IBM, Cisco Integrate Threat Intelligence to Improve Cyber-Security

IBM and Cisco are joining together in a new effort to share security information on emerging threats and collaborate more closely with security technology platforms.

IBM Cisco

IBM and Cisco today announced a new agreement that will see the two technology giants collaborate more closely on security threat intelligence, products and services.

"Cisco and IBM have been partnering at various levels for a long time," Jason Corbin, Vice President of Strategy and Offering Management at IBM Security, told eWEEK. "As Cisco's security portfolio has grown and as IBM's has grown, it has been really interesting to see just how complementary our security portfolios are."

One of the areas where the two companies will now work more closely together is in sharing threat intelligence. It's an effort that actually got started as a somewhat ad hoc initiative between IBM's X-Force and the Cisco Talos research teams during the WannaCry ransomware incident.

"Our teams worked together on WannaCry, sharing information, insights and indicators of compromise," Corbin said. "We just feel that it's really important to share information so we can get better insights to our customers to defend against attacks."

Going beyond just sharing information, the IBM Cisco security partnership also has product integrations to help enable organizations to benefit from the joint capabilities of the two companies. Among the planned integrations are a pair of Cisco applications that will run on top of the IBM QRadar security platform. The applications will bring Cisco's ThreatGrid and AMP (Advanced Malware Protection) to IBM, enabling users to benefit from advanced analytics. IBM expanded its QRadar platform in February with the QRadar Advisor with Watson offering, that brings IBM's cognitive computing platform to security intelligence operations.

As part of the partnership, the IBM Resilient Incident Response Platform (IRP) will also be integrated with Cisco's ThreatGrid platform to pull in indicators of compromise (IOC). Corbin explained that as security analysts are working on incidents in IBM Resilient and need real-time information about a piece of malware, that workflow can now be accelerated with ThreatGrid. Cisco acquired Threatgrid in May 2014 to help bolster its own malware analysis capabilities.

Dov Yoran, co-founder and formerly the CEO of ThreatGrid, now is a Senior Director of Strategy and Business Development at Cisco Security.

"Having two enormous security vendors now working more closely together and integrating more tightly, will reduce complexity and enable security teams to react faster and more efficiently," Yoran told eWEEK.

Yoran added that as part of the new security partnership there will also be joint go-to-market efforts between IBM and Cisco for products and services. While there is revenue opportunity for both companies, at this point Yoran emphasized that the initial goal is to focus on the fundamentals.

"All the work is predicated on executing on the fundamentals, which is about seeing more data, blocking more things together and acting faster," Yoran said. "The net result will be a stronger security posture for enterprises."

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.