Bad guys are getting stronger. Cyberattacks are at an all-time high. The cost of a data breach is increasing. Organizations across all industries are being attacked. Insider threats are on the rise.

These statements are not just meant to send jitters through security leaders — they are facts. Is there a recipe that allows organizations to better protect, detect and respond to threats? IBM and Check Point have teamed up to find solutions.

3 C’s of Security

IBM recommends a three C’s approach to cybersecurity: cognitive, cloud and collaboration.

  1. Cognitive solutions are solutions that can understand, reason and learn. These solutions can make sense of unstructured data, which traditional systems cannot.
  2. Cloud systems that strengthens a company security posture because security is built into the architecture.
  3. Collaboration within the security industry to combat cybercriminals, who also often collaborate. An important aspect of this collaboration would be intelligence sharing.

IBM and Check Point Partnership

In line with the collaboration that the security industry needs to have, IBM and Check Point are deepening their nearly two-decades-long relationship. The two organizations are jointly working in key areas to help mutual customers accelerate their threat protection program.

Recently, Check Point launched an app called SmartView for QRadar on IBM’s App Exchange. The Check Point SmartView Application for QRadar consolidates monitoring, logging, reporting and event analysis into a single console to bring clients comprehensive, easy-to-understand threat visibility. The security teams can focus their efforts on the critical threats by delivering network and security events from Check Point devices to QRadar for forensic analysis within a unified console.

Listen to the podcast: IBM and Check Point are Taking on Security Challenges in Asia-Pacific

Partnership in Action

Consider a scenario where the attacks are coming through the endpoints. Typically, organizations have various tools working in silos — endpoint monitoring, security information and event monitoring (SIEM) tools, ticketing systems and incident response. So if an endpoint detects something malicious, a ticket is generated and manually escalated to SIEM. The SIEM looks at it and may take time to act upon it. Then the incident response platform needs to be manually activated for remediation. The entire process could take a lot of time and has manual intervention. Does the organization have this much time?

Imagine a workflow in which anything detected at endpoints is directly communicated to SIEM and goes through the following process:

  • A malicious attack is identified at the endpoint.
  • The issue is immediately identified as an event in the SIEM platform.
  • A ticket is created that can be addressed by the customer’s administrator.
  • Customers using Resilient for incident response can push out a remediation automatically.

The above scenario is very useful in case an attack is coming from the endpoint and needs to be addressed immediately, without going through the manual flow of creating the ticket and escalating it. Automation is an important difference in how effective that resolution is, and it helps organizations make informed decisions.

Next Steps

Security is proving to be best played as a team sport, with trust and open communication among fellow players as a best practice for winning. We’re taking the next step in collaboration and are thrilled to have Check Point as a security partner to join and support this new ecosystem.

For more insights on how IBM and Check Point are working together, listen to the podcast, “IBM and Check Point: Taking on Security Challenges in Asia-Pacific and Around the World.” We also invite you to join us for CPX 2017 in Singapore on Aug. 23, and for Govware 2017, also in Singapore, from Sept. 19 to 21. There you can learn how IBM and Check Point can together help clients with security.

More from

The White House on Quantum Encryption and IoT Labels

A recent White House Fact Sheet outlined the current and future U.S. cybersecurity priorities. While most of the topics covered were in line with expectations, others drew more attention. The emphasis on critical infrastructure protection is clearly a top national priority. However, the plan is to create a labeling system for IoT devices, identifying the ones with the highest cybersecurity standards. Few expected that news. The topic of quantum-resistant encryption reveals that such concerns may become a reality sooner than…

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications and…

CEO, CIO or CFO: Who Should Your CISO Report To?

As we move deeper into a digitally dependent future, the growing concern of data breaches and other cyber threats has led to the rise of the Chief Information Security Officer (CISO). This position is essential in almost every company that relies on digital information. They are responsible for developing and implementing strategies to harden the organization's defenses against cyberattacks. However, while many organizations don't question the value of a CISO, there should be more debate over who this important role…

Malware-as-a-Service Flaunts Its Tally of Users and Victims

As time passes, the security landscape keeps getting stranger and scarier. How long did the “not if, but when” mentality towards cyberattacks last — a few years, maybe? Now, security pros think in terms of how often will their organization be attacked and at what cost. Or they consider how the difference between legitimate Software-as-a-Service (SaaS) brands and Malware-as-a-Service (MaaS) gangs keeps getting blurrier. MaaS operators provide web-based services, slick UX, tiered subscriptions, newsletters and Telegram channels that keep users…