The FINANCIAL — IBM announced on December 8 it is opening its security analytics platform, IBM Security QRadar, enabling customers, business partners and other developers to build custom apps that take advantage of the platform’s advanced security intelligence capabilities. The company is also launching the IBM Security App Exchange, a marketplace for the security community to create and share apps based on the company’s security technologies.
The opening of its security analytics platform is the second major step IBM has taken this year to advance industry collaboration and innovation to battle highly organized cybercrime. Earlier this year, IBM opened its 700 TB database of security threat data through IBM X-Force Exchange. More than 2,000 organizations have joined the threat sharing platform since it was announced in April. With the combination of opening its security analytics platform and its database of threat intelligence, IBM is promoting deeper industry collaboration and allowing organizations to share both data and expertise to stay ahead of cybercriminals, according to IBM.
IBM and partners including Bit9 + Carbon Black, BrightPoint Security, Exabeam and Resilient Systems already have populated the IBM Security App Exchange with dozens of customized apps that extend IBM Security QRadar security analytics in areas like user behavior, endpoint data and incident visualization. These new apps take advantage of new open application programming interfaces (APIs) for QRadar, IBM’s security intelligence platform. The platform uses data analytics and threat intelligence to detect security incidents for thousands of security operation centers across the globe, including almost half of the Fortune 100.
“With thousands of customers now standardizing on IBM’s security technologies, opening this platform for closer collaboration and development with partners and customers changes the economics of fighting cybercrime,” said Marc van Zadelhoff, Vice President, Strategy and Product Management, IBM Security. “Sharing expertise across the security industry will allow us to innovate more quickly in order to help stay ahead of increasingly sophisticated attacks.”
New Applications Speed Access to Wide Variety of Analytics
Open development and collaboration is a critical tool to speed innovation in the rapidly changing technology landscape. More than 77 percent of business managers say that collaborative development practices have benefited their organizations through a shorter product development cycle and faster time to market.1
Dozens of organizations have joined IBM App Exchange, which has already spurred the sharing of 14 new QRadar applications by IBM developers and partners such as Bit9+Carbon Black, BrightPoint Security, Exabeam and Resilient Systems. Others partners such as STEALTHbits and iSIGHT Partners also have apps in development.
Through integration with third-party technologies, these new apps are designed to provide customers with better visibility into more types of data and also offer new automated search and reporting functions which help security specialists focus on the most pressing threats. The apps are now freely available through the IBM Security App Exchange, providing customers with access to a wider variety of analytics that are tightly integrated within the security intelligence environment of IBM QRadar.
Examples of these new applications include:
User Behavior – the Exabeam User Behavior Analytics app integrates user-level behavioral analytics and risk profiling directly into the QRadar dashboard. This real-time view of user risk allows companies to detect subtle behavioral differences between a normal employee and an attacker using that same credential.
Threat Intelligence – a new IBM-developed app lets QRadar users pull in any threat intelligence feed using the open standard STIX and TAXII formats, and use this data to create custom rules for correlation, searching, or reporting. For example, users could bring in public collections of dangerous IP addresses from IBM X-Force Exchange and create a rule to raise the magnitude of any offense that includes IP addresses from that watch list.
Endpoint Detection and Response – A new app from Bit9 + Carbon Black provides QRadar users with deeper visibility into threats on endpoint devices, desktops, laptops and servers. By analyzing endpoint sensor data from within the QRadar interface, the Carbon Black App for IBM QRadar enables customers to detect and respond to endpoint attacks more quickly and efficiently.
Incident Visualization – the new IBM Security QRadar Incident Overview App allows users to better visualize all of the offenses within their QRadar installation using bubbles, colors and correlation lines. The size and color of the bubble indicates the magnitude of the incident, while lines drawn between bubbles indicate shared IP addresses among the linked incidents. This type of intuitive visualization approach helps security analysts to quickly identify common elements between incidents and better prioritize important incidents.
These applications are enabled by the new QRadar application framework, which allows the security community to quickly build new QRadar applications via open APIs and software developer kits. IBM Security will be closely testing every application before it is posted to the App Exchange to ensure the integrity of these community contributions.
IBM Security QRadar Speeds Searches and Automatically Responds to Threats
IBM is also announcing a new release of IBM Security QRadar, which analyzes data across an organization’s IT infrastructure to identify potential security threats. IBM is the market leader for Security Incident and Event Management (SIEM) based on 2014 total software revenue,2 and has held leadership positions in Gartner’s Magic Quadrant for SIEM for the past 7 years in a row.3
For the first time, QRadar will allow customers to create rules that will automatically take actions once specific threats have been detected. For example, rules created within QRadar can automatically trigger actions that block IP addresses and control user access based on their risk profile. Additionally, applications that are developed using the new QRadar application framework can also leverage custom rules to automatically respond to threats.
IBM is also further integrating QRadar with IBM BigFix endpoint security management to help customers better prioritize threats and patches on user devices. QRadar can now also identify the exposed endpoints that do not have BigFix installed, helping clients find rogue or unmanaged assets more quickly.
Discussion about this post