In the world of cybercrime, there are very few lone wolves out there plotting and launching major attacks. In fact, cybercriminals collaborate actively with one another, as well as wealthy financial backers within organized crime and nation-states, making cybersecurity ever more challenging. A United Nations study found that crime rings that actively share data drive 80 percent of cyberattacks. They succeed quite often, as evidenced by the massive WannaCry attacks that recently struck organizations in 150 countries.
Great struggles throughout history, regardless of their size, were won by alliances — not individual entities. Now, IBM and Cisco are joining forces to present a newly fortified front in the war on cybercrime. The aim is to fight this criminal collaborative with a powerful arsenal of data, analytics and free-flowing information sharing.
Cisco and IBM Join Cybersecurity Forces
To date, the overall industry response to growing cyberthreats has been less than sterling. The cybersecurity industry today saddles enterprise-class organizations with as many as 80 different security tools and solutions from nearly 45 different vendors.
A recent Cisco survey of chief information security officers (CISOs) found that 65 percent use up to 50 different security products that do not integrate, challenging their overextended security teams to move with speed. This undermines analysts’ ability to proactively identify malicious activity and then unleash a largely orchestrated response to halt the attack.
Reliable estimates found that it takes organizations between 100 and 200 days just to discover an attack. Small wonder, then, that the “2017 Security Capabilities Benchmark Study” from Cisco found that 22 percent of organizations that were attacked actually lost customers, and nearly one-third lost revenue. That’s the price of a lack of industry collaboration and cooperation.
A Pressing Need for Interoperability
IT and security professionals feel the pain acutely. Ninety-two percent stated that effective countercybercrime monitoring depends fully on collaboration between network operations and security operations. Members of each team are tasked with intrateam collaboration to share information and drive more accurate threat detection. Without integrated tools, this highly time-sensitive task is often reduced to manual labor. Something has to change — and now it has.
Going forward, the voluminous network and cloud threat data gathered by Cisco will be analyzed by IBM QRadar and Watson with the goal of sharply reducing the time it takes to detect and respond to threats. This collaborative effort is centered on three important principles: simplicity, openness and orchestration.
For those who may not be familiar, IBM QRadar and its Security Intelligence Platform leverages the prodigious cognitive analytics capabilities of Watson to identify threats from multiple incidents, chaining them together and recommending actions to mitigate them. Watson for Cyber Security taps into and makes sense of unstructured data — created for humans by humans — and correlates it with structured data to uncover hidden threats and validate their scope and veracity.
In addition, IBM Resilient’s Security Orchestration, Automation, and Response (SOAR) Platform will integrate with Cisco’s Threat Grid to provide security teams with insights needed to respond to incidents faster. For example, analysts in the IRP can look up indicators of compromise with Cisco Threat Grid’s threat intelligence, or detonate suspected malware with its sandbox technology. This empowers security teams to gain valuable incident data in the moment of response.
The goal of this collaborative effort is to ensure that all the pieces of a highly integrated cybersecurity solution work seamlessly together so that heretofore-unprecedented levels of automation can speed threat identification, response and, ultimately, mitigation. Elements of this collaboration will feature security products designed for interoperability at all levels of the security stack, whether they come from IBM or Cisco. We believe this commitment to openness and interoperability will give security professionals exactly the kind of information sharing capabilities they require to stop threats at the gates.
Three Essential Elements
There are three core elements of this new partnership. The first is an integrated threat defense across networks and the cloud. With both Cisco and IBM delivering products that closely integrate with one another to share context and intelligence, we hope to enable all organizations to “see once, stop everywhere.” For its part, Cisco will build new applications delivered via the IBM Security App Exchange to help security teams detect and respond more effectively and quickly to threats.
The second core element is essential threat intelligence sharing between Cisco Talos and the IBM X-Force Exchange, with teams from each collaborating closely on security research. This partnership vastly expands upon both historical and real-time threat intelligence that security analysts can leverage for deeper insights and more effective defenses.
The third core element is jointly delivered managed services. Specifically, the IBM Managed Security Services group will team up with Cisco to deliver new security infrastructure services aimed at reducing the IT complexity often associated with cybersecurity efforts. One of the first managed service offerings will target hybrid cloud environments, since customers are aggressively migrating security infrastructure to public and private cloud models.
Cybersecurity at the Speed of Business
Protecting against today’s highly dynamic threat environment demands a concerted, collaborative effort, not a fractured or siloed approach to keeping threats at bay. With an unwavering commitment to an open partnership, we believe Cisco and IBM can deliver the integrated, interoperable solutions required to detect and respond at the speed of business.
General Manager, IBM Security