IBM speeds response to cloud-based cyber threats
November 26, 2019
IBM has launched open technology to speed response to cyber threats across clouds. It is claimed to be the industry’s first capability to hunt threats across security tools and clouds without moving data.
Called Cloud Pak for Security, it can connect with any security tool, cloud or on-premise system, without moving data from their original source. Available today, the platform includes open-source technology for hunting threats, automation capabilities to help speed response to cyber attacks, and the ability to run in any environment.
The open-source technology can search and translate security data from various sources, bringing together critical security insights from across a company's multicloud IT environment. The platform is extensible, so additional tools and applications can be added over time.
As businesses move further into cloud maturity, applications and data are frequently spread across multiple private and public clouds and on-premise resources. Attempts to protect this fragmented IT environment often require security teams to undertake complex integrations and continuously switch between different screens and point products. More than half of security teams say they struggle to integrate data with disparate security and analytic tools and combine those data across their cloud environments to spot advanced threats.
Cloud Pak for Security installs in any environment – on premises, private cloud or public cloud. It is comprised of containerised software pre-integrated with the Red Hat OpenShift, an enterprise Kubernetes platform. Through the Oasis Open Cybersecurity Alliance, IBM has also forged partnerships with dozens of companies to promote interoperability and help reduce vendor lock-in across the security community through co-developed open source technologies.
Transferring data to analyse them creates additional complexity. Cloud Pak for Security can connect data sources to uncover hidden threats and help make more-informed risk-based decisions, while leaving the data where they reside.
Through the use of open standards and IBM innovations, clients can access IBM and third-party tools to search for threat indicators across any cloud or on-premise location. Via the Cloud Pak for Security's data explorer application, security analysts can streamline their hunt for threats across security tools and clouds. Without this capability, security teams would have to search manually for the same threat indicators – such as a malware signature or malicious IP address – within each individual environment. Cloud Pak for Security allows this type of search without needing to move those data into the platform for analysis.
It connects security workflows with a unified interface to help teams respond faster to security incidents. According to IBM Security estimates, security teams have to manage an average of 200,000 potential security events per day, and coordinate responses across dozens of tools.
Cloud Pak for Security allows clients to orchestrate and automate their security response so they can prioritise their team's time. The platform allows companies to orchestrate their response to hundreds of common security scenarios, guiding users through the process and providing quick access to security data and tools.
IBM's security orchestration, automation and response capability integrates with Red Hat Ansible for additional automation playbooks. By formalising security processes and activities across the enterprise, companies can react quickly and efficiently, while arming themselves with information to help address regulatory requirements.
"As businesses move mission-critical workloads to hybrid multicloud environments, security data are spread across different tools, clouds and IT infrastructure," said Mary O'Brien, general manager for IBM Security. “This can create gaps that allow threats to be missed, leading security teams to build and maintain costly, complex integrations and manual response plans. With Cloud Pak for Security, we're helping to lay the foundation for a more connected security ecosystem designed for the hybrid, multicloud world."
IBM collaborated with dozens of clients and service providers during the design process, developing a way to address critical interoperability challenges that permeate the security industry. Cloud Pak for Security includes connectors for pre-built integrations with popular security tools from IBM, Carbon Black, Tenable, Elastic, BigFix and Splunk, as well as public cloud providers including IBM Cloud, Amazon Web Services and Microsoft Azure. It is built on open standards so it can connect additional security tools and data from across a company's infrastructure.
"Organisations have rapidly adopted new security technologies to keep up with the latest threats, but are now juggling dozens of disconnected tools which don't always work well together," said Jon Oltsik, senior principal analyst for the Enterprise Strategy Group. "The industry needs to solve this issue for customers by shifting to more open technologies and unified platforms that can serve as the connective glue between security point tools. IBM's approach aligns with this requirement and has the potential to bring together every layer of the security stack within a single, simplified interface."
To accelerate industry migration towards open security, IBM is also spearheading open-source projects to make security tools work together natively across the security ecosystem. As a founding member of the Open Cybersecurity Alliance, IBM and more than 20 other organisations are working together on open standards and open source technologies to help enable product interoperability and reduce vendor lock-in across the security community.
Three quarters of organisations say they are already using between two and 15 hybrid clouds, and 98 per cent forecast they will be using multiple hybrid clouds within three years. Cloud Pak for Security is built on open source technologies that support companies' cloud environments, including Red Hat OpenShift.
Creating Cloud Pak for Security on these open, flexible building blocks allows for containerised deployment across any cloud or on premise environment. As companies continue adding new cloud deployments and migrations, it can adapt and scale to these environments, allowing clients to bring their sensitive and mission-critical workloads into the cloud while maintaining visibility and control from within a centralised security platform.
It also provides a model to help managed security services providers efficiently operate at scale, connect security silos and streamline their security processes. Organisations can also hire IBM Security for additional services, such as on-demand consulting, custom development and incident response.