IBM Launches Open Technology to Speed Response to Cyber Threats Across Clouds
November 26, 2019IBM
today announced Cloud Pak for Security, featuring industry-first innovations to
connect with any security tool, cloud or on-premise system, without moving data
from its original source. Available today, the platform includes open-source
technology for hunting threats, automation capabilities to help speed response
to cyberattacks, and the ability to run in any environment.
Cloud Pak for Security is
the first platform to leverage new open-source technology pioneered by IBM,
which can search and translate security data from a variety of sources,
bringing together critical security insights from across a company’s multicloud
IT environment. The platform is extensible, so that additional tools and
applications can be added over time.
As businesses move further
into cloud maturity, applications and data are spread across multiple private
and public clouds and on-premise resources. Attempts to protect this fragmented
IT environment require security teams to undertake complex integrations and
continuously switch between different screens and point products. More than
half of security teams say they struggle to integrate data with disparate
security and analytic tools and combine that data across their cloud
environments to spot advanced threats (SANS Institute survey)
Three initial capabilities
of Cloud Pak for Security include:
- Gain security insights without moving data. Transferring data in order to analyze it creates additional complexity. IBM Cloud Pak for Security can connect all data sources to uncover hidden threats and make better risk-based decisions, while leaving the data where it resides. Via the Cloud Pak for Security’s Data Explorer application, security analysts can streamline their hunt for threats across any security tool or cloud. Without this capability, security teams are forced to manually search for the same threat indicators (such as a malware signature or malicious IP address) within each individual environment. Cloud Pak for Security is the first tool that allows this type of search without needing to move that data into the platform for analysis.
- Respond faster to security incidents with automation – IBM Cloud Pak for Security connects security workflows with a unified interface and automation playbooks so that teams can respond faster to security incidents. The platform allows companies to orchestrate their response to hundreds of common security scenarios, guiding users through the process and providing quick access to the right security data and tools. IBM’s Security Orchestration, Automation and Response capability integrates with Red Hat Ansible for additional automation playbooks. By formalizing security processes and activities across the enterprise, companies can react faster and more efficiently, while arming themselves with information needed for increasing regulatory scrutiny.
-
Run anywhere. Connect security openly – IBM Cloud Pak for Security
installs easily in any environment – on premises, private cloud or public
cloud. It provides a unified interface to simplify operations, comprised of
containerized software pre-integrated with Red Hat OpenShift, the industry’s
most comprehensive enterprise Kubernetes platform.
“As businesses move
mission-critical workloads to hybrid multicloud environments, security data is
spread across different tools, clouds and IT infrastructure. This creates gaps
that allow threats to be missed, requiring security teams to build and maintain
costly, complex integrations and manual response plans,” said Mary O’Brien,
General Manager, IBM Security. “With Cloud Pak for Security, we’re laying the
foundation for a more connected security ecosystem designed for the hybrid,
multicloud world.”
IBM collaborated with
dozens of clients and service providers during the design process, developing a
solution to address critical interoperability challenges that permeate the
security industry. Cloud Pak for Security has initial connectors for pre-built
integrations with popular security tools from IBM, Carbon Black, Tenable,
Elastic, BigFix, Splunk, as well as public cloud providers including IBM Cloud,
Amazon Web Services* and Microsoft Azure.* The solution is built on open
standards so that it can connect additional security tools and data from across
a company’s entire infrastructure.
“Organizations
have rapidly adopted new security technologies to keep up with the latest
threats, but are now juggling dozens of disconnected tools which don’t always
work well together,” said Jon
Oltsik, Senior Principal Analyst, Enterprise Strategy Group. “The industry
needs to solve this issue for customers by shifting to more open technologies
and unified platforms that can serve as the connective glue between security
point tools. IBM’s approach aligns with this requirement and has the potential
to bring together every layer of the security stack within a single, simplified
interface.”
To further accelerate
industry migration toward open security, IBM is also spearheading open-source
projects to make security tools work together natively across the security
ecosystem. As a founding member of the Open Cybersecurity Alliance, IBM and more than 20
other organizations are working together on open standards and open source
technologies that enable product interoperability and reduce vendor lock-in
across the security community.
Designed
for the Hybrid, Multicloud World
Seventy-six percent of
organizations report they are already using between two and 15 hybrid clouds,
and 98 percent forecast they will be using multiple hybrid clouds within three
years. (IBM Institute for Business Value, 2018),IBM’s Cloud Pak for
Security is built on open source technologies that are foundational to
companies’ cloud environment – including Red Hat OpenShift.
Creating Cloud Pak for
Security on these open, flexible building blocks allows for easy
“containerized” deployment across any cloud or on premise-environment. As
companies continue adding new cloud deployments and migrations, Cloud Pak for
Security can easily adapt and scale to these new environments – allowing
clients to bring even sensitive and mission-critical workloads into the cloud
while maintaining visibility and control from within a centralized security
platform.
Cloud Pak for Security also
provides a model for Managed Security Services Providers (MSSP) to efficiently
operate at scale, connect security silos and streamline their security
processes. Organizations can also leverage a wide range of IBM Security
Services, such as on-demand consulting, custom development and incident
response.
IBM Cloud Pak for Security
is now generally available worldwide – visit https://www.ibm.com/products/cloud-pak-for-security for more information.