We are excited to share that on September 24, 2019, IBM announced and made generally available a new software offering, IBM i2 Connect, which combines seamless connection to data sources with powerful, multi-dimensional visual analysis.
i2 Connect is designed to help organizations increase efficiency of investigation and intelligence analysis activities by enabling users to connect to and search, and visually analyze a variety of data sources to which they have authorized access. i2 Connect enables you to:
- Connect quickly and easily to multiple internal, external, or commercial data sources.
- Help reduce the time required to aggregate data and derive rich, actionable intelligence from complex data sets.
- Seamlessly access relevant information on demand to quickly uncover patterns, trends, and connections within large volumes of data to help generate actionable insights in near real-time.
- Harness the power of multiple data sources to help detect vulnerabilities and disrupt cyber and physical threats.
A robust ecosystem of extensibility options, including connectors and APIs, empowers users to more quickly discover hidden patterns and connections. See the related i2 Community library item, titled “IBM i2 Connect connector library” for a list of currently available connectors and connector accelerators from IBM Security Expert Labs.
i2 Connect has applicability across national security & defense, law enforcement, fraud and financial crimes investigations and cyber threat investigations / hunting. There are countless examples of organizations finding hidden connections in minutes as compared to their previous approach taking days/weeks/months, as well as uncovering additional, previously unknown threat actors. The possibilities are endless. Here are some illustrative use case examples:
- Cyber/Insider Threat Investigation:
- Example of data sources: QRadar/SIEM data, Resilient/incident response artifacts, threat intelligence, enterprise data (HR records, badge logs), etc.
- Workflow scenario: Analyst can quickly search additional data sources to explore and conduct a faster investigation with enriched information from a single interface. Output can be saved back to incident response / case management tool.
- Value: A deeper investigation, beyond initial detect and response, using an investigative analysis tool can uncover hidden, non-obvious connections and reveal the broader extent of the cyber threat.
- Fraud/Sanction Violation Investigation:
- Example of data sources: Sanction lists, social media, news reports, international watch lists, company registration information, etc.
- Workflow scenario: Analyst can quickly bring together data from multiple, disparate sources onto an i2 chart and use multi-dimensional visual analysis and advanced analytics for actionable insight.
- Value: Discover inappropriate individuals or entities, even before a transaction has taken place, ensuring an organization can withdraw services and remain in compliance with regulations.
- Law Enforcement/Crime Investigation:
- Example of data sources: Criminal data base records, personal records, signal intel, financial intel, geospatial intel, human intel, etc.
- Workflow scenario: Analyst uses the data connection and intelligence analysis capability to bring together / fuse data on the chart for a more comprehensive picture.
- Value: Enable and accelerate investigations, and help reduce crime, by using powerful analytics and analysis capabilities to find connections between people, places, technology, criminal activity and more.
The wide range of visualization and analysis capabilities help to identify key people, events, connections, and patterns that might otherwise be missed, such as timeline analysis, geospatial analysis, social network analysis, find path, list most connected, etc. Clear and concise briefing charts simplify the communication of complex data to enable timely and accurate operational decision making. Users also benefit from recent additions to the i2 portfolio, such as data fusion. Information is captured as records and sent to the i2 chart surface, where it can be deduplicated or fused against other data on the chart to avoid duplicating data from multiple sources and allow further results filtering to be applied.
For more information on our recent IBM i2 Connect new offering announcement, please see the applicable Announcement Letter:
For technical information on installing, customizing and using IBM i2 Connect, and specifically the connector gateway and connector creation capability, please visit our IBM i2 Knowledge Center.
#i2