IBM Looks to Unify Cybersecurity
IBM today announced it is leveraging containers and microservices to make a suite of security software available on any platform running on-premises or in the cloud.
Justin Youngblood, vice president of product management and development for IBM Security, said Cloud Pak for Security also includes the first federated search tool for hunting for threats across multiple security tools and platforms.
Dubbed Data Explorer, the application leverages open interfaces defined by OASIS Open Cybersecurity Alliance to integrate with third-party security tools. Members of the alliance include Advanced Cyber Security Corp, Corsa, CrowdStrike, CyberArk, Cybereason, DFLabs, EclecticIQ, Electric Power Research Institute, Fortinet, Indegy, McAfee, New Context, ReversingLabs, SafeBreach, Syncurity, ThreatQuotien and Tufin.
Youngblood said Data Explorer eliminates the need to repeatedly launch the same query across multiple tools organizations have in place to discover whether the same threat is present. IBM estimates that security teams today are investigating on average of 200,000 potential security events per day, most of which involve manually querying as many as 50 different cybersecurity tools.
One of the biggest challenges any cybersecurity team faces today is the highly fragmented nature of the cybersecurity tools landscape, said Youngblood. Hunting for each potential threat becomes a manual process that consumes far too much time, which conspires to limit the number of threats any security team is likely to discover. The existence of the OASIS Open Cybersecurity Alliance means that cybersecurity vendors are now finally at the tipping point of addressing this issue without requiring cybersecurity professionals to replace existing tools with a single integrated platform, he said.
Data Explorer leverages two open source technologies that IBM and McAfee donated to the alliance. One is STIX-Shifter, a search capability for security products of all types based on an open source library from IBM that can identify information about potential threats within various data repositories and translate it into a format that can be digested and analyzed by any security tool. The other is OpenDXL Standard Ontology, a cybersecurity messaging format from McAfee designed for the OpenDXL messaging bus.
Cloud Pak for Security also includes pre-built connectors with security tools from IBM, Carbon Black, Tenable, Elastic, BigFix and Splunk, as well as public cloud providers such as Amazon Web Services, Microsoft and IBM.
IBM is also including in Cloud Pak for Security a security orchestration, automation and response (SOAR) platform that guides security teams through the process of accessing multiple security tools. That SOAR platform has been integrated with the open source Ansible automation platform made available by Red Hat, which is now a unit of IBM. The Cloud Pak for Security platform has also been integrated with the Red Hat OpenShift application development platform based on Kubernetes to advance adoption of best DevSecOps processes.
Cloud Pak for Security is part of a series of microservices-based platforms that IBM is making available across multiple platforms. Because each suite of tools has been redesigned to be deployed as a set of containers IBM can now make its tools available on any platform. In the case of security, it will be interesting to see to what degree that capability coupled with the interfaces defined by the OASIS Open Cybersecurity Alliance might change the way cybersecurity is currently managed.