IBM Security Analytics Platform Now Open To Developers - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Leadership // Security & Risk Strategy
12:36 PM

IBM Security Analytics Platform Now Open To Developers

The IBM Security QRadar analytics platform is now open to developers, enabling them to build custom apps. The company also launched the Security App Exchange, a marketplace in which the security community can create and share apps.

Insider Threats: 10 Ways To Protect Your Data
Insider Threats: 10 Ways To Protect Your Data
(Click image for larger view and slideshow.)

IBM is opening up its security analytics platform IBM Security QRadar. This move will allow developers to build custom apps to take advantage of the platform's security intelligence capabilities.

At the same time, Big Blue is launching the IBM Security App Exchange, which is a marketplace for the security community to create and share apps.

IBM's Security QRadar platform analyzes data across an organization's IT infrastructure to identify potential security threats. The latest version will allow customers to create rules that will automatically take actions once specific threats have been detected. For example, according to IBM, rules created within QRadar can automatically trigger actions that block IP addresses and control user access based on their risk profile. Additionally, applications that are developed using the new QRadar application framework can also leverage custom rules to automatically respond to threats.

[When good data intentions go bad. Read 14 Creepy Ways To Use Big Data.]

IBM is also further integrating QRadar with IBM BigFix endpoint security management to help customers better prioritize threats and patches on user devices. QRadar can now also identify the exposed endpoints that do not have BigFix installed, helping clients find rogue or unmanaged assets more quickly.

IBM and its partners -- including Bit9 + Carbon Black, BrightPoint Security, Exabeam, and Resilient Systems -- have already populated the IBM Security App Exchange with customized apps that extend IBM Security QRadar in areas such as user behavior, endpoint data, and incident visualization.

Others partners, such as STEALTHbits and iSIGHT Partners, also have apps in development.

These apps take advantage of new open application programming interfaces (APIs) for IBM's QRadar platform. The tool uses data analytics and threat intelligence to detect security incidents for thousands of security operation centers. In a prepared statement, IBM said the platform is in use by almost half of the Fortune 100.

(Image: Henrik5000/iStockphoto)

(Image: Henrik5000/iStockphoto)

One of the apps already present in the Security App Exchange is Exabeam User Behavior Analytics, which integrates user-level behavioral analytics and risk profiling directly into the QRadar dashboard. According to IBM, this real-time view of user risk allows companies to detect subtle behavioral differences between a normal employee and an attacker who might be using that same credential.

A new IBM-developed app lets QRadar users pull in any threat intelligence feed that uses the open-standard STIX and TAXII formats. This app can use data to create custom rules for correlation, searching, or reporting. For example, users could bring in public collections of dangerous IP addresses from IBM X-Force Exchange, and create a rule to raise the magnitude of any offense that includes IP addresses from that watch list.

The opening of this security analytics platform is the second step IBM has taken this year to advance industry collaboration. Earlier this year, IBM opened its 700TB database of security threat data through the IBM X-Force Exchange.

The X-Force Exchange includes one of the largest catalogs of vulnerabilities in the world, malware threat intelligence from a network of 270 million endpoints, threat information based on more than 25 billion Web pages and images, and deep intelligence on more than 8 million spam and phishing attacks.

According to IBM, more than 2,000 organizations have joined this threat-sharing platform since it was announced in April.

**New deadline of Dec. 18, 2015** Be a part of the prestigious InformationWeek Elite 100! Time is running out to submit your company's application by Dec. 18, 2015. Go to our 2016 registration page: InformationWeek's Elite 100 list for 2016.

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
12/22/2015 | 2:15:21 PM
Re: False positives
Someone has to be paranoid.
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll