IBM is taking aim at the challenging concept of securely locking-down company applications and data spread across multiple private and public clouds and on-premises locations.
IBM is addressing this challenge with its Cloud Pak for Security, which features open-source technology for hunting threats, automation capabilities to speed response to cyberattacks, and the ability integrate customers’ existing point-product security-system information for better operational safekeeping – all under one roof.
IBM Cloud Paks are bundles of Red Hat’s Kubernetes-based OpenShift Container Platform along with Red Hat Linux and a variety of connecting technologies to let enterprise customers deploy and manage containers on their choice of infrastructure, be it private or public clouds, including AWS, Microsoft Azure, Google Cloud Platform, Alibaba and IBM Cloud.
Cloud Pak for Security is the latest of six that are available today, the others being Data, Application, Integration, Automation and Multicloud Management, and they also incorporate containerised IBM middleware designed to let customers quickly spin-up enterprise-ready containers, the company said.
The Cloud Paks are part of a massive Big Blue effort to develop an advanced cloud ecosystem with the technology it acquired with its US$43 billion buy of Red Hat in July. The Paks will ultimately include IBM’s DB2, WebSphere, API Connect, Watson Studio, Cognos Analytics and more.
“The infrastructure is evolving in such a way that the traditional perimeter is going away and in the security domain, customers have a plethora of point-vendor solutions and now cloud-vendor security offerings to help manage this disparate environment,” said Chris Meenan, director of Offering Management and Strategy, IBM Security.
Protecting this fragmented IT environment requires security teams to undertake complex integrations and continuously switch between different screens and point products.
More than half of security teams say they struggle to integrate data with disparate security and analytic tools and combine that data across their on-premises and cloud environments to spot advanced threats, Meenan said.
One of the foundational components of Cloud Pak for Security is that it can, from a single containerised dashboard, connect, gather and see information from existing third-party tools and data sources, including multiple security-information and event-management software platforms, endpoint detection systems, threat-intelligence services, identity and cloud repositories, IBM said.
Cloud Pak Connectors have been included for integration with security tools from vendors including IBM, Carbon Black (now part of VMware), Tenable, Elastic, BigFix, and Splunk, as well as public-cloud setups from IBM, AWS, and Microsoft Azure.
The big deal here is that the tool lets security teams connect all data sources to uncover hidden threats and make better risk-based decisions, while leaving the data where it resides, without needing to move that data into the platform for analysis, Meenan said.
“There’s a ton of security data out there, and the last thing we wanted to do was force customers to build another data lake of information," Meenan said. “Cloud Pak lets customer access data at rest on a variety of security systems, search and query those systems all via a common open-source federated framework.”
For example, the system supports Structured Threat Information Expression (STIX), an open-source language used to exchange cyber-threat intelligence. The platform also includes other open-source technology IBM co-developed through the OASIS Open Cybersecurity Alliance.
The open source technology and the ability to easily gather and exchange data from multiple sources should be a very attractive feature for customers analysts said.
“The main takeaway is their ability to federate security-related data from a broad variety of sources, and provide flexible/open access to that," said Martin Kuppinger, founder and principal analyst at KuppingerCole. "They federate, not replicate, the data, avoiding having yet another data lake.
"And the data can be consumed in a flexible manner by apps you build on IBM Security Cloud Pak but also by external services. With security data commonly being spread across many systems, this simplifies building integrated security solutions and better tackling the challenges in managing complex attacks.
"IBM successfully managed to launch this offering with a very broad and comprehensive partner ecosystem – it is not just a promise, but they deliver."
Once the data is gathered and analysed the platform lets security teams orchestrate and automate their response to hundreds of common security scenarios, IBM said. Via the Cloud Pak’s support for Red Hat Ansible automation technology customers can define actions such as segmenting a multicloud domain or locking down a server quickly, Meenan said.
The platform helps customers formalise security processes, orchestrate actions and automate responses across the enterprise, letting companies react faster and more efficiently while arming themselves with information needed for increasing regulatory scrutiny, IBM said.
The Security Cloud Pak is a platform on which Big Blue will develop future applications, Meenan said, "to address new challenges and risks such as insider security threats, all designed in realistic ways for customer to deploy without having to rip and replace anything."
Kuppinger said the security Pak will have immediate value for larger businesses running their own security operations/cyber defence centres.
“The biggest challenge for IBM might be education – it is a new approach. However, the offering distinguishes clearly from other approaches, providing obvious benefits and adding value to existing infrastructures, not replacing these. Thus, it is clearly more than yet another product, but something really innovative that adds value.”