IBM Acquires Polar Security for Data Security Posture Management
IBM this week acquired Polar Security to add a data security posture management platform to its cybersecurity portfolio.
Kevin Skapinetz, vice president of strategy and product management for IBM Security, said the acquisition give IBM an agentless approach to securing data stored in cloud applications.
Investing in securing endpoints and network perimeters isn’t going to be enough to secure IT environments, so more organizations are starting to focus more on securing critical data. The challenge is that massive amounts of data are now stored in software-as-a-service (SaaS) applications that cybersecurity teams can not track using agent software, said Skapinetz.
Polar Security provides the ability to secure data in those applications and also uses machine learning algorithms to provide cybersecurity teams with the tools to specifically discover sensitive data containing, for example, personally identifiable information (PII), he added. Polar Security then classifies the data, maps its potential and actual and identifies vulnerabilities, such as misconfigurations, over-entitlements and behavior that violates policy or regulations.
Polar Security also provides remediation reports that pinpoint pressing security risks and compliance violations in addition to surfacing underlying causes and providing recommendations to resolve specific issues.
IBM has had a suite of Guardium tools for securing databases since 2009, but with the increased reliance on SaaS applications, there is a critical need for a way to secure data residing in those applications.
The bulk of SaaS applications in use today were selected by business units that didn’t always have the greatest appreciation for cybersecurity. Many cybersecurity teams are not even aware of the existence of so-called “shadow data” stored in these applications, noted Skapinetz.
Data security has become a major concern largely because of the increased volume of ransomware attacks that have become a cybersecurity scourge. IBM Security recently published a report that found ransomware attacks, on average, can now be launched and completed in less than four days, down from two months previously. Cybercriminals are also collaborating more effectively as different organized gangs continue to specialize in different types of attacks.
Unfortunately, far too many organizations ignore cybersecurity fundamentals which makes it easy for cybercriminals to compromise their IT environments. There may be all kinds of vulnerabilities that cybercriminals could exploit by developing more advanced forms of malware, but the simple fact is that phishing campaigns that enable them to capture credentials that can be used to access SaaS applications are still very effective. Many organizations that find themselves victimized by these attacks are discovering that the attack was enabled by a simple mistake.
Given that those mistakes are all but inevitable, the focus needs to be on better securing data regardless of where it resides or who created it. The issue, of course, is not every end user lets cybersecurity teams routinely know where the data they created has been stored, so it’s up to cybersecurity teams to go find out for themselves using whatever tools they have at hand.
Image credit: Jennifer Stern
