May 31, 2017 By Marc van Zadelhoff 3 min read

In the world of cybercrime, there are very few lone wolves out there plotting and launching major attacks. In fact, cybercriminals collaborate actively with one another, as well as wealthy financial backers within organized crime and nation-states, making cybersecurity ever more challenging. A United Nations study found that crime rings that actively share data drive 80 percent of cyberattacks. They succeed quite often, as evidenced by the massive WannaCry attacks that recently struck organizations in 150 countries.

Great struggles throughout history, regardless of their size, were won by alliances — not individual entities. Now, IBM and Cisco are joining forces to present a newly fortified front in the war on cybercrime. The aim is to fight this criminal collaborative with a powerful arsenal of data, analytics and free-flowing information sharing.

Cisco and IBM Join Cybersecurity Forces

To date, the overall industry response to growing cyberthreats has been less than sterling. The cybersecurity industry today saddles enterprise-class organizations with as many as 80 different security tools and solutions from nearly 45 different vendors.

A recent Cisco survey of chief information security officers (CISOs) found that 65 percent use up to 50 different security products that do not integrate, challenging their overextended security teams to move with speed. This undermines analysts’ ability to proactively identify malicious activity and then unleash a largely orchestrated response to halt the attack.

Reliable estimates found that it takes organizations between 100 and 200 days just to discover an attack. Small wonder, then, that the “2017 Security Capabilities Benchmark Study” from Cisco found that 22 percent of organizations that were attacked actually lost customers, and nearly one-third lost revenue. That’s the price of a lack of industry collaboration and cooperation.

A Pressing Need for Interoperability

IT and security professionals feel the pain acutely. Ninety-two percent stated that effective countercybercrime monitoring depends fully on collaboration between network operations and security operations. Members of each team are tasked with intrateam collaboration to share information and drive more accurate threat detection. Without integrated tools, this highly time-sensitive task is often reduced to manual labor. Something has to change — and now it has.

Going forward, the voluminous network and cloud threat data gathered by Cisco will be analyzed by IBM QRadar and Watson with the goal of sharply reducing the time it takes to detect and respond to threats. This collaborative effort is centered on three important principles: simplicity, openness and orchestration.

For those who may not be familiar, IBM QRadar and its Security Intelligence Platform leverages the prodigious cognitive analytics capabilities of Watson to identify threats from multiple incidents, chaining them together and recommending actions to mitigate them. Watson for Cyber Security taps into and makes sense of unstructured data — created for humans by humans — and correlates it with structured data to uncover hidden threats and validate their scope and veracity.

In addition, IBM Resilient’s Security Orchestration, Automation, and Response (SOAR) Platform will integrate with Cisco’s Threat Grid to provide security teams with insights needed to respond to incidents faster. For example, analysts in the IRP can look up indicators of compromise with Cisco Threat Grid’s threat intelligence, or detonate suspected malware with its sandbox technology. This empowers security teams to gain valuable incident data in the moment of response.

The goal of this collaborative effort is to ensure that all the pieces of a highly integrated cybersecurity solution work seamlessly together so that heretofore-unprecedented levels of automation can speed threat identification, response and, ultimately, mitigation. Elements of this collaboration will feature security products designed for interoperability at all levels of the security stack, whether they come from IBM or Cisco. We believe this commitment to openness and interoperability will give security professionals exactly the kind of information sharing capabilities they require to stop threats at the gates.

Three Essential Elements

There are three core elements of this new partnership. The first is an integrated threat defense across networks and the cloud. With both Cisco and IBM delivering products that closely integrate with one another to share context and intelligence, we hope to enable all organizations to “see once, stop everywhere.” For its part, Cisco will build new applications delivered via the IBM Security App Exchange to help security teams detect and respond more effectively and quickly to threats.

The second core element is essential threat intelligence sharing between Cisco Talos and the IBM X-Force Exchange, with teams from each collaborating closely on security research. This partnership vastly expands upon both historical and real-time threat intelligence that security analysts can leverage for deeper insights and more effective defenses.

The third core element is jointly delivered managed services. Specifically, the IBM Managed Security Services group will team up with Cisco to deliver new security infrastructure services aimed at reducing the IT complexity often associated with cybersecurity efforts. One of the first managed service offerings will target hybrid cloud environments, since customers are aggressively migrating security infrastructure to public and private cloud models.

Cybersecurity at the Speed of Business

Protecting against today’s highly dynamic threat environment demands a concerted, collaborative effort, not a fractured or siloed approach to keeping threats at bay. With an unwavering commitment to an open partnership, we believe Cisco and IBM can deliver the integrated, interoperable solutions required to detect and respond at the speed of business.

More from CISO

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today