Despite having left coding 20 years ago and going over to the other side of offering and product management, I’m still a techie at heart. Next to seeing customers happy with our solutions, I also get excited about cool new tech that solves real business problems in a beautifully elegant way.

IBM Strengthens SIEM

One of the major challenges organizations struggle with in their security information and event management (SIEM) and security operations is the need for stability, robustness and predictability. Threats are operating 24/7 and the business stakes are high. To stay ahead of those rapidly developing threats, organizations need real agility, collaboration and continuously delivered innovation.

This was the key driving factor behind the IBM Security App Exchange and the QRadar SIEM app framework. But how do you deliver both sets of seemingly conflicting requirements? We knew bolt-ons and closed solutions where not going to deliver the agility, simplified workflows and lower operational costs that customers needed. We’ve all seen these approaches do little for organizations except add overheads and complexity.

IBM completely opened up the QRadar platform to enable third-party vendors (including our competitors), partners and other teams within IBM to create, seamlessly integrate and embed solutions with QRadar. This was done in the form of pluggable, independent QRadar apps, thereby enabling that agility, ecosystem and innovation. To date, we now have over 75 apps on the App Exchange from dozens of vendors, covering myriad security operations processes.

Dancing With Docker

What isn’t immediately obvious, though, is what a QRadar App actually is and why it is so important. To some, an app is maybe something as simple as a few searches, dashboards or correlation rules. While this is true, there is much more to a QRadar app, stemming from its innovative use of the Docker technology. We integrated Docker directly into QRadar — so much so that it is now, by default, present in every single QRadar instance, from the smallest versions running on laptops to the largest global deployments.

What is so wonderful about Docker? Docker is a relatively new containerization technology. It enables applications to be written and deployed into containers running in a machine instance or virtual machine (VM) without all the overhead of a full operating system for each container. Containers can store all the software they need to operate and can leverage the core host operating system (OS) for the remainder. More importantly, containers completely isolate apps from each other and the QRadar platform, so one app cannot consume all the resources on the host and cause another to fail.

Why is this so important for QRadar? Docker provides the stability and robustness through the QRadar platform and containerized apps, but it also enables agility and ecosystem through openness, pluggability and seamless app integration. It empowers QRadar apps with searches and rules, new user interfaces, data stores and complex analytics leveraging technologies such as Hadoop and Spark.

A great example of an app making full use of the QRadar Application Framework and Docker containers is the new User Behavior Analytics App. This app adds new data models, analytics, visualizations, dashboards and application program interfaces (APIs) and plans to utilize Spark to enable more advanced machine learning and behavioral analytics than those found in traditional SIEM solutions.

More Innovation to Come

Years ago, we called the QRadar architecture the “Security Intelligence Operating System (SIOS).” This is finally being fully recognized in a very tangible way thanks to these new innovations. With built-in Docker containerization and pluggable analytics from Spark, we are really excited about how effectively this technology has enabled collaboration, innovation and integration in an easily consumable and secure way. To top it all off, we have apps in the pipeline that are exciting, game changing and just outright cool!

Learn more about the QRadar UBA App

More from Intelligence & Analytics

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today