Resources

IBM Cloud Pak for Security is a platform for building an integrated security ecosystem. Our initial offerings will solve for two critical needs:

• Simplify and speed investigations: Using federated search, you can investigate threats and indicators of compromise (IOC) across the organization using the security tools you already have in place. Uncover and analyze those insights against your threat intelligence sources or from IBM.
• Respond quickly and thoroughly to threats: Orchestration and automation help you respond to cybersecurity incidents with confidence. Find and remediate threats by automating and prioritizing tasks, and collaborating across teams.

IBM Cloud Pak for Security connects to third-party tools and data sources, including multiple SIEMs, end point detection systems, threat intelligence services and identity and cloud repositories.

You can also build a customized connector to any tool or homegrown database in your environment. IBM Security™ offers a number of options to help, including:

• Open-source technology, co-developed across the security community via the OASIS Open Cybersecurity Alliance (link resides outside ibm.com).
• IBM Security™ Expert Labs consulting and development to analyze and build a connector for your environment.

IBM Cloud Pak for Security currently provides connectors for the following data sources:

• IBM® QRadar®: A security information and event management (SIEM) solution that helps security teams to accurately detect and prioritize threats across the enterprise. It provides intelligent insights that enable teams to respond quickly to reduce the impact of incidents.
• IBM QRadar on Cloud: With QRadar on Cloud, enjoy all the benefits and customer support of IBM Security™ QRadar, but in a hosted deployment from the cloud.
• Splunk Enterprise Security: A security information and event management (SIEM) solution that captures and correlates real-time machine-generated data in a searchable repository from which it can generate graphs, reports, alerts, dashboards, and visualizations.
• Elasticsearch: A real-time, distributed storage, search, and analytics engine. It is beneficial in many use cases, but especially where the requirement is to index streams of semi-structured data, such as logs or decoded network packets.
• Carbon Black CB Response: A highly scalable, real-time threat-hunting and incident response (IR) solution that delivers unfiltered visibility for top security operations centers and IR teams.
• BigFix: A solution for compliance, endpoint, and security management for organizations. Organizations can monitor and manage any physical and virtual endpoints through BigFix platform and applications.
• Microsoft Defender Advanced Threat Protection: A platform to prevent, detect, investigate, and respond to advanced threats.
• IBM Security™ Guardium®: A comprehensive data protection platform that discovers and classifies data, and monitors and audits activity to help protect sensitive data across hybrid cloud environments.
• IBM Cloud Security Advisor: A security dashboard that provides centralized security management. The dashboard unifies vulnerability and network data as well as application and system findings from IBM Services®, partners and user-defined sources.
• IBM Cloud Pak for Security also comes with two special connector types to enable sharing of threat information and support testing and use of uncertified connectors still in development:
• STIX Bundle: Use a STIX Bundle in place of a data source connector to share cyberthreat intelligence by using STIX Objects. With the STIX Bundle as a data source you can search for any attack pattern, campaign, course of action, identity, indicator, intrusion set, malware, report, threat actor, tool and vulnerability.
• Proxy source: Configure a proxy data source connection to point to a new connector that you are developing and testing in IBM Cloud Pak for Security. Supply details of a host that is running the remote instance of the STIX-shifter project (link resides outside ibm.com) for your new connector.

The Open Cybersecurity Alliance (OCA) project, an OASIS open project, aims to connect the fragmented cybersecurity landscape and enable disparate security products to freely exchange information out of the box, using mutually agreed upon technologies, standards, and procedures.

IBM Security™ is a co-founder and initial contributor to the OCA project. IBM is contributing the STIX Shifter federated search technology to OCA, which is a core capability offered in IBM Cloud Pak for Security.

Book a free consultation with an expert. Learn how a hybrid multicloud platform can modernize your security program.