It’s commonly said that “there’s no I in team.” That’s certainly a platitude cybercriminals take to heart since they behave like one big, global team in many ways.

They collaborate together on a vast scale, sharing information about their intended victims, including their user IDs, passwords, personal information, social circles and other intelligence. They also collaborate on their weaponry — sharing malware kits, vulnerability exploits and command-and-control infrastructure — to rapidly create attacks with a high degree of accuracy. This type of joint effort necessitates a collaborative defense as a response.

The Need for Intelligence Sharing

Where does the collaborative attack leave the intended victims? They’re working in silos, often with poorly integrated security solutions, a lack of visibility and too much complexity in their security systems. Not a great place to be!

More than ever, organizations need the whole security community to collaborate more closely with each other, sharing threat intelligence to provide truly integrated solutions and common platforms that maximize reuse and enable deep integration. This should lead to innovative, agile solutions that can adequately respond to attack activity from criminals.

IBM Security believes this is fundamental to any successful cybersecurity strategy. To enable this collaboration, we opened up our threat intelligence database, IBM Security X-Force Exchange, to the community. This open collaboration platform has over 700 TB of intel and enables organizations to openly collaborate and share information regarding threats we are all exposed to. We have over 10,000 users from more than 2,000 unique organizations already on the platform, so clearly there is a real need for this type of environment.

The Next Phase of Collaborative Defense

We are now ready to announce the next phase of our collaborative defense enablement strategy, which has two very exciting and significant parts. Firstly, we have extended our collaboration platform, the IBM X-Force Exchange, to include the IBM Security App Exchange.

The new App Exchange gives organizations access to collaboratively built security defense and response solutions created by IBM, our partners, third-party security vendors, researchers and clients. Organizations will not only have the confidence that apps on the App Exchange are curated by IBM, but also that the security community as a whole is able to review and contribute to them.

This exchange is launching with over a dozen apps built by IBM and our community of partners in exciting areas, including incident visualization, insider threats, incident response, endpoint detection and remediation and many more.

Visit the brand new IBM Security App Exchange to browse our catalog of security apps

In defense, platforms are critical. They enable rapid creation of new workflows, analytics and visualizations to provide visibility and defense. To that end, we also created the QRadar Application Framework. In other words, we’ve supercharged QRadar with apps, providing increased flexible with reduced complexity.

QRadar is the market leader in security intelligence, collecting, analyzing and detecting threats in real time, and it is the foundation of incident detection and response workflow. As such, the platform provides all the core capabilities needed to not only develop new security applications, but also seamlessly integrate them with existing solutions.

The new QRadar Application Framework and SDK enables partners, third-party security vendors, managed services organizations, customers and IBM to rapidly build new security extensions directly into QRadar. This utilizes all the core capabilities of the platform (e.g., data collection, normalization, correlation, search, behavioral baselining, incident detection and more) and also seamlessly adds new analytics, visualizations and workflows.

Evolving with the Times

What does this means for our community of partners, third-party security vendors, services organizations and customers? It means they can quickly innovate and create their own unique, valuable solutions on QRadar, maximizing reuse and sharing new capabilities with the extensive QRadar community.

What does this mean for our customers? The ability to jump-start their security operations with speed and simplicity, and constant access to innovative, curated, security-focused solutions that keep the attackers at bay.

What does it mean for cybercriminals ? A harder time.

We are very excited about what these two new innovations mean for truly collaborative defense in the security market — and there definitely will never be an I in QRadar!

Check out the IBM Security App Exchange to browse the catalog of security defense and response apps from IBM and its partners, and watch the replay of our webinar to meet some of our application partners and learn even more about how to use collaboration and analytics to solve security challenges in the new year.

More from Intelligence & Analytics

The 13 Costliest Cyberattacks of 2022: Looking Back

2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets alike. While organizations may choose not to disclose the costs associated with a cyberattack, the loss of consumer trust will always be a risk after any significant attack. Let’s look at the 13 costliest cyberattacks of the past year and…

What Can We Learn From Recent Cyber History?

The Center for Strategic and International Studies compiled a list of significant cyber incidents dating back to 2003. Compiling attacks on government agencies, defense and high-tech companies or economic crimes with losses of more than a million dollars, this list reveals broader trends in cybersecurity for the past two decades. And, of course, there are the headline breaches and supply chain attacks to consider. Over recent years, what lessons can we learn from our recent history — and what projections…

When Logs Are Out, Enhanced Analytics Stay In

I was talking to an analyst firm the other day. They told me that a lot of organizations purchase a security information and event management (SIEM) solution and then “place it on the shelf.” “Why would they do that?” I asked. I spent the majority of my career in hardware — enterprise hardware, cloud hardware, and just recently made the jump to security software, hence my question. “Because SIEMs are hard to use. A SIEM purchase is just a checked…

4 Most Common Cyberattack Patterns from 2022

As 2022 comes to an end, cybersecurity teams globally are taking the opportunity to reflect on the past 12 months and draw whatever conclusions and insights they can about the threat landscape. It has been a challenging year for security teams. A major conflict in Europe, a persistently remote workforce and a series of large-scale cyberattacks have all but guaranteed that 2022 was far from uneventful. In this article, we’ll round up some of the most common cyberattack patterns we…