In the world of cybercrime, there are very few lone wolves out there plotting and launching major attacks. In fact, cybercriminals collaborate actively with one another, as well as wealthy financial backers within organized crime and nation-states, making cybersecurity ever more challenging. A United Nations study found that crime rings that actively share data drive 80 percent of cyberattacks. They succeed quite often, as evidenced by the massive WannaCry attacks that recently struck organizations in 150 countries.

Great struggles throughout history, regardless of their size, were won by alliances — not individual entities. Now, IBM and Cisco are joining forces to present a newly fortified front in the war on cybercrime. The aim is to fight this criminal collaborative with a powerful arsenal of data, analytics and free-flowing information sharing.

Cisco and IBM Join Cybersecurity Forces

To date, the overall industry response to growing cyberthreats has been less than sterling. The cybersecurity industry today saddles enterprise-class organizations with as many as 80 different security tools and solutions from nearly 45 different vendors.

A recent Cisco survey of chief information security officers (CISOs) found that 65 percent use up to 50 different security products that do not integrate, challenging their overextended security teams to move with speed. This undermines analysts’ ability to proactively identify malicious activity and then unleash a largely orchestrated response to halt the attack.

Reliable estimates found that it takes organizations between 100 and 200 days just to discover an attack. Small wonder, then, that the “2017 Security Capabilities Benchmark Study” from Cisco found that 22 percent of organizations that were attacked actually lost customers, and nearly one-third lost revenue. That’s the price of a lack of industry collaboration and cooperation.

A Pressing Need for Interoperability

IT and security professionals feel the pain acutely. Ninety-two percent stated that effective countercybercrime monitoring depends fully on collaboration between network operations and security operations. Members of each team are tasked with intrateam collaboration to share information and drive more accurate threat detection. Without integrated tools, this highly time-sensitive task is often reduced to manual labor. Something has to change — and now it has.

Going forward, the voluminous network and cloud threat data gathered by Cisco will be analyzed by IBM QRadar and Watson with the goal of sharply reducing the time it takes to detect and respond to threats. This collaborative effort is centered on three important principles: simplicity, openness and orchestration.

For those who may not be familiar, IBM QRadar and its Security Intelligence Platform leverages the prodigious cognitive analytics capabilities of Watson to identify threats from multiple incidents, chaining them together and recommending actions to mitigate them. Watson for Cyber Security taps into and makes sense of unstructured data — created for humans by humans — and correlates it with structured data to uncover hidden threats and validate their scope and veracity.

In addition, IBM Resilient’s Security Orchestration, Automation, and Response (SOAR) Platform will integrate with Cisco’s Threat Grid to provide security teams with insights needed to respond to incidents faster. For example, analysts in the IRP can look up indicators of compromise with Cisco Threat Grid’s threat intelligence, or detonate suspected malware with its sandbox technology. This empowers security teams to gain valuable incident data in the moment of response.

The goal of this collaborative effort is to ensure that all the pieces of a highly integrated cybersecurity solution work seamlessly together so that heretofore-unprecedented levels of automation can speed threat identification, response and, ultimately, mitigation. Elements of this collaboration will feature security products designed for interoperability at all levels of the security stack, whether they come from IBM or Cisco. We believe this commitment to openness and interoperability will give security professionals exactly the kind of information sharing capabilities they require to stop threats at the gates.

Three Essential Elements

There are three core elements of this new partnership. The first is an integrated threat defense across networks and the cloud. With both Cisco and IBM delivering products that closely integrate with one another to share context and intelligence, we hope to enable all organizations to “see once, stop everywhere.” For its part, Cisco will build new applications delivered via the IBM Security App Exchange to help security teams detect and respond more effectively and quickly to threats.

The second core element is essential threat intelligence sharing between Cisco Talos and the IBM X-Force Exchange, with teams from each collaborating closely on security research. This partnership vastly expands upon both historical and real-time threat intelligence that security analysts can leverage for deeper insights and more effective defenses.

The third core element is jointly delivered managed services. Specifically, the IBM Managed Security Services group will team up with Cisco to deliver new security infrastructure services aimed at reducing the IT complexity often associated with cybersecurity efforts. One of the first managed service offerings will target hybrid cloud environments, since customers are aggressively migrating security infrastructure to public and private cloud models.

Cybersecurity at the Speed of Business

Protecting against today’s highly dynamic threat environment demands a concerted, collaborative effort, not a fractured or siloed approach to keeping threats at bay. With an unwavering commitment to an open partnership, we believe Cisco and IBM can deliver the integrated, interoperable solutions required to detect and respond at the speed of business.

More from CISO

Do You Really Need a CISO?

2 min read - Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer. A CISO is a senior executive in charge of an organization’s information, cyber and technology security. CISOs need a complete understanding of cybersecurity as well as the business, the board, the C-suite and how to speak in the language of senior leadership. It’s a changing role in a changing world. But…

2 min read

What “Beginner” Skills do Security Leaders Need to Refresh?

4 min read - The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the CISO must have a broad range of skills to maintain adequate security and collaborate with teams of varying technical expertise. Learning is essential to simply keep pace in security. In a CISO Series podcast, Skillsoft CISO Okey Obudulu recently said,…

4 min read

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read

How the Talent Shortage Impacts Cybersecurity Leadership

4 min read - The lack of a skilled cybersecurity workforce stalls the effectiveness of any organization’s security program. Yes, automated tools and technologies like artificial intelligence (AI) and machine learning (ML) offer a layer of support, and bringing in a managed security service provider (MSSP) provides expertise that isn’t available in-house. But it isn’t enough, especially for the medium-sized businesses that would most benefit from an internal security team. However, the talent shortage doesn’t just impact present-day security concerns. The lack of a…

4 min read