IBM has made a couple of moves to open up its security platform, including launching the IBM Security App Exchange, a marketplace for the security community to create and share apps based on IBM security technologies.
Big Blue also announced it is opening its security analytics platform, IBM Security QRadar, enabling customers, business partners and other developers to build apps that take advantage of the platform's security intelligence capabilities.
The opening of its security analytics platform is the second major step IBM has taken this year to advance industry collaboration and innovation to battle cyber-crime. In April, IBM opened its 700 terabyte database of security threat data through IBM X-Force Exchange. More than 2,000 organizations have joined the threat sharing platform since it was announced.
With the combination of opening its security analytics platform and its database of threat intelligence, IBM is promoting deeper industry collaboration and enabling organizations to share both data and expertise to stay ahead of cyber-criminals.
IBM and partners including Bit9 + Carbon Black, BrightPoint Security, Exabeam and Resilient Systems already have populated the IBM Security App Exchange with dozens of apps that extend IBM Security QRadar security analytics in areas like user behavior, endpoint data and incident visualization. These new apps take advantage of new open APIs for QRadar. The platform uses data analytics and threat intelligence to detect security incidents for thousands of security operation centers across the globe, IBM said. Dozens of organizations have joined IBM App Exchange, and partners such as STEALTHbits and iSIGHT Partners also have apps in development.
"With thousands of customers now standardizing on IBM's security technologies, opening this platform for closer collaboration and development with partners and customers changes the economics of fighting cybercrime," said Marc van Zadelhoff, vice president of strategy and product management for IBM Security, in a statement. “Sharing expertise across the security industry will allow us to innovate more quickly in order to help stay ahead of increasingly sophisticated attacks.”
Through integration with third-party technologies, these new apps are designed to provide customers with better visibility into more types of data and also offer new automated search and reporting functions which help security specialists focus on the most pressing threats. The apps are freely available through the IBM Security App Exchange.
"Organizations will not only have the confidence that apps on the App Exchange are curated by IBM, but also that the security community as a whole is able to review and contribute to them," said Chris Meenan, product manager for QRadar, in a blog post.
Examples of these new applications include the Exabeam User Behavior Analytics app, which integrates user-level behavioral analytics and risk profiling directly into the QRadar dashboard. This real-time view of user risk allows companies to detect subtle behavioral differences between a normal employee and an attacker using that same credential. A new IBM-developed app lets QRadar users pull in any threat intelligence feed using the open standard STIX and TAXII formats, and use this data to create custom rules for correlation, searching, or reporting. For example, users could bring in public collections of dangerous IP addresses from IBM X-Force Exchange and create a rule to raise the magnitude of any offense that includes IP addresses from that watch list.