- The proliferation of security tools and data leaves businesses exposed to a growing landscape of cyberthreats.
- Businesses lack the resources and skills to detect and protect all the workloads and data spread across multiple cloud environments.
- IBM’s new Cloud Pak for Security seeks to solve these issues.
It’s an issue that businesses big and small face worldwide: cybersecurity blind spots and wasted time. Now, IBM has developed Cloud Pak for Security, a platform based on open source to fix the problem.
Imagine this: Your cybersecurity team gets a threat intelligence report warning of a malware attack against companies in your industry. It even lists the suspicious IP addresses and network behaviors to look for. But after investing hundreds of thousands or even millions of dollars in security tools to help stay on top of cybersecurity incidents, your analysts still have to spend hours manually searching within a dozen locations or more to figure out if and how you’re affected.
The process of responding to that incident if you are affected will require response efforts across multiple toolsets and teams. All this requires a lot of time and manual effort by security teams to connect the dots between all their data and products, costing your organization money and putting it a higher risk.
The problem stems from fragmentation in the security industry itself, according to Justin Youngblood, vice president of product development at IBM Security.
“The typical enterprise might be using 50 or more security tools from dozens of different vendors,” Youngblood says, adding that this makes aggregating and querying their proprietary data a challenge.
“That creates a lot of complexity, a lack of interoperability and a really slow approach to resolving security incidents,” he adds.
A new solution
To solve this problem, IBM has spent more than a year developing Cloud Pak for Security, an innovative approach to solving cybersecurity’s fragmentation and complexity challenge.
Cloud Pak for Security is designed to function as a centralized security-control plane for hybrid multicloud businesses. It’s a cybersecurity hub that both aggregates data and accelerates response with automation playbooks.
Organizations can connect their data openly and securely across their cloud environments and on-premise infrastructure, regardless of the platform on which they choose to operate.
Cloud Pak for Security queries cybersecurity products across the organization, integrating that data into a centralized view that gives cybersecurity staff 360-degree visibility of incidents and threats for the first time.
It does this without moving the original data or needing to re-create use cases and analytics, which was a key requirement for customers, Youngblood says.
“Every enterprise that we talk to tells us they cannot move all their security data to the public cloud, or between clouds, for a variety of reasons, such as cost or compliance — it’s just not tenable,” he adds. “Generating insights without moving the underlying data is a game changer for the security industry.”
Cloud Pak for Security integrates this data using open technologies and standards contributed to the OASIS Open Cybersecurity Alliance. This IBM- and McAfee-led initiative unites dozens of leading cybersecurity vendors to work together on open technologies and commonly-agreed-upon data formats for communicating incidents and threat data between security tools.
Cloud Pak for Security also addresses another challenge facing cybersecurity teams: widespread cloud adoption. The complexity involved in spreading products and data across multiple cloud environments worried 70% of cybersecurity professionals in a recent ISACA and the CCMI Institute survey.
IBM’s new solution is cloud-aware, deployed as a Docker container and supporting orchestration in Kubernetes. It runs on and integrates with Red Hat’s open-source OpenShift container application platform. This makes it easy to deploy in a variety of private or public cloud environments, providing organizations with a flexible consumption model.
Bridging the skills gap through response orchestration and automation
Cloud Pak for Security also eases security teams’ overwhelming workloads amid the existing cybersecurity skills-gap problem. Eight in 10 security professionals reported it was harder to find security skills in 2018 and 2019 than in the year before. That’s partly why, according to the ISACA survey, only 31% companies could mitigate a detected risk within a month.
Cloud Pak for Security helps under-resourced cybersecurity professionals by automating a range of tasks, from patching servers through to blocking IP addresses or quarantining assets. The security platform allows businesses to orchestrate their response to hundreds of common security scenarios, guiding users and providing quick access to the right security data and tools to investigate and act more quickly. By automating security response and prioritizing team resources, it reduces human error and makes incident response more consistent and predictable.
The next time a security threat arises, your analyst won’t need to manually search within multiple security tools across your entire hybrid infrastructure. They can simply run a single query within Cloud Pak for Security to get a view of that threat across all connected tools and platforms and use out-of-the-box security playbooks to respond efficiently across cloud environments.
As cybersecurity risks rise with cloud complexity, it’s more critical than ever that security professionals get a single view of their incident data. Cloud Pak for Security offers a noninvasive option that provides the intelligence across tools, all while helping security teams respond to it more efficiently.
Find out more about how IBM is helping businesses protect their hybrid multicloud environments.
This post was created by Insider Studios with IBM.