Security Intelligence can be simply defined as a specialized version of Business Intelligence.
Business intelligence (BI) mainly refers to computer-based techniques used in identifying, extracting, and analyzing business data, such as sales revenue by products and/or departments, or by associated costs and incomes.
BI technologies provide historical, current and predictive views of business operations. Common functions of business intelligence technologies are reporting, online analytical processing, analytics, data mining, process mining, complex event processing, business performance management, benchmarking, text mining and predictive analytics.
Business intelligence aims to support better business decision-making. Thus a BI system can be called a decision support system (DSS). Though the term business intelligence is sometimes used as a synonym for competitive intelligence, because they both support decision making, BI uses technologies, processes, and applications to analyze mostly internal, structured data and business processes while competitive intelligence gathers, analyzes and disseminates information with a topical focus on company competitors. Business intelligence understood broadly can include the subset of competitive intelligence.
Security Intelligence provides a unified architecture for collecting, storing, analyzing, and querying log, threat, vulnerability, and risk related data. As a result, operators, analysts, and auditors using any of the modules of the Security Intelligence Platform benefit from:
- Unified collection, aggregation, and analysis architecture for application logs, security events, vulnerability data, IAM data, configuration files, and network flow telemetry
- A common platform for all searching, filtering, rule writing, and reporting functions
- A single user interface for all log management, risk modeling, vulnerability prioritization, incident detection, and impact analysis task
Security Intelligence evolved from earlier Log Management and Security Information and Event Management (SIEM) solutions which focused on security system log collection and analysis. By the late 2000′s it became clear that security teams would be better served by broadening collection sources and unifying analysis and response. In fact, the organization is best served by a security intelligence platform which enables the addition of new applications while maintaining a consistence user interface.
The Security Intelligence Platform manufacturer with whom Cymbel partners is Q1 Labs, an IBM Company. QRadar’s next-generation SIEM, Log Management, Network Activity Monitoring and Risk Management technologies are built on a Security Intelligence Platform. As a result, QRadar enables security professionals to comprehensively prevent, defend, remediate and analyze exploits and policy violations, all through our unique ”one-console” security intelligence approach.
Links to Explore
A description of Q1 Labs, an IBM Company, products.