IBM has made a couple of moves to open up its security platform, including launching the IBM Security App Exchange, a marketplace for the security community to create and share apps based on IBM security technologies.
Big Blue also announced it is opening its security analytics platform, IBM Security QRadar, enabling customers, business partners and other developers to build apps that take advantage of the platform’s security intelligence capabilities.
The opening of its security analytics platform is the second major step IBM has taken this year to advance industry collaboration and innovation to battle cyber-crime. In April, IBM opened its 700 terabyte database of security threat data through IBM X-Force Exchange. More than 2,000 organizations have joined the threat sharing platform since it was announced.
With the combination of opening its security analytics platform and its database of threat intelligence, IBM is promoting deeper industry collaboration and enabling organizations to share both data and expertise to stay ahead of cyber-criminals.
IBM and partners including Bit9 + Carbon Black, BrightPoint Security, Exabeam and Resilient Systems already have populated the IBM Security App Exchange with dozens of apps that extend IBM Security QRadar security analytics in areas like user behavior, endpoint data and incident visualization. These new apps take advantage of new open APIs for QRadar. The platform uses data analytics and threat intelligence to detect security incidents for thousands of security operation centers across the globe, IBM said. Dozens of organizations have joined IBM App Exchange, and partners such as STEALTHbits and iSIGHT Partners also have apps in development.
“With thousands of customers now standardizing on IBM’s security technologies, opening this platform for closer collaboration and development with partners and customers changes the economics of fighting cybercrime,” said Marc van Zadelhoff, vice president of strategy and product management for IBM Security, in a statement. “Sharing expertise across the security industry will allow us to innovate more quickly in order to help stay ahead of increasingly sophisticated attacks.”
Through integration with third-party technologies, these new apps are designed to provide customers with better visibility into more types of data and also offer new automated search and reporting functions which help security specialists focus on the most pressing threats. The apps are freely available through the IBM Security App Exchange.
“Organizations will not only have the confidence that apps on the App Exchange are curated by IBM, but also that the security community as a whole is able to review and contribute to them,” said Chris Meenan, product manager for QRadar, in a blog post.
Examples of these new applications include the Exabeam User Behavior Analytics app, which integrates user-level behavioral analytics and risk profiling directly into the QRadar dashboard. This real-time view of user risk allows companies to detect subtle behavioral differences between a normal employee and an attacker using that same credential. A new IBM-developed app lets QRadar users pull in any threat intelligence feed using the open standard STIX and TAXII formats, and use this data to create custom rules for correlation, searching, or reporting. For example, users could bring in public collections of dangerous IP addresses from IBM X-Force Exchange and create a rule to raise the magnitude of any offense that includes IP addresses from that watch list.
IBM Launches Security App Echange Marketplace
Another new app from Bit9 + Carbon Black provides QRadar users with deeper visibility into threats on endpoint devices, desktops, laptops and servers. By analyzing endpoint sensor data from within the QRadar interface, the Carbon Black App for IBM QRadar enables customers to detect and respond to endpoint attacks more quickly and efficiently.
And the new IBM Security QRadar Incident Overview App enables users to better visualize all of the offenses within their QRadar installation using bubbles, colors and correlation lines. The size and color of the bubble indicates the magnitude of the incident, while lines drawn between bubbles indicate shared IP addresses among the linked incidents. This type of intuitive visualization approach helps security analysts to quickly identify common elements between incidents and better prioritize important incidents.
All of these applications are enabled by the new QRadar application framework, which enables developers to quickly build new QRadar applications via open APIs and software developer kits. IBM Security will be closely testing every application before it is posted to the App Exchange to ensure the integrity of these community contributions, IBM said.
In addition, IBM announced a new release of IBM Security QRadar. According to analysts, IBM is the market leader for Security Incident and Event Management (SIEM) based on 2014 total software revenue, and has held leadership positions in Gartner’s Magic Quadrant for SIEM for the past seven years in a row.
Now QRadar will enable customers to create rules that will automatically take actions once specific threats have been detected. For example, rules created within QRadar can automatically trigger actions that block IP addresses and control user access based on their risk profile. Additionally, applications that are developed using the new QRadar application framework can also leverage custom rules to automatically respond to threats.
“The new QRadar Application Framework and SDK enables partners, third-party security vendors, managed services organizations, customers and IBM to rapidly build new security extensions directly into QRadar,” Meenan said in his post. “This utilizes all the core capabilities of the platform (e.g., data collection, normalization, correlation, search, behavioral baselining, incident detection and more) and also seamlessly adds new analytics, visualizations and workflows.”
IBM also is further integrating QRadar with the IBM BigFix endpoint security management solution to help customers better prioritize threats and patches on user devices. QRadar can now also identify the exposed endpoints that do not have BigFix installed, helping users find rogue or unmanaged assets more quickly.