It’s commonly said that “there’s no I in team.” That’s certainly a platitude cybercriminals take to heart since they behave like one big, global team in many ways.
They collaborate together on a vast scale, sharing information about their intended victims, including their user IDs, passwords, personal information, social circles and other intelligence. They also collaborate on their weaponry — sharing malware kits, vulnerability exploits and command-and-control infrastructure — to rapidly create attacks with a high degree of accuracy. This type of joint effort necessitates a collaborative defense as a response.
The Need for Intelligence Sharing
Where does the collaborative attack leave the intended victims? They’re working in silos, often with poorly integrated security solutions, a lack of visibility and too much complexity in their security systems. Not a great place to be!
More than ever, organizations need the whole security community to collaborate more closely with each other, sharing threat intelligence to provide truly integrated solutions and common platforms that maximize reuse and enable deep integration. This should lead to innovative, agile solutions that can adequately respond to attack activity from criminals.
IBM Security believes this is fundamental to any successful cybersecurity strategy. To enable this collaboration, we opened up our threat intelligence database, IBM Security X-Force Exchange, to the community. This open collaboration platform has over 700 TB of intel and enables organizations to openly collaborate and share information regarding threats we are all exposed to. We have over 10,000 users from more than 2,000 unique organizations already on the platform, so clearly there is a real need for this type of environment.
The Next Phase of Collaborative Defense
We are now ready to announce the next phase of our collaborative defense enablement strategy, which has two very exciting and significant parts. Firstly, we have extended our collaboration platform, the IBM X-Force Exchange, to include the IBM Security App Exchange.
The new App Exchange gives organizations access to collaboratively built security defense and response solutions created by IBM, our partners, third-party security vendors, researchers and clients. Organizations will not only have the confidence that apps on the App Exchange are curated by IBM, but also that the security community as a whole is able to review and contribute to them.
This exchange is launching with over a dozen apps built by IBM and our community of partners in exciting areas, including incident visualization, insider threats, incident response, endpoint detection and remediation and many more.
In defense, platforms are critical. They enable rapid creation of new workflows, analytics and visualizations to provide visibility and defense. To that end, we also created the QRadar Application Framework. In other words, we’ve supercharged QRadar with apps, providing increased flexible with reduced complexity.
QRadar is the market leader in security intelligence, collecting, analyzing and detecting threats in real time, and it is the foundation of incident detection and response workflow. As such, the platform provides all the core capabilities needed to not only develop new security applications, but also seamlessly integrate them with existing solutions.
The new QRadar Application Framework and SDK enables partners, third-party security vendors, managed services organizations, customers and IBM to rapidly build new security extensions directly into QRadar. This utilizes all the core capabilities of the platform (e.g., data collection, normalization, correlation, search, behavioral baselining, incident detection and more) and also seamlessly adds new analytics, visualizations and workflows.
Evolving with the Times
What does this means for our community of partners, third-party security vendors, services organizations and customers? It means they can quickly innovate and create their own unique, valuable solutions on QRadar, maximizing reuse and sharing new capabilities with the extensive QRadar community.
What does this mean for our customers? The ability to jump-start their security operations with speed and simplicity, and constant access to innovative, curated, security-focused solutions that keep the attackers at bay.
What does it mean for cybercriminals ? A harder time.
We are very excited about what these two new innovations mean for truly collaborative defense in the security market — and there definitely will never be an I in QRadar!
Check out the IBM Security App Exchange to browse the catalog of security defense and response apps from IBM and its partners, and watch the replay of our webinar to meet some of our application partners and learn even more about how to use collaboration and analytics to solve security challenges in the new year.