In the world of cybercrime, there are very few lone wolves out there plotting and launching major attacks. In fact, cybercriminals collaborate actively with one another, as well as wealthy financial backers within organized crime and nation-states, making cybersecurity ever more challenging. A United Nations study found that crime rings that actively share data drive 80 percent of cyberattacks. They succeed quite often, as evidenced by the massive WannaCry attacks that recently struck organizations in 150 countries.

Great struggles throughout history, regardless of their size, were won by alliances — not individual entities. Now, IBM and Cisco are joining forces to present a newly fortified front in the war on cybercrime. The aim is to fight this criminal collaborative with a powerful arsenal of data, analytics and free-flowing information sharing.

Cisco and IBM Join Cybersecurity Forces

To date, the overall industry response to growing cyberthreats has been less than sterling. The cybersecurity industry today saddles enterprise-class organizations with as many as 80 different security tools and solutions from nearly 45 different vendors.

A recent Cisco survey of chief information security officers (CISOs) found that 65 percent use up to 50 different security products that do not integrate, challenging their overextended security teams to move with speed. This undermines analysts’ ability to proactively identify malicious activity and then unleash a largely orchestrated response to halt the attack.

Reliable estimates found that it takes organizations between 100 and 200 days just to discover an attack. Small wonder, then, that the “2017 Security Capabilities Benchmark Study” from Cisco found that 22 percent of organizations that were attacked actually lost customers, and nearly one-third lost revenue. That’s the price of a lack of industry collaboration and cooperation.

A Pressing Need for Interoperability

IT and security professionals feel the pain acutely. Ninety-two percent stated that effective countercybercrime monitoring depends fully on collaboration between network operations and security operations. Members of each team are tasked with intrateam collaboration to share information and drive more accurate threat detection. Without integrated tools, this highly time-sensitive task is often reduced to manual labor. Something has to change — and now it has.

Going forward, the voluminous network and cloud threat data gathered by Cisco will be analyzed by IBM QRadar and Watson with the goal of sharply reducing the time it takes to detect and respond to threats. This collaborative effort is centered on three important principles: simplicity, openness and orchestration.

For those who may not be familiar, IBM QRadar and its Security Intelligence Platform leverages the prodigious cognitive analytics capabilities of Watson to identify threats from multiple incidents, chaining them together and recommending actions to mitigate them. Watson for Cyber Security taps into and makes sense of unstructured data — created for humans by humans — and correlates it with structured data to uncover hidden threats and validate their scope and veracity.

In addition, IBM Resilient’s Security Orchestration, Automation, and Response (SOAR) Platform will integrate with Cisco’s Threat Grid to provide security teams with insights needed to respond to incidents faster. For example, analysts in the IRP can look up indicators of compromise with Cisco Threat Grid’s threat intelligence, or detonate suspected malware with its sandbox technology. This empowers security teams to gain valuable incident data in the moment of response.

The goal of this collaborative effort is to ensure that all the pieces of a highly integrated cybersecurity solution work seamlessly together so that heretofore-unprecedented levels of automation can speed threat identification, response and, ultimately, mitigation. Elements of this collaboration will feature security products designed for interoperability at all levels of the security stack, whether they come from IBM or Cisco. We believe this commitment to openness and interoperability will give security professionals exactly the kind of information sharing capabilities they require to stop threats at the gates.

Three Essential Elements

There are three core elements of this new partnership. The first is an integrated threat defense across networks and the cloud. With both Cisco and IBM delivering products that closely integrate with one another to share context and intelligence, we hope to enable all organizations to “see once, stop everywhere.” For its part, Cisco will build new applications delivered via the IBM Security App Exchange to help security teams detect and respond more effectively and quickly to threats.

The second core element is essential threat intelligence sharing between Cisco Talos and the IBM X-Force Exchange, with teams from each collaborating closely on security research. This partnership vastly expands upon both historical and real-time threat intelligence that security analysts can leverage for deeper insights and more effective defenses.

The third core element is jointly delivered managed services. Specifically, the IBM Managed Security Services group will team up with Cisco to deliver new security infrastructure services aimed at reducing the IT complexity often associated with cybersecurity efforts. One of the first managed service offerings will target hybrid cloud environments, since customers are aggressively migrating security infrastructure to public and private cloud models.

Cybersecurity at the Speed of Business

Protecting against today’s highly dynamic threat environment demands a concerted, collaborative effort, not a fractured or siloed approach to keeping threats at bay. With an unwavering commitment to an open partnership, we believe Cisco and IBM can deliver the integrated, interoperable solutions required to detect and respond at the speed of business.

More from CISO

CEO, CIO or CFO: Who Should Your CISO Report To?

As we move deeper into a digitally dependent future, the growing concern of data breaches and other cyber threats has led to the rise of the Chief Information Security Officer (CISO). This position is essential in almost every company that relies on digital information. They are responsible for developing and implementing strategies to harden the organization's defenses against cyberattacks. However, while many organizations don't question the value of a CISO, there should be more debate over who this important role…

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

6 Roles That Can Easily Transition to a Cybersecurity Team

With the shortage of qualified tech professionals in the cybersecurity industry and increasing demand for trained experts, it can take time to find the right candidate with the necessary skill set. However, while searching for specific technical skill sets, many professionals in other industries may be an excellent fit for transitioning into a cybersecurity team. In fact, considering their unique, specialized skill sets, some roles are a better match than what is traditionally expected of a cybersecurity professional. This article…