Companies generally agree that sharing threat intelligence helps improve everyone’s cybersecurity posture, but some are hesitant to do it for fear of giving away too much information.
That attitude is beginning to change, however, and IBM is the latest to adopt a more generous approach to sharing threat intelligence. The company followed an announcement earlier this year that it had opened up its 700 TB security threat database, making it part of a threat data sharing platform with an announcement this month that it was opening up its security analytics platform for custom application development as well as launching an app exchange for creating and sharing apps based on IBM security technologies, it said in a press release.
IBM Security QRadar consolidates log source event data from thousands of devices, endpoints and applications distributed throughout a network and performs analytics on raw data to distinguish real threats from false positives, the company said. IBM customers, partners, and developers can now leverage the platform’s advanced security intelligence capabilities through new open APIs, the company said.
IBM also has launched IBM Security App Exchange, a marketplace for the security community to create and share apps based on these new QRadar APIs. IBM and partners including Bit9 + Carbon Black, BrightPoint Security, Exabeam, and Resilient Systems already have built a total of 14 new apps for the IBM Security App Exchange that extend QRadar security analytics in areas like user behavior, endpoint data, and incident visualization, according to IBM. Other partners such as STEALTHbits and iSIGHT Partners also have apps in development.
For example, Exabeam’s User Behavior Analytics app integrates user-level behavioral analytics and risk profiling directly into the QRadar dashboard, providing a real-time view of user risk that allows companies to detect small behavioral differences between a normal employee and an attacker using that same credential, according to IBM.
IBM opened its massive database of security threat data through its IBM X-Force Exchange platform. Since then more than 2,00o organizations have joined the program to share threat intelligence.
Marc van Zadelhoff, vice president, strategy and product management for IBM Security, said it’s imperative that industry leaders like IBM take initiative to extend security technologies to share threat intelligence to promote better cybersecurity globally, which suggests that stakeholders can expect similar moves from Big Blue in the future.
“With thousands of customers now standardizing on IBM’s security technologies, opening this platform for closer collaboration and development with partners and customers changes the economics of fighting cybercrime,” he said in the press release. “Sharing expertise across the security industry will allow us to innovate more quickly in order to help stay ahead of increasingly sophisticated attacks.”