Endpoint May 17, 2018
By George Mina 4 min read

The cybersecurity industry remains fragmented, with some organizations having as many as 85 security tools from 45 different vendors. Many of these technologies have been acquired over multiple years to address specific challenges across the complex threat landscape. Each new product needs to be properly installed, configured and managed over its life cycle — and many of these technologies sit in silos, which limits their ability to deliver more effective security.

At the same time, highly collaborative cybercriminals are launching sophisticated attacks that are hard to see and stop, and traditional security practices are unsustainable. That’s why security teams must adopt a new strategy that is rooted in collaboration — an approach that connects the dots across products, people and processes for faster, more effective threat detection and response.

External and Internal Pressures

Every day, we hear about new breaches that impact organizations’ reputations, bottom lines and supply chains. What’s more, these breaches affect customer sentiment, particularly incidents that expose personally identifiable information (PII).

With the number of Internet of Things (IoT) devices forecast to reach 20.4 billion by 2020, according to Gartner, keeping these devices secure will become an even greater challenge. Cybercriminals will undoubtedly continue to collaborate on the Dark Web to obtain and exchange this high-value PII and use social engineering to steal records to the tune of trillions of dollars.

Compliance mandates will also be a top priority and challenge for organizations. The General Data Protection Regulation (GDPR), for example, will go into effect on May 25. This mandate doesn’t just impact European countries — any organization that process, stores or uses data related to European Union (EU) citizens must be compliant.

Organizations are also struggling to cope with the growing skills gap in cybersecurity, both in terms of the sheer quantity — there will be 1.8 million unfilled positions over the next few years — and the associated expertise. This lack of resources is compounded by the growing number of disparate security tools and alerts. Still, many organizations attempt to integrate these products themselves by purchasing even more solutions.

Listen to the podcast: Collaboration — The Secret to More Effective Security

Advanced Threat Detection and Response

There is somewhat of a misconception around product coverage in many of today’s organizations. Are you really protected by simply checking the box and having an array of products across endpoints, networks, users and cloud? It’s absolutely critical to have that coverage, but it needs to be in conjunction with products integrating together to deliver best-of-suite solutions that translate into more effective security.

Here are some key questions to consider:

  • Are your security products working together across teams — or do your IT and security teams work in silos?

  • Are those same products working together across all your locations and heterogeneous platforms?

  • Do your security tools integrate in a manner that provides the security operations center (SOC) with real-time visibility and control across the diverse threat landscape?

  • Is your organization moving away from compliance-based security and moving toward a more threat-aware, risk-based security approach?

Security must become more agile to account for the diverse threat landscape while enabling organizations to thrive. This includes a deeper integration of technologies to deliver repeatable use cases centered on better threat detection and response.

As a foundation for integrated security, organizations should leverage a security intelligence platform that can apply real-time analytics and correlate the massive amount of threat information across users, endpoints, networks and cloud. This comprehensive platform must be able to sense, track and prioritize the most significant alerts that pose the greatest risk to enterprise data.

Additionally, security leaders should infuse artificial intelligence (AI) into their strategy to aid analysts in threat investigation, enabling them to rapidly and confidently understand scope and veracity of threats, including links to broader malware campaigns. This is critical against the backdrop of the cybersecurity skills shortage and the troves of untapped threat intelligence data that AI platforms can ingest, analyze and understand at unprecedented speed and scale.

The above factors can significantly aid security analysts, but what does your incident response plan look like? An orchestration layer that is architected in with a security information and event management (SIEM) solution can help bridge the gaps across people, processes and technology to enable organizations to rapidly respond to threats with confidence.

Collaborative Defense

A dynamic security analytics platform that embeds AI and integrates orchestration across the diversity of threats (as well as people and processes) can help set the foundation for a strong security strategy. Collaboration is the glue that integrates disparate point products in a manner that extends their security capabilities beyond what each technology could provide on its own.

At the product level, more open collaboration is critical to the evolution of security technology. Over the past few years, IBM has invested in technologies and partnerships to achieve this goal. One powerful collaborative platform is the IBM Security App Exchange, an ecosystem for the entire security community, including IBM and its partners and vendors, to develop and share applications that integrate with IBM Security solutions. To date, the App Exchange has 140+ partner and IBM apps and over 100,000 downloads. These apps are extensively tested and validated before they are published on the App Exchange.

An example of the value of the IBM Security App Exchange is the recent launch of the Cisco ISE App for QRadar, which gives security analysts insights into risky users and devices, resulting in faster threat detection, containment and policy enforcement. This app enables analysts to rapidly drill down from QRadar into ISE pxGrid for deeper, faster analysis of policy violations and then remediate affected users and devices — all in a single integrated dashboard.

To learn more about the ISE + QRadar app and how collaborative defense in depth can strengthen your security, watch the IBM Security + Cisco webinar on-demand.

Watch the webinar: Cisco Security Integrations with IBM QRadar SIEM & IBM Resilient

 |  |  |  |  |  |  |  |  |  |  |  | 
George Mina
Program Director for Strategic Alliances, IBM

More from Endpoint
July 25, 2023

Combining EPP and EDR tools can boost your endpoint security

6 min read - Endpoint protection platform (EPP) and endpoint detection and response (EDR) tools are two security products commonly used to protect endpoint systems from threats. EPP is a comprehensive security solution that provides a range of features to detect and prevent threats to endpoint devices. At the same time, EDR is specifically designed to monitor, detect and respond to endpoint threats in real-time. EPP and EDR have some similarities, as they both aim to protect endpoints from threats, but they also have…

April 24, 2023

The needs of a modernized SOC for hybrid cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

April 5, 2023

X-Force identifies vulnerability in IoT platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

March 30, 2023

X-Force prevents zero day from going anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…

© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature