Co-authored by Matt Carle.

There’s nothing like a little real-world input to help security technology providers focus on the problems their clients face. Matt Carle and Chris Collard, offering managers for IBM Security, exchanged thoughts after a recent trade show appearance. The two experts discussed audience reactions to material they presented on security analytics and intelligence. What follows is a basic overview of what they heard and learned.

Two Experts Discuss Security Intelligence

Chris: Matt, we’ve spoken a lot this week about the ever-changing threat and security intelligence landscape. How do you weigh the feedback we’ve obtained, and what new things are you planning to stay ahead of these trends?

Matt: Obviously, as clients have confirmed, there is definitely a shift underway with more and more businesses willing to dip their toes into cloud-delivered security solutions. They want more deployment options and additional flexibility to include hybrid and cloud options.

What we clearly heard was that many of companies are adopting widely dispersed deployments. They have both physical and virtual installations and they are moving more and more to SaaS. One critical feature required for these deployments is multitenant management. SOC, administrators, MSS providers and managers of geographically diverse deployments all need the ability to manage installations centrally. It’s critical.

Chris: No doubt. Inside any shared infrastructure, you absolutely need the ability to intelligently manage and effectively control how individual tenants can impact the performance of the overall system. This goes for larger deployments with many satellite offices and deployments where infrastructure is shared among multiple tenants.

Read the Nucleus Research Guidebook: IBM QRadar on Cloud

Integration and Interoperability

Matt: The other big trend we heard is the need for interoperability.

Chris: And by that you mean how well one solution talks to or integrates with other solutions — the idea of open APIs.

Matt: Bingo. Our clients and partners absolutely require the ability to integrate all log, device and security intelligence sources into a unified view of their threat landscape. Even though we support 400-plus integrations out-of-the-box, there’s always that one additional that is required.

Chris Yeah, that’s really important. Often the kind of skills necessary to integrate these sources doesn’t directly relate to the core mission. Making these integrations easy allows clients to stay focused on monitoring the environment and using the information, as opposed to just collecting and storing it for reporting purposes.

Matt: Exactly. It’s really a question of where you want to — and, more importantly, where you need to — spend the bulk of your time: adding new data sources or scouring those data sources for anomalies and threats?

Shooting for the Clouds

Matt: We also heard several questions about QRadar on Cloud. How are you addressing the cloud?

Chris: It is a big focus area. It’s an exciting time to be a cloud provider. We’re seeing an incredible amount of interest and some very specific questions about how to move full production workloads into the cloud.

Matt: As opposed to primarily test or development workloads?

Chris: Yes. More and more organization are moving their application stacks out of their own facilities and moving bigger parts of these workloads into the cloud. The establishment of secure transmission, storage and other cloud standards means that it’s now a question of how much of your workload you want to move to the cloud, not if. We have seen this in the field and have research that has identified client drivers and the kinds immediate benefits that clients can expect from moving to a SaaS platform.

Matt: And where does this end? With all workloads exclusively in the cloud?

Chris: I don’t think so. While there is certainly a growing trend towards cloud migration, this migration won’t be overnight. It won’t be a light switch moment for all companies. The need for on-premises labs and data facilities will remain well into the foreseeable future. Coming back to the point that you raised earlier, the goal is to have the widest degree of deployment options available for current and future needs, both on-premises and off.

Matt: What about geographical restrictions? How do you see those limiting growth and adoption? What are the plans for expanding beyond our current U.S., European and Latin American data centers?

Chris: I don’t really see it as a limitation per se, but more of a basic requirement. Where country or company rules dictate that client data must not leave the country, cloud offerings simply need to be able to meet these needs in-region. I really think that those with the strongest global footprint are best positioned to meet these country-specific needs.

Unlocking the Full Threat Picture

Chris: Okay. Switching gears, our session attendees expressed a lot of interest in our app store ecosystem. I am interested in your key takeaways, as this will equally benefit both on-premises and cloud clients.

Matt: Well first off, how cool are we? I’m really excited to see all the activity and growth within the IBM Security App Exchange, in terms of both the number of downloads and the growing number of partner apps. There’s definitely a big opportunity for new apps that reach further into the business itself and integrate core business context into the platform. I would include as examples IPAM platforms, CMDBs and even identity and access management systems, all of which provide extremely valuable business insight that helps analysts during investigations and augment the core detection and analytics capabilities of the platform.

Chris: Very cool. I would love to see more of the kinds of intelligence that can be gleaned from existing system configuration data. It’s really critical to unlocking the full threat picture. Often it’s only by mapping and correlating these complex data streams into trends that you can detect what the naked eye would otherwise miss.

One last thing: If you have not yet had a chance, download and check out the “Guidebook on IBM QRadar on Cloud” from Nucleus Research. It provides an excellent set of use cases and success stories based on a number of real-world security intelligence and analytics SaaS deployments. You can also hear the author of the research report, Seth Lippincott, discuss his findings in the exclusive on-demand webinar, “How Moving Security to the Cloud Can Help you Keep Pace with the Dynamic Threat Environment.”

More from Intelligence & Analytics

BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration

9 min read - This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, Diego Matos Martins and Joseph Spero. BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force Threat Intelligence Index, continues to wreak havoc across organizations globally this year. BlackCat (a.k.a. ALPHV) ransomware affiliates' more recent attacks include targeting organizations in the healthcare, government, education, manufacturing and hospitality sectors. Reportedly, several of these incidents resulted…

9 min read

Despite Tech Layoffs, Cybersecurity Positions are Hiring

4 min read - It’s easy to read today’s headlines and think that now isn’t the best time to look for a job in the tech industry. However, that’s not necessarily true. When you read deeper into the stories and numbers, cybersecurity positions are still very much in demand. Cybersecurity professionals are landing jobs every day, and IT professionals from other roles may be able to transfer their skills into cybersecurity relatively easily. As cybersecurity continues to remain a top business priority, organizations will…

4 min read

79% of Cyber Pros Make Decisions Without Threat Intelligence

4 min read - In a recent report, 79% of security pros say they make decisions without adversary insights “at least the majority of the time.” Why aren’t companies effectively leveraging threat intelligence? And does the C-Suite know this is going on? It’s not unusual for attackers to stay concealed within an organization’s computer systems for extended periods of time. And if their methods and behavioral patterns are unfamiliar, they can cause significant harm before the security team even realizes a breach has occurred.…

4 min read

Why People Skills Matter as Much as Industry Experience

4 min read - As the project manager at a large tech company, I always went to Jim when I needed help. While others on my team had more technical expertise, Jim was easy to work with. He explained technical concepts in a way anyone could understand and patiently answered my seemingly endless questions. We spent many hours collaborating and brainstorming ideas about product features as well as new processes for the team. But Jim was especially valuable when I needed help with other…

4 min read