Imagine a battlefield in the Napoleonic War, the smell of gunpowder and anxious humanity rife in the air. It was in such circumstances that triage was invented to help address the overwhelming amount of work to sort and prioritize under pressure.

Now imagine the ones and zeroes of data and threat intelligence as the elements to be triaged rather than wounded soldiers. Security teams are overwhelmed by the combination of a flood of cybersecurity alerts and the lack of resources required to triage, investigate and mitigate these threats. This can result in major data breaches that can be damaging financially and even lead to executive management departures.

Technology has improved, however, both in health care and cybersecurity. Incident triage now has the benefit of analytics and automation.

Boosting Efficiency

A good security intelligence solution helps security teams identify threats in their environment. A good threat intelligence solution helps prioritize these threats within context of the external environment, and a good incident response solution streamlines the workflow to save time. A great security solution seamlessly wraps all three together to speed time to action and reduce overall risk to the organization.

From within the IBM QRadar Security Intelligence Platform, a security analyst investigating an incident without an integrated threat intelligence solution has to move outside the platform. Whether that means searching the internet or digging through a different portal or database, it results in an interrupted workflow and compromises efficiency.

With a solution like RiskIQ PassiveTotal, security analysts have direct access to that external context through IBM QRadar itself. This enables security teams to respond to incidents more efficiently and reduce the overall cybersecurity risk to the organization.

RiskIQ’s PassiveTotal App for IBM QRadar brings in internet infrastructure data, giving IP addresses in QRadar the full context of the internet by combining PassiveDNS, WHOIS, SSL certificates, web components, host pairs and RiskIQ’s proprietary data sets in real time.

Benefits of Threat Intelligence

Four features were created to enable actionable threat intelligence from RiskIQ within QRadar:

  • Contextual metadata: Using a hover context menu and right-click pivot search, users of IBM QRadar can now quickly gain a deeper understanding of potential threats from external IP addresses.
  • Automatic offense triage: By inspecting source IP addresses from within open offenses, RiskIQ’s PassiveTotal application can help analysts immediately know if any are flagged as malicious. To do this, the application routinely collects all open offenses, extracts the relevant IP addresses and queries the PassiveTotal API.
  • Analyst feedback loops: Classifying domains and IP addresses into four categories — malicious, suspicious, non-malicious and unknown — lets analysts create a feedback loop with QRadar. This feedback is constantly updated with the latest threat data using reference lists for all categories (excluding unknown).
  • Personalized content: The RiskIQ application supports pivoting between QRadar and the PassiveTotal platform by including dashboard widgets showing recent search history for the analyst’s personal account and the enterprise team. This saves time since users can click on the value listed in history and jump instantly from QRadar directly into a PassiveTotal search result.

Immerse Yourself in Threat Intelligence – Watch the on-demand webinar

Learn More and Download the PassiveTotal App

The PassiveTotal app for QRadar provides an integration that personalizes SIEM and allows for automated triage.

RiskIQ helps eight of the 10 largest financial institutions in the U.S. and five of the nine leading internet companies in the world — including well-known social media and ride-sharing apps — respond to external threats. Along with these companies, customers of both QRadar and PassiveTotal can install the application by visiting the IBM Security App Exchange from within their local QRadar instance and learn more from the IBM DeveloperWorks community.

You can learn more about the partnership between PassiveTotal and IBM QRadar by watching the on-demand webinar, “IBM Security App Exchange Spotlight: Immerse Your Security in Threat Intelligence.”

If you have any questions or feedback on the app, please send a message to [email protected].

More from Intelligence & Analytics

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today