IBM Security Analytics Platform Now Open To Developers - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // Security & Risk Strategy
News
12/9/2015
12:36 PM
50%
50%

IBM Security Analytics Platform Now Open To Developers

The IBM Security QRadar analytics platform is now open to developers, enabling them to build custom apps. The company also launched the Security App Exchange, a marketplace in which the security community can create and share apps.

Insider Threats: 10 Ways To Protect Your Data
Insider Threats: 10 Ways To Protect Your Data
(Click image for larger view and slideshow.)

IBM is opening up its security analytics platform IBM Security QRadar. This move will allow developers to build custom apps to take advantage of the platform's security intelligence capabilities.

At the same time, Big Blue is launching the IBM Security App Exchange, which is a marketplace for the security community to create and share apps.

IBM's Security QRadar platform analyzes data across an organization's IT infrastructure to identify potential security threats. The latest version will allow customers to create rules that will automatically take actions once specific threats have been detected. For example, according to IBM, rules created within QRadar can automatically trigger actions that block IP addresses and control user access based on their risk profile. Additionally, applications that are developed using the new QRadar application framework can also leverage custom rules to automatically respond to threats.

[When good data intentions go bad. Read 14 Creepy Ways To Use Big Data.]

IBM is also further integrating QRadar with IBM BigFix endpoint security management to help customers better prioritize threats and patches on user devices. QRadar can now also identify the exposed endpoints that do not have BigFix installed, helping clients find rogue or unmanaged assets more quickly.

IBM and its partners -- including Bit9 + Carbon Black, BrightPoint Security, Exabeam, and Resilient Systems -- have already populated the IBM Security App Exchange with customized apps that extend IBM Security QRadar in areas such as user behavior, endpoint data, and incident visualization.

Others partners, such as STEALTHbits and iSIGHT Partners, also have apps in development.

These apps take advantage of new open application programming interfaces (APIs) for IBM's QRadar platform. The tool uses data analytics and threat intelligence to detect security incidents for thousands of security operation centers. In a prepared statement, IBM said the platform is in use by almost half of the Fortune 100.

(Image: Henrik5000/iStockphoto)

(Image: Henrik5000/iStockphoto)

One of the apps already present in the Security App Exchange is Exabeam User Behavior Analytics, which integrates user-level behavioral analytics and risk profiling directly into the QRadar dashboard. According to IBM, this real-time view of user risk allows companies to detect subtle behavioral differences between a normal employee and an attacker who might be using that same credential.

A new IBM-developed app lets QRadar users pull in any threat intelligence feed that uses the open-standard STIX and TAXII formats. This app can use data to create custom rules for correlation, searching, or reporting. For example, users could bring in public collections of dangerous IP addresses from IBM X-Force Exchange, and create a rule to raise the magnitude of any offense that includes IP addresses from that watch list.

The opening of this security analytics platform is the second step IBM has taken this year to advance industry collaboration. Earlier this year, IBM opened its 700TB database of security threat data through the IBM X-Force Exchange.

The X-Force Exchange includes one of the largest catalogs of vulnerabilities in the world, malware threat intelligence from a network of 270 million endpoints, threat information based on more than 25 billion Web pages and images, and deep intelligence on more than 8 million spam and phishing attacks.

According to IBM, more than 2,000 organizations have joined this threat-sharing platform since it was announced in April.

**New deadline of Dec. 18, 2015** Be a part of the prestigious InformationWeek Elite 100! Time is running out to submit your company's application by Dec. 18, 2015. Go to our 2016 registration page: InformationWeek's Elite 100 list for 2016.

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
larryloeb
50%
50%
larryloeb,
User Rank: Author
12/22/2015 | 2:15:21 PM
Re: False positives
Someone has to be paranoid.
kstaron
50%
50%
kstaron,
User Rank: Ninja
12/22/2015 | 2:07:03 PM
False positives
The user risk assessment tool sounds like a neat way to tell your legit people from attackers, though I imagine that it may sometimes provide a false positive and flag/block an action from legit people doing things they don't normally do, like when you travel and buy something far from what you normally do and your credit card won't accept the charge.
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll