SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
IBM Security completes industry first with updates to Cloud Pak for Security solution
Mon, 19th Oct 2020
FYI, this story is more than a year old

IBM Security has announced new capabilities for Cloud Pak for Security, including, notably, a data security solution that allows companies to detect, respond to and protect against threats to sensitive data across hybrid cloud environments.

According to the company, this brings an industry-first ability to connect threat management, data security and identity within a single platform.

In addition, the expansions include new data sources, integrations, and services that allow security operations teams to manage the full threat lifecycle from a single console.

With these upcoming capabilities, Cloud Pak for Security will include access to six threat intelligence feeds, 25 pre-built connections to IBM and third-party data sources, and 165 case management integrations which are connected through advanced AI to prioritise threats, and automation playbooks to streamline response actions for security teams.

More specifically, the added capabilities cover threat response, threat intelligence and dedicated services and support.

For threat response and data security, IBM has developed a new approach to provide security teams with visibility into data activity, compliance and risk, without needing to leave their primary response platform.

The new built-in data security hub, scheduled for general availability in Q4, allows analysts to gain context into where their sensitive data resides across hybrid cloud environments, as well as who has access to it, how it is used, and the best way to protect it, IBM Security states.

Cloud Pak for Security is also expanding its collection of threat intelligence, helping clients detect early warning signs of active threat campaigns impacting companies around the world.

In addition to IBM's X-Force Threat Intelligence Feed, the platform will provide pre-built integrations for five additional threat intelligence feeds from third-party sources, including AlienVault OTX, Cisco Threatgrid, MaxMind Geolocation, SANS Internet StormCenter and Virustotal scheduled for general availability in Q4, and additional threat feeds expected to be added in 2021.

Finally, IBM is launching new dedicated security services to help organisations modernise their security operations with Cloud Pak for Security, leveraging a holistic approach connecting products and services.

With a wide range of flexible service options, IBM experts can help clients deploy and manage Cloud Pak for Security across any environment, including end-to-end threat management, managed security services, as well as strategy, consulting and integration support, the company states.

According to IBM Security, with the upcoming new capabilities, Cloud Pak for Security will become the first platform in the industry to connect data-level insights and user behavior analytics with threat detection, investigation and response.

IBM Security vice president Justin Youngblood says, “Complexity is the greatest challenge facing our industry, forcing resource-strapped security teams to manually connect the dots between disparate tools and sources of security data.

“Cloud Pak for Security is built on open, cloud native technologies from the ground up to connect any tool within the security ecosystem.

"With these updates, we will be the first in the industry to bring together external threat intelligence and threat management alongside data security and identity, helping organisations to modernise their security operations and create the foundation for a zero trust security strategy.

Cloud Pak for Security leverages open technologies to create an interoperable foundation and connections between the IBM and third-party tools.

For instance, the platform uses STIX-Shifter, an open source library that allows security analysts to search for threat indicators across all connected data sources with a single query, IBM Security states.

Additionally, Cloud Pak for Security is built on Red Hat OpenShift, providing an open, containerised foundation that can be deployed across on-premise, public and private cloud environments.

Furthermore, the platform uses advanced AI, analytics and automation to streamline the full lifecycle of threat management including native capabilities for SIEM, threat intelligence, user behaviour analytics and more.

These capabilities are delivered through a unified user interface that connects the entire threat management process via end-to-end workflows, from detection through response.

The capabilities of Cloud Pak for Security can be supported by and integrated with other IBM Security Services, with unified offerings that connect technologies and services.