IBM to Buy Resilient Systems in Security Incident-Response Play
"The background for IBM's purchase of Resilient is the changing nature of cyber-threats to businesses, which have moved from random individual incidents to systematic assaults funded by organized criminals and hostile governments," said Charles King, principal analyst at Pund-IT. "It's as if cyber-criminals have evolved from being dedicated terrorists to becoming well-organized military organizations." Describing the Resilient technology in a blog post, John Bruce, CEO and chairman of Reslient Systems, said: "We built the industry's first Incident Response Platform (IRP). Now in version 25, it seamlessly connects with the myriad of security tools used by organizations today, creating an intelligent incident response hub. It brings together people, processes and technology with the potency and intelligence needed to fight today's cyber battles." On the services side, IBM has a team of folks doing incident response and that the company beefed up, and Big Blue is making those services available in its portal where over 4,000 managed services customers can log in and initiate an engagement when they have experienced a security incident, van Zadelhoff said. "Combining our knowledge and expertise with IBM is a perfect fit culturally and technologically," said Bruce in his post. "We're already integrated with IBM QRadar and IBM App Exchange in production environments, and the opportunity to deepen that integration and extend it into other IBM technologies makes for a compelling solution for our joint customers.""We're enhancing our capabilities around all these services through a partnership with Carbon Black, which provides endpoint-detection response technology," van Zadelhoff told eWEEK. And then there's the Resilient piece. So the services team will now be able to leverage the Resilient technology, deploying it on our back end to help with the response management piece." In his own blog post, van Zadelhoff said the new X-Force Incident Response Services will help customers "to more effectively discover, track, respond to and report on security incidents. Also included is a new remote incident-response service that actively hunts for threats and allows for the remote management of active attacks via the cloud." Van Zadelhoff also noted in his post that the need for a broad spectrum security incident-response capability is even more important, given a recent Ponemon Institute study that indicated that 70 percent of U.S. security executives do not have a cyber-security incident-response plan in place. The average cost of a data breach now totals $3.8 million, according to that study. "The best way for companies to survive these security incidents is by using what IBM calls 'immune response' solutions," King said. "These constantly monitor IT environments, detect security breaches in real time and respond instantaneously, much as a human body does when it's invaded by a virus. Resilient complements IBM's longstanding QRadar Security Intelligence Platform and its new X-Force Incident Response service. The deal also should expand the areas where IBM security can be applied and enhance those solutions' features and performance, benefitting both companies' customers and partners."
Meanwhile, IBM also announced the formation the IBM X-Force Incident Response Services team, including new, remote incident response (IR) capabilities, as well as a new partnership with Carbon Black for incident response. Carbon Black's incident-response tools help users monitor cyber-attacks from the endpoint.