The IBM corporation the other day made a decision to open access to the analytical platform of safety — IBM Security Radar. This step, according to representatives of the company, will help customers, partners of the company and normal developers to create user applications with use of opportunities of a platform and corresponding data archive on safety. The online site for specialists in information security of IBM Security Exchange is also started. Here developers will be able to create and exchange applications on the basis of technologies of IBM.
Thus, the corporation takes active actions for stimulation of cooperation of the industry and promotion of innovations for fight against cybercrimes. Earlier in 2015 IBM published more than 700 TB of data on threats on the IBM X-Force Exchange platform. Only in April more than 2000 organizations joined a platform. Thanks to open access to an analytical platform of safety and a data archive on threats, the companies will be able to exchange important information that will allow to resist to cybercrimes more effectively.
IBM and partners, including Bit9 + Carbon Black, BrightPoint Security, Exabeam and Resilient Systems, already loaded tens of applications developed "under the client" into IBM Security App Exchange. They help to add the analytical data which are contained in IBM Security QRadar at the expense of tools of an assessment of the user behavior, information from end devices and modeling of attack. New applications are used by benefits of public interfaces of programming (API) to IBM QRadar. Data analysis and information, available on a platform, on threats helps to find violations in system of protection in thousands security centers worldwide which a half of the companies of the Fortune 100 list is among.
"Today thousands of customers try to correspond to the level of technologies of safety of IBM. Providing access to a platform promotes closer cooperation with partners and clients that changes mechanics of fight against cybercrime, – Mark van Zadelkhof, the vice-president of division of IBM Security concerning development of strategy and promotion of products says. – Exchange of experience among representatives of the sphere of safety will allow us to implement more quickly innovations to provide permanent protection against new and more and more sophisticated attacks".
New applications open access to a wide set of analytical tools
Development of an open source code and cooperation with partners are necessary conditions for acceleration of the innovation development in the dynamic and quickly changing world of technologies. More than 77% of heads consider that cooperation in development of solutions does well to business only as reduces terms of creation and an output of a product to the market.
Tens of the organizations already joined IBM App Exchange that allowed to accelerate distribution and use by developers and partners of 14 new QRadar applications. In particular, among active participants: Bit9+Carbon Black, BrightPoint Security, Exabeam and Resilient Systems. Besides, at other partners, for example, at STEALTHbits and iSIGHT Partners, the application are in a development stage.
With the help of integration with third-party technologies new applications offer users the improved visual availability of a large number of these different types, new computer-assisted retrieval and functions of the reporting. It helps security experts to concentrate on the most important threats. Applications are already available to free use in IBM Security App Exchange where customers have a wide choice of the analytical tools which are closely interconnected with information environment of safety of IBM QRadar.
Examples of new applications include:
The behavior of the user – the Exabeam User Behavior Analytics application integrates the analysis of behavior of the specific user, drawing up "a psychological portrait" and forecasting of risks. All this is available on the QRadar dashboard. Viewing in real time of potential risks allows the companies to find unevident behavioural distinctions between the normal employee and the hacker who uses its account.
Information on threats – the new application developed by IBM allows users of QRadar to retrieve information on threats from any system by means of the available STIX and TAXII standard formats and to use these data for creation of the personalized algorithms of correlation, search or the reporting. For example, users will be able to publish lists of dangerous IP addresses from IBM X-Force Exchange and to create algorithm which will strengthen protection of system at attack from the specified IP addresses.
Determination of threat on end devices – the new application from Bit9 + provides to Carbon Black users of QRadar with deeper understanding of threat on end devices: desktop computers, notebooks and servers. Analyzing final data from touch devices by means of the QRadar interface, the Carbon Black App application for IBM QRadar allows users quicker and more effectively to find and react to attacks from end devices.
Attack modeling – the new IBM Security QRadar Incident Overview application allows users to visualize better all attacks in QRadar by means of circles, flowers and correlation lines. The size and color of circles shows incident value, and lines between them represent the general IP addresses among the connected incidents. Such type of intuitive visualization helps analysts on safety issues quickly to identify the general elements between incidents and to locate them as priority.
Applications work at the new QRadar platform which allows community of security experts to create quickly new applications by means of open API and developer kits of software. IBM Security will carefully test each application before placing it in App Exchange to check it for compliance to rules of community.
IBM Security QRadar increases the speed of detection and instant responses to threats
IBM also declared release of the new IBM Security QRadar version which analyzes these IT infrastructures of the company and reveals potential threats for safety. IBM is the leader in the market of SIEM systems (Security Incident and Event Management), according to data of 2014 on revenue from sales of the software, and takes the leading positions in Gartner’s Magic Quadrant for SIEM for the last seven years.
For the first time in the history of QRadar will allow users to create algorithms which will automatically make necessary actions, hardly specific threats will be found. For example, the algorithm created by means of QRadar can automatically start blocking of IP addresses and control access for the user on the basis of a profile of risks. Besides, the applications developed by means of the new scheme QRadar can use also personalized algorithms for automatic response to threats.
IBM also continues integration of QRadar with IBM BigFix to help users to counteract more effectively threats as priority and to correct vulnerabilities on the devices. Now QRadar can also define the unprotected end devices in which BigFix is not installed and to help users to find quicker hackers or unmanaged resources.
This article is a translation of the original post at habrahabr.ru/post/274781/
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here: firstname.lastname@example.org.
We believe that the knowledge, which is available at the most popular Russian IT blog habrahabr.ru, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.