What is IBM Cloud Pak for Security?

IBM Cloud Pak for Security is a containerized software platform pre-integrated with Red Hat OpenShift. It helps you quickly integrate your existing security tools to generate deeper insights into threats, orchestrate actions and automate responses—all while leaving your data where it is.

What can I do with the IBM Cloud Pak for Security?

IBM Cloud Pak for Security is a platform for building an integrated security ecosystem. Our initial offerings will solve for two critical needs: 

  • Simplify and speed investigations:
    Using federated search, you can investigate threats and indicators of compromise (IOC) across the organization using the security tools you already have in place. Uncover and analyze those insights against your threat intelligence sources or from IBM.
  • Respond quickly and thoroughly to threats:
    Orchestration and automation help you respond to cybersecurity incidents with confidence. Find and remediate threats by automating and prioritizing tasks, and collaborating across teams.

Which of my existing tools can I connect to from the platform for more integrated security?

IBM Cloud Pak for Security connects to third party tools and data sources, including multiple SIEMs, end point detection systems, threat intelligence services and identity and cloud repositories.

You can also build a customized connector to any tool or homegrown database in your environment. IBM Security offers a number of options to help, including:

IBM Cloud Pak for Security currently provides connectors for the following data sources:

  • IBM® QRadar®: A security information and event management (SIEM) solution that helps security teams to accurately detect and prioritize threats across the enterprise. It provides intelligent insights that enable teams to respond quickly to reduce the impact of incidents.
  • IBM® QRadar® on Cloud: With QRadar on Cloud, enjoy all the benefits and customer support of IBM Security QRadar, but in a hosted deployment from the cloud.
  • Splunk Enterprise Security: A security information and event management (SIEM) solution that captures and correlates real-time machine-generated data in a searchable repository from which it can generate graphs, reports, alerts, dashboards, and visualizations.
  • Elasticsearch: A real-time, distributed storage, search, and analytics engine. It is beneficial in many use cases, but especially where the requirement is to index streams of semi-structured data, such as logs or decoded network packets.
  • Carbon Black CB Response: A highly scalable, real-time threat hunting and incident response (IR) solution that delivers unfiltered visibility for top security operations centers and IR teams.
  • BigFix: A solution for compliance, endpoint, and security management for organizations. Organizations can monitor and manage any physical and virtual endpoints through BigFix platform and applications.
  • Microsoft Defender Advanced Threat Protection: A platform to prevent, detect, investigate, and respond to advanced threats.
  • IBM® Security Guardium: A comprehensive data protection platform that discovers and classifies data, as well as monitors and audits activity to help protect sensitive data across hybrid multi-cloud environments.
  • IBM Cloud™ Security Advisor: A security dashboard that provides centralized security management. The dashboard unifies vulnerability and network data as well as application and system findings from IBM Services, partners, and user-defined sources.

Cloud Pak for Security also comes with two special connector types to enable sharing of threat information and support testing and using uncertified connectors still in development:

  • STIX Bundle: Use a STIX Bundle in place of a data source connector to share cyberthreat intelligence by using STIX Objects. With the STIX Bundle as a data source you can search for any attack pattern, campaign, course of action, identity, indicator, intrusion set, malware, report, threat actor, tool, and vulnerability.
  • Proxy source: Configure a proxy data source connection to point to a new connector that you are developing and testing in IBM® Cloud Pak for Security. Supply details of a host that is running the remote instance of the STIX-shifter project (link resides outside IBM.com) for your new connector.

What is IBM’s role in the Open Cybersecurity Alliance?

Open Cybersecurity Alliance (OCA) project, an OASIS open project, aims to connect the fragmented cybersecurity landscape and enable disparate security products to freely exchange information, out of the box, using mutually agreed upon technologies, standards, and procedures.

IBM Security is a co-founder and initial contributor to the OCA project. IBM is contributing the STIX Shifter federated search technology to OCA, which is a core capability offered in IBM Cloud Pak for Security.

How do I get started?

Contact IBM Security for a free consultation with an expert to discuss how to accelerate security in the cloud.