Real Time Social Media Monitoring and Correlation

Wednesday, September 29, 2010

Heather Howland


The advent of social networks have had a tremendous impact on how individuals relate to one another in the cybersphere, and have also proven to be an effective means for businesses to further corporate branding and product marketing efforts.

Simply put, the Internet has revolutionized how individuals and corporations interface with the each other, and now social networks are revolutionizing how we interface with the Internet.

Unfortunately, these innovations have come at a tremendous cost to enterprise security efforts by dramatically increasing network vulnerability pathways, and by decreasing the level of organizational controls over access to sensitive and proprietary information.

According to Mark Nicolett, VP Distinguished Analyst - Security Privacy & Risk, at Gartner, in the recent report entitled Security Monitoring and Assessment for Cloud Environments, "application activity monitoring is important because application weaknesses are frequently exploited in targeted attacks, and because abnormal application activity may be the only signal of a successful breach or of fraudulent activity."

Sandy Bird, co-founder and CTO of Q1 Labs said, "Companies today face the increasing challenge of keeping their networks safe from hackers that have evolved, and that are taking advantage of new avenues of attack - such as social networking sites and applications utilized by partners, outsourcers and employees. They are also faced with keeping productivity up, due to the ‘always-connected' mentality of employees that want to be constantly connected to their social networks.

Businesses can regain the element of control without hampering the flow of crucial information by employing software that monitors activity on an enterprise-wide basis for potential threats to information and network security.

Q1 Labs recently announced it has introduced the next version of its security information and event management (SIEM) product called QRadar 7.0, complete with the ability to monitor activity on social media platforms and multimedia applications such as Twitter, Facebook, Gmail, LinkedIn and Skype, among others.

The anomaly detection and configurable content capture via deep packet inspection (DPI) make it easy to detect Web-based malware, discover what vulnerabilities are being introduced to the environment when applications are accessed, and what kinds of information users are making public in real-time.

Q1 Lab's Sandy Bird also indicated that "leveraging our native capabilities for DPI and content capture, the new version of QRadar allows companies to see into what social media applications are being used on their networks, and determine what types of threats come to light if these types of applications are allowed."

Social Media Monitoring and Correlation: the ability to monitor the usage of social media from within a customer's network. This includes the ability to identify which users are accessing which social media services, determine the volume and pattern of usage, and inspect and alert on the content being transmitted to those services.

Social media usage can also be correlated against other network and log activity within an enterprise - e.g. the transmission of data to a social media site immediately following the user accessing a sensitive internal resource.

User and Application Anomaly Detection: the ability to detect anomalous behavior of both network and application usage by specific users.  Excessive or out-of-profile behavior can be detected for example, out-of-hours or excessive usage of an application or cloud-based service, or network activity patterns which are inconsistent with a system's or user's historical profile.

Client-Side Vulnerability Profiling: the ability to identify a network's most vulnerable assets, and then detect and alert immediately when these systems engage in activity that potentially exposes those vulnerabilities.

For example, customers can scan their networks for unpatched applications, devices and systems, determine which ones connect to the Internet, and prioritize remediation actions based on the risk profile of each application.

Q1 Labs is a global provider of high-value, cost-effective next-generation security intelligence products. The company's flagship product, QRadar SIEM, integrates previously disparate functions - including risk management, log management, network behavior analytics, and security event management - into a total security intelligence solution, making it the most intelligent, integrated and automated SIEM product available.

QRadar SIEM provides users with crucial visibility into what is occurring with their networks, data centers, and applications to better protect IT assets and meet regulatory requirements.

Q1 Labs is headquartered in Waltham, Mass., U.S.A., and the company's customers include healthcare providers, energy firms, retail organizations, utility companies, financial institutions, government agencies, and universities, among others.

Possibly Related Articles:
Service Provider
Web Application Security SIEM
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.