In the world of cybercrime, there are very few lone wolves out there plotting and launching major attacks. In fact, cybercriminals collaborate actively with one another, as well as wealthy financial backers within organized crime and nation-states, making cybersecurity ever more challenging. A United Nations study found that crime rings that actively share data drive 80 percent of cyberattacks. They succeed quite often, as evidenced by the massive WannaCry attacks that recently struck organizations in 150 countries.

Great struggles throughout history, regardless of their size, were won by alliances — not individual entities. Now, IBM and Cisco are joining forces to present a newly fortified front in the war on cybercrime. The aim is to fight this criminal collaborative with a powerful arsenal of data, analytics and free-flowing information sharing.

Cisco and IBM Join Cybersecurity Forces

To date, the overall industry response to growing cyberthreats has been less than sterling. The cybersecurity industry today saddles enterprise-class organizations with as many as 80 different security tools and solutions from nearly 45 different vendors.

A recent Cisco survey of chief information security officers (CISOs) found that 65 percent use up to 50 different security products that do not integrate, challenging their overextended security teams to move with speed. This undermines analysts’ ability to proactively identify malicious activity and then unleash a largely orchestrated response to halt the attack.

Reliable estimates found that it takes organizations between 100 and 200 days just to discover an attack. Small wonder, then, that the “2017 Security Capabilities Benchmark Study” from Cisco found that 22 percent of organizations that were attacked actually lost customers, and nearly one-third lost revenue. That’s the price of a lack of industry collaboration and cooperation.

A Pressing Need for Interoperability

IT and security professionals feel the pain acutely. Ninety-two percent stated that effective countercybercrime monitoring depends fully on collaboration between network operations and security operations. Members of each team are tasked with intrateam collaboration to share information and drive more accurate threat detection. Without integrated tools, this highly time-sensitive task is often reduced to manual labor. Something has to change — and now it has.

Going forward, the voluminous network and cloud threat data gathered by Cisco will be analyzed by IBM QRadar and Watson with the goal of sharply reducing the time it takes to detect and respond to threats. This collaborative effort is centered on three important principles: simplicity, openness and orchestration.

For those who may not be familiar, IBM QRadar and its Security Intelligence Platform leverages the prodigious cognitive analytics capabilities of Watson to identify threats from multiple incidents, chaining them together and recommending actions to mitigate them. Watson for Cyber Security taps into and makes sense of unstructured data — created for humans by humans — and correlates it with structured data to uncover hidden threats and validate their scope and veracity.

In addition, IBM Resilient’s Security Orchestration, Automation, and Response (SOAR) Platform will integrate with Cisco’s Threat Grid to provide security teams with insights needed to respond to incidents faster. For example, analysts in the IRP can look up indicators of compromise with Cisco Threat Grid’s threat intelligence, or detonate suspected malware with its sandbox technology. This empowers security teams to gain valuable incident data in the moment of response.

The goal of this collaborative effort is to ensure that all the pieces of a highly integrated cybersecurity solution work seamlessly together so that heretofore-unprecedented levels of automation can speed threat identification, response and, ultimately, mitigation. Elements of this collaboration will feature security products designed for interoperability at all levels of the security stack, whether they come from IBM or Cisco. We believe this commitment to openness and interoperability will give security professionals exactly the kind of information sharing capabilities they require to stop threats at the gates.

Three Essential Elements

There are three core elements of this new partnership. The first is an integrated threat defense across networks and the cloud. With both Cisco and IBM delivering products that closely integrate with one another to share context and intelligence, we hope to enable all organizations to “see once, stop everywhere.” For its part, Cisco will build new applications delivered via the IBM Security App Exchange to help security teams detect and respond more effectively and quickly to threats.

The second core element is essential threat intelligence sharing between Cisco Talos and the IBM X-Force Exchange, with teams from each collaborating closely on security research. This partnership vastly expands upon both historical and real-time threat intelligence that security analysts can leverage for deeper insights and more effective defenses.

The third core element is jointly delivered managed services. Specifically, the IBM Managed Security Services group will team up with Cisco to deliver new security infrastructure services aimed at reducing the IT complexity often associated with cybersecurity efforts. One of the first managed service offerings will target hybrid cloud environments, since customers are aggressively migrating security infrastructure to public and private cloud models.

Cybersecurity at the Speed of Business

Protecting against today’s highly dynamic threat environment demands a concerted, collaborative effort, not a fractured or siloed approach to keeping threats at bay. With an unwavering commitment to an open partnership, we believe Cisco and IBM can deliver the integrated, interoperable solutions required to detect and respond at the speed of business.

More from CISO

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

What’s new in the 2023 Cost of a Data Breach report

3 min read - Data breach costs continue to grow, according to new research, reaching a record-high global average of $4.45 million, representing a 15% increase over three years. Costs in the healthcare industry continued to top the charts, as the most expensive industry for the 13th year in a row. Yet as breach costs continue to climb, the research points to new opportunities for containing breach costs. The research, conducted independently by Ponemon Institute and analyzed and published by IBM Security, constitutes the…

Cyber leaders: Stop being your own worst career enemy. Here’s how.

24 min read - Listen to this podcast on Apple Podcasts, Spotify or wherever you find your favorite audio content. We’ve been beating the cyber talent shortage drum for a while now, and with good reason. The vacancy numbers are staggering, with some in the industry reporting as many as 3.5 million unfilled positions as of April 2023 and projecting the disparity between supply and demand will remain until 2025. Perhaps one of the best (and arguably only) ways we can realistically bridge this gap is to…

Poor communication during a data breach can cost you — Here’s how to avoid it

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…