IBM to Acquire Randori to Provide More Cybersecurity Visibility
At the RSAC 2022 event this week, IBM revealed that it plans to acquire Randori, a provider of an attack surface asset analysis tool.
Chris Meenan, vice president of product management for IBM Security, said Randori employs graph software to visually identify the relationships it discovers using the same tactics and techniques a cyberattacker would use. This capability is otherwise known as continuous automated red teaming (CART).
IBM plans to integrate the Randori tool with the extended detection and response (XDR) capabilities of IBM Security’s QRadar. That integration will enable cybersecurity teams to leverage real-time attack surface analytics to better prioritize their vulnerability remediation efforts, he said.
Meenan noted the biggest cybersecurity challenge organizations face today is how rapidly the defensible attack surface changes. In addition to new devices, it’s not common for developers to regularly deploy and update applications without necessarily informing cybersecurity teams. CART makes it possible for cybersecurity teams to discover those assets on their own in a way that also shows their relationship to other assets, he added.
IBM will also leverage Randori to add this capability to IBM Managed Security Services and the X-Force hacker service, noted Meenan.
While there are clearly more breaches than ever, it’s not clear whether those breaches are occurring because cybercriminals are getting more adept or if the attack surface is simply too large for any cybersecurity team to effectively defend. Randori helps even those odds by making it possible for cybersecurity teams to automatically discover assets without relying on manual processes that would take weeks to perform, said Meenan.
That capability will also play a major role in advancing DevSecOps best practices by helping cybersecurity teams better understand which vulnerabilities development teams should prioritize, he noted.
Automation is clearly playing a much larger role in cybersecurity; there is not much hope that the current cybersecurity talent shortage is going to be resolved. The only way to make up for that lack of human expertise is to rely more on automation to augment existing cybersecurity teams.
There is already, of course, no shortage of tools and platforms for automating cybersecurity tasks. In fact, one issue is how best to unify the various islands of cybersecurity automation that have emerged. Each platform or tool that a cybersecurity team adds to its portfolio creates yet another integration challenge. Over time, all those points of integration conspire to increase the total cost of cybersecurity. It’s not clear how sensitive organizations are becoming to those costs, but without additional platforms and tools, it’s unlikely organizations will be able to address the volume of cyberattacks that are now regularly launched.
Regardless of the approach to cybersecurity, cybersecurity professionals will be paying close attention to which organizations are making the appropriate level of investment required to automate tasks. After all, the best cybersecurity talent is not going to want to work for an organization that doesn’t make the best tools available to ensure their success.
