IBM is expanding the role of its security-software package for hybrid-cloud deployments by improving the gathering of security data collected within customer networks and drawing on third-party threat-intelligence feeds, among other upgrades.
IBM’s Cloud Pak for Security, which features open-source technology for hunting threats and automation capabilities to speed response to cyberattacks, can bring together on a single console data gathered by customers’ existing security point products.
IBM Cloud Paks are bundles of Red Hat’s Kubernetes-based OpenShift Container Platform along with Red Hat Linux and a variety of connecting technologies to let enterprise customers deploy and manage containers on their choice of private or public infrastructure, including AWS, Microsoft Azure, Google Cloud Platform, Alibaba and IBM Cloud.
“Customers are overwhelmed with point security products—the average customer has more than 50—that make gaining insights and quickly responding to threats and attacks difficult,” said Justin Youngblood, vice president of IBM Security.
Cloud Pak for Security was rolled out about a year ago, and a new release expands its integration capabilities to include feeds from data stored and accessed from distributed locations. The system now supports IBM’s Security Guardian system that Big Blue offers to protect databases, data warehouses and big data environments such as Hadoop.
With that information the security team can determine where sensitive data resides across hybrid-cloud environments, as well as who has access to it, how it is used and the best way to protect it, Youngblood said.
Historically, customers have had different, siloed teams such as security operations management and data management that take care of databases, for example, and getting the information from those two groups to solve problems was slow and difficult, Youngblood said. Cloud Pak for Security coordinates security and data on one console so customers can more quickly remediate problems or define automated responses to threats, Youngblood said.
IBM said that the current Cloud Pak for Security release includes 25 pre-built connections to IBM and third-party data sources as well as 165 case-management integrations which describe out-of-the-box automation and orchestration playbooks to streamline response actions for security teams.
The new release also includes support for multivendor threat-intelligence databases. Aside from its own X-Force Threat Intelligence Feed, the platform will also include pre-built integration with AlienVault OTX, Cisco Threatgrid, MaxMind Geolocation, SANS Internet StormCenter and Virustotal.
“The idea is to help customers get enriched, up-to-date threat information from as many sources as possible so they can accurately and quickly respond to a threat situation,” Youngblood said. He said the continued integration of security intelligence is important as customers tie in more resources from cloud providers and support growing COVID-era remote-network workloads.
IBM said it will also offer a new managed service offering based on Cloud Pak for Security that would offer enterprise customers or other service providers a turnkey platform to support end-to-end threat management.