Despite having left coding 20 years ago and going over to the other side of offering and product management, I’m still a techie at heart. Next to seeing customers happy with our solutions, I also get excited about cool new tech that solves real business problems in a beautifully elegant way.

IBM Strengthens SIEM

One of the major challenges organizations struggle with in their security information and event management (SIEM) and security operations is the need for stability, robustness and predictability. Threats are operating 24/7 and the business stakes are high. To stay ahead of those rapidly developing threats, organizations need real agility, collaboration and continuously delivered innovation.

This was the key driving factor behind the IBM Security App Exchange and the QRadar SIEM app framework. But how do you deliver both sets of seemingly conflicting requirements? We knew bolt-ons and closed solutions where not going to deliver the agility, simplified workflows and lower operational costs that customers needed. We’ve all seen these approaches do little for organizations except add overheads and complexity.

IBM completely opened up the QRadar platform to enable third-party vendors (including our competitors), partners and other teams within IBM to create, seamlessly integrate and embed solutions with QRadar. This was done in the form of pluggable, independent QRadar apps, thereby enabling that agility, ecosystem and innovation. To date, we now have over 75 apps on the App Exchange from dozens of vendors, covering myriad security operations processes.

Dancing With Docker

What isn’t immediately obvious, though, is what a QRadar App actually is and why it is so important. To some, an app is maybe something as simple as a few searches, dashboards or correlation rules. While this is true, there is much more to a QRadar app, stemming from its innovative use of the Docker technology. We integrated Docker directly into QRadar — so much so that it is now, by default, present in every single QRadar instance, from the smallest versions running on laptops to the largest global deployments.

What is so wonderful about Docker? Docker is a relatively new containerization technology. It enables applications to be written and deployed into containers running in a machine instance or virtual machine (VM) without all the overhead of a full operating system for each container. Containers can store all the software they need to operate and can leverage the core host operating system (OS) for the remainder. More importantly, containers completely isolate apps from each other and the QRadar platform, so one app cannot consume all the resources on the host and cause another to fail.

Why is this so important for QRadar? Docker provides the stability and robustness through the QRadar platform and containerized apps, but it also enables agility and ecosystem through openness, pluggability and seamless app integration. It empowers QRadar apps with searches and rules, new user interfaces, data stores and complex analytics leveraging technologies such as Hadoop and Spark.

A great example of an app making full use of the QRadar Application Framework and Docker containers is the new User Behavior Analytics App. This app adds new data models, analytics, visualizations, dashboards and application program interfaces (APIs) and plans to utilize Spark to enable more advanced machine learning and behavioral analytics than those found in traditional SIEM solutions.

More Innovation to Come

Years ago, we called the QRadar architecture the “Security Intelligence Operating System (SIOS).” This is finally being fully recognized in a very tangible way thanks to these new innovations. With built-in Docker containerization and pluggable analytics from Spark, we are really excited about how effectively this technology has enabled collaboration, innovation and integration in an easily consumable and secure way. To top it all off, we have apps in the pipeline that are exciting, game changing and just outright cool!

Learn more about the QRadar UBA App

More from Intelligence & Analytics

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today