This article was published in the IBM Resilient Knowledge Center on April 16, 2018. You can read the original post here.
Today, we unveiled the next-generation of incident response with the IBM Resilient Security Orchestration, Automation, and Response (SOAR) Platform with Intelligent Orchestration. We couldn’t be more excited to show the world the advancements that will transform how they manage their incident response functions by outsmarting, outpacing, and outmanuevering threats.
Core to this new platform is the IBM Resilient Intelligent Orchestration Ecosystem, a robust hub of enterprise-grade, bi-directional integrations supported by the world’s leading security companies such as Cisco, Carbon Black, McAfee, Splunk, Everbridge, ObserveIT, and many others.
Delivered via the IBM Security App Exchange, these integrations are enterprise-grade applications that can be easily added to any workflow. Resilient makes this process seamless through plug-and-play functionality that allows security teams to build, maintain, and customize response plans. Customers also have access to a drag-and-drop workflow editor that requires minimal coding. As security plans or environments shift, integrations can be easily moved or re-used without the analyst needing to understand the technical or implementation background. Customers also have access to shared community playbooks through the support of the Resilient Developer Community.
Together with these partner technologies, security teams have an open and simple way to share data and actions between technology solutions and security tools. The platform automatically initiates activities across partner technologies, such as monitoring and escalation, identification and enrichment, communication and coordination, or containment, response, and recovery. Our industry-leading response expertise is now further strengthened with automatic enrichment through built-in and custom threat intelligent feeds, and other enterprise-grade integrations such as SIEM and EDR.
We are excited to combine the power of our next-generation platform with the industry leading capabilities of our partners. Our customers now have a powerful tool to prioritize attacks, accurately identify critical incidents, and automate tasks more efficiently.
Hear more about this announcement directly from our partners:
Cisco Threat Grid and Umbrella
“Cisco Security and IBM Resilient are launching a number of integrations, including Cisco Threat Grid and Umbrella,” said Dov Yoran, Senior Director of Strategy & Business Development at Cisco. “We partnered with IBM Resilient to improve visibility and provide analysts with more information at their fingertips, empowering them to identify and remediate incidents faster. The inclusion of Threat Grid for dynamic malware analysis, and as an automated threat intelligence lookup source in the IBM Resilient SOAR Platform, allows an analyst greater context on malware and malicious activity both locally and globally.”
McAfee Data Exchange Layer (DXL), with the ability to query McAfee Threat Intelligence Exchange (TIE)
“The integration of the IBM Resilient SOAR Platform with DXL, McAfee TIE and McAfee ePO will enable better security intelligence, faster response times and empower security teams to handle threats using automated tasks,” said D.J. Long, vice president of strategic business development, McAfee. “Leveraging the deep portfolio of McAfee security solutions together with Resilient’s industry-leading orchestration capabilities, we can now deliver solutions that enable security teams to work faster and more efficiently.”
“Splunk founded the Adaptive Response Initiative in 2016 to help organizations integrate and coordinate their multi-vendor environments to better combat risks and bolster their security posture. We are proud to have IBM Resilient as a member of the Adaptive Response Initiative, enabling our mutual customers to better analyze, assess and respond to advanced attacks within their Security Operations Center (SOC),” said Jon Rooney, vice president of product marketing, Splunk. “The latest release of the Resilient integration for Splunk and Splunk Enterprise Security helps our customers leverage bi-directional integration to speed response time and mitigate risk. The app is available for free on Splunkbase.”
Carbon Black Cb Response
“Today organizations suffer from staffing and skills shortages needed to respond effectively to cyber threats,” said Chris Berninger, Business Development Security Engineer at Carbon Black. “The IBM Resilient and Carbon Black integration solves this by ensuring the Resilient user has the right Carbon Black data at the right place and at the right time. Analysts will save critical time in the response process, and get the right data to quickly mitigate the threat.”
“We’ve seen firsthand how important threat intelligence is to providing earlier detection of cyber attacks. Through the Anomali integration with IBM Resilient, our customers will be able to identify serious threats to their organizations and orchestrate a powerful and efficient response,” said Darren Gaeta, vice president of alliances at Anomali. “These types of bi-directional information sharing integrations are critical to staying ahead of malicious actors.”
“We’re excited that IBM Resilient is giving partners the ability to produce more modular integrations,” said Glenn Wong, Director of Product Management and Technology Partnerships at Recorded Future. “We built an integration where analysts can have threat intelligence enrichment on demand from Recorded Future, while working directly in Resilient. This process ultimately reduces the amount of work the analyst needs to do, speeds up response times, and provides analysts with more bandwidth to tackle more critical threats.”
“This partnership signals the availability of a comprehensive 360-degree view for customers in managing security and IT operations across their enterprise,” said Prashant Darisi, Vice President, Product Management at Everbridge. “Combining Everbridge’s communication, collaboration, and smart orchestration platform with the advantages of the IBM Resilient platform provides significant benefits for our customers to respond to critical IT events and mitigate business impact and reputation costs through consistent, predictable, and shorter incident resolution times.”
“The greatest threat to businesses today is not outsiders trying to get in, but insiders who have the keys to an enterprise’s most important assets. Security teams must be prepared to deal with these insider threats- both accidental and malicious,” said Mike McKee, CEO, ObserveIT. “To identify and eliminate risky user activity, organizations must have the proper threat detection and prevention technology. By integrating ObserveIT with the IBM Resilient SOAR Platform, organizations can now reap the benefits of total visibility into insider threats, enabling security teams to quickly and efficiently mitigate risk.”
“Security threats today are growing in volume and complexity, and efficiently responding to these can be a major challenge for security teams, said Haig Colter, Director of Technical Alliances at ThreatQuotient. “The combination of ThreatQ and the Resilient Incident Response Platform provides security teams access to the information they need quickly to accelerate the response to these threats. This allows for a more orchestrated approach to security operations.”
“We’re excited to launch the integration of our file intelligence and analysis solutions with IBM Resilient,” says Mario Vuksan, Founder and CEO at ReversingLabs. “The combination of ReversingLabs Malware Analysis and authoritative File Intelligence solutions with IBM Resilient’s SOAR Platform provides joint customers with automated access to the critical visibility they need to protect their digital assets from increasingly complex cyber threats.”
“We fundamentally believe proactive detection, incident response, and remediation are critical capabilities for all aspects of security,” said Ernesto DiGiambattista, CEO and co-founder of CYBRIC. “Our mission has always been to improve an enterprise’s cybersecurity posture with a proactive and continuous approach to application security. This requires a commitment to not only embedding security earlier on in the development lifecycle, but to responding to incidents as they arise. By combining the power of CYBRIC and IBM Resilient, we’re enabling enterprises to more effectively protect their environment from attack and manage risk from code to the cloud.”
“In today’s connected world it is more complex than ever to communicate effectively with stakeholders during a potential cyberattack,” says Brant Williams, VP, Americas at Whispir. “By integrating with the IBM Resilient SOAR Platform we are able to extend the incident response process to enable real-time interaction across SMS, voice, social media and email ensuring that the right people get the right information at the right time during a crisis.”
Digital Shadows monitors, manages, and remediates digital risk across the widest range of sources on the visible, deep, and dark web to protect your organization. The Digital Shadows app for Resilient imports SearchLightTM incidents into the IBM Resilient SOAR Platform.
To find out more, please visit the IBM Security App Exchange. For partners looking to easily build and deploy custom integrations with IBM Resilient, please visit the IBM Resilient Developer Community.
Prior to joining IBM Resilient, Gene founded FVF Partners, a firm that helped CEOs and senior managers at early-stage high-tech companies to refine their sal...