IBM debuts real-time vulnerability manager

The tool, part of its QRadar line, scans, analyzes and unifies vulnerability information in a single place.


IBM announced this morning a new security intelligence tool that it says helps organizations identify vulnerabilities in real-time.

It's called the QRadar Vulnerability Manager, and it aggregates vulnerability information into a single view where a security lead can manage it. The new product slots into IBM's Security Intelligence Platform.

The tool "combs through security holes to help close them to potential exploits, excluding those hidden behind firewalls, associated with inactive applications or otherwise unreachable from external attacks," IBM says.

The need that Big Blue is trying to fill here is limited resources. The tool was developed to address reductions in security staffing, even as vulnerabilities multiply exponentially. IBM believes fewer people can do more with less if it takes data that is already available within an organization and provides the right context (risk, and therefore priority) to it.

QRadar handles network, endpoint, database and application scanners and pulls in the latest X-Force Threat Intelligence alerts and incident reports from the National Vulnerability Database. It also has its own PCI-certified scanner.