis platform for government and the private sector, spanning national security and defense, law enforcement, fraud investigations and cyber threat hunting. Backed by a history of innovation in intelligence analysis, IBM i2 solutions are built on an open and extensible architecture with out-of-the-box analysis capabilities that provide clients with ease of scalability and planning for future needs. By arming analysts around the globe with the advanced tools they need to detect, disrupt and defeat advanced physical and cyber threats, IBM i2 solutions are helping to create a safer planet.
IBM i2 solutions are backed by the power of IBM, including in-house intelligence analysis subject matter experts, IBM services, and the IBM partner ecosystem for design, install, support and training to handle even the most complex challenges. IBM i2 offers proven subject expertise, longevity in the market and experience in global deployments of all sizes that is unmatched.
For more informationFor more information about IBM i2 solutions, contact your IBM representative or IBM Business Partner, or visit: ibm.com/us-en/marketplace/enterprise-insight-analysis
THREAT HUNTING CHALLENGES DETECT, DISRUPT, DEFEAT OUTTHINK THE BAD GUYS ARM YOUR ANALYSTS BACKED BY IBM
Trusted for the most critical missions. WHAT’S YOURS?
