Another new app from Bit9 + Carbon Black provides QRadar users with deeper visibility into threats on endpoint devices, desktops, laptops and servers. By analyzing endpoint sensor data from within the QRadar interface, the Carbon Black App for IBM QRadar enables customers to detect and respond to endpoint attacks more quickly and efficiently.
And the new IBM Security QRadar Incident Overview App enables users to better visualize all of the offenses within their QRadar installation using bubbles, colors and correlation lines. The size and color of the bubble indicates the magnitude of the incident, while lines drawn between bubbles indicate shared IP addresses among the linked incidents. This type of intuitive visualization approach helps security analysts to quickly identify common elements between incidents and better prioritize important incidents.
All of these applications are enabled by the new QRadar application framework, which enables developers to quickly build new QRadar applications via open APIs and software developer kits. IBM Security will be closely testing every application before it is posted to the App Exchange to ensure the integrity of these community contributions, IBM said.
In addition, IBM announced a new release of IBM Security QRadar. According to analysts, IBM is the market leader for Security Incident and Event Management (SIEM) based on 2014 total software revenue, and has held leadership positions in Gartner’s Magic Quadrant for SIEM for the past seven years in a row.
Now QRadar will enable customers to create rules that will automatically take actions once specific threats have been detected. For example, rules created within QRadar can automatically trigger actions that block IP addresses and control user access based on their risk profile. Additionally, applications that are developed using the new QRadar application framework can also leverage custom rules to automatically respond to threats.
"The new QRadar Application Framework and SDK enables partners, third-party security vendors, managed services organizations, customers and IBM to rapidly build new security extensions directly into QRadar," Meenan said in his post. "This utilizes all the core capabilities of the platform (e.g., data collection, normalization, correlation, search, behavioral baselining, incident detection and more) and also seamlessly adds new analytics, visualizations and workflows."
IBM also is further integrating QRadar with the IBM BigFix endpoint security management solution to help customers better prioritize threats and patches on user devices. QRadar can now also identify the exposed endpoints that do not have BigFix installed, helping users find rogue or unmanaged assets more quickly.