IBM’s new security systems work by ingesting massive amounts of publicly available data from computer networks, software and websites, and establishing patterns of normal behavior. Then it looks for irregularities in how the ingested data behave and are being used, IBM Vice President Marc van Zadelhoff said. One example: finding a PDF reader that is abnormally communicating with servers outside of a company’s infrastructure.
Data analytics also can help companies ferret out real attacks among the millions security “events” that happen each week, van Zadelhoff said. When Target was attacked by hackers who stole credit card data from tens of millions of its customers, the retailer security team saw alerts but the company didn’t act on them. IBM’s systems, for example, would prompt a company to act on an alert that data are being sent to an Internet address that is suspicious or known to be associated with computer criminals, van Zadelhoff said.