Bad guys are getting stronger. Cyberattacks are at an all-time high. The cost of a data breach is increasing. Organizations across all industries are being attacked. Insider threats are on the rise.
These statements are not just meant to send jitters through security leaders — they are facts. Is there a recipe that allows organizations to better protect, detect and respond to threats? IBM and Check Point have teamed up to find solutions.
3 C’s of Security
IBM recommends a three C’s approach to cybersecurity: cognitive, cloud and collaboration.
- Cognitive solutions are solutions that can understand, reason and learn. These solutions can make sense of unstructured data, which traditional systems cannot.
- Cloud systems that strengthens a company security posture because security is built into the architecture.
- Collaboration within the security industry to combat cybercriminals, who also often collaborate. An important aspect of this collaboration would be intelligence sharing.
IBM and Check Point Partnership
In line with the collaboration that the security industry needs to have, IBM and Check Point are deepening their nearly two-decades-long relationship. The two organizations are jointly working in key areas to help mutual customers accelerate their threat protection program.
Recently, Check Point launched an app called SmartView for QRadar on IBM’s App Exchange. The Check Point SmartView Application for QRadar consolidates monitoring, logging, reporting and event analysis into a single console to bring clients comprehensive, easy-to-understand threat visibility. The security teams can focus their efforts on the critical threats by delivering network and security events from Check Point devices to QRadar for forensic analysis within a unified console.
Partnership in Action
Consider a scenario where the attacks are coming through the endpoints. Typically, organizations have various tools working in silos — endpoint monitoring, security information and event monitoring (SIEM) tools, ticketing systems and incident response. So if an endpoint detects something malicious, a ticket is generated and manually escalated to SIEM. The SIEM looks at it and may take time to act upon it. Then the incident response platform needs to be manually activated for remediation. The entire process could take a lot of time and has manual intervention. Does the organization have this much time?
Imagine a workflow in which anything detected at endpoints is directly communicated to SIEM and goes through the following process:
- A malicious attack is identified at the endpoint.
- The issue is immediately identified as an event in the SIEM platform.
- A ticket is created that can be addressed by the customer’s administrator.
- Customers using Resilient for incident response can push out a remediation automatically.
The above scenario is very useful in case an attack is coming from the endpoint and needs to be addressed immediately, without going through the manual flow of creating the ticket and escalating it. Automation is an important difference in how effective that resolution is, and it helps organizations make informed decisions.
Security is proving to be best played as a team sport, with trust and open communication among fellow players as a best practice for winning. We’re taking the next step in collaboration and are thrilled to have Check Point as a security partner to join and support this new ecosystem.
For more insights on how IBM and Check Point are working together, listen to the podcast, “IBM and Check Point: Taking on Security Challenges in Asia-Pacific and Around the World.” We also invite you to join us for CPX 2017 in Singapore on Aug. 23, and for Govware 2017, also in Singapore, from Sept. 19 to 21. There you can learn how IBM and Check Point can together help clients with security.