New! Deep dive into the cost savings and benefits of a SOAR platform

New! Deep dive into the cost savings and benefits of a SOAR platform Read Forrester's Total Economic Impact™ of IBM Security Resilient

Frequently asked questions

Get answers to the most commonly asked questions about IBM Resilient SOAR Platform.

FAQ

Getting started with this product

What is SOAR?

As defined by Gartner, Security Orchestration, Automation, and Response (SOAR) tools allow security teams to take inputs from a variety of sources and apply workflows aligned to previously defined processes and procedures.  SOAR technologies introduce efficiency to security operations by enhance activities like threat detection and response, and keeping consistency of people and processes. Learn more about IBM Security SOAR offerings.

What is IBM Security Resilient?

IBM Security Resilient is the leading platform for orchestrating and automating incident response processes with unique automation, reporting, and privacy capabilities, and numerous integrations with other security and IT tools. Today, numerous SOCs and Fusion centers rely on Resilient to form their incident response hub - the center of their SOC.

What is an incident response playbook?

A playbook is a set of tasks or workflow(s), which may or may not be automated, associated with a specific threat type. It determines the organizational response to a type of threat and guides analysts through the investigation and remediation process, therefore improving consistency and reducing time to respond. IBM Security Resilient playbooks are unique as they are dynamic and additive, which means that they evolve with an incident as new information is uncovered. Read the white paper on Playbook Driven Cyber Security.

What is a workflow?

A workflow codifies and describes a specific set of tasks or actions around a particular security process. A playbook is made up of one or multiple workflows. To get up-to-speed on SOAR read our white paper "How to Be a SOAR Winner".

What is security orchestration?

Orchestration refers to the ability of a SOAR platform to integrate with other security tools through defined connectors. Once these disparate security tools are integrated, a SOAR platform such as IBM Security Resilient can execute a wider orchestration of people, technologies, and processes to respond to security incidents efficiently and effectively. To find other definitions of SOAR terminology read our white paper "How to Be a SOAR Winner".

Where can I download applications to build an integration ecosystem for IBM Security Resilient?

There are over 150 IBM Validated and supported applications, and Community applications that can be integrated with Resilent.  You can download these applications from the IBM App Exchange, where new applications are being added regularly.

What is IBM Security Resilient with Privacy?

IBM Security Resilient with Privacy allows security teams to integrate privacy reporting tasks and deadlines into their overall incident response playbooks, and work together with your privacy and legal teams to address regulatory requirements. It also helps organizations maintain a single, auditable record of all aspects of their breach response.

Is a SOAR tool right for me?

Companies that can fully optimize a SOAR platform such as IBM Security Resilient need to understand and evaluate internal processes to assess if automation will provide the intended benefits and have the internal skills to customize and leverage the platform on an ongoing basis. Read Gartner's Make Sure Your Organization Is Mature Enough for SOAR report to learn more.

Which regulations are supported by IBM Security Resilient with Privacy?

At the heart of IBM Security Resilient with Privacy is the Global Knowledgebase, which is a regularly updated database that supports over 170 breach notification regulations globally, including GDPR, PIPEDA, HIPAA, and CCPA, among others. Read the data sheet for more information.

What is the MSSP Add-On?

It is a capability of IBM Security Resilient designed to meet the specific requirements of Managed SIEM and MDR providers. It delivers the scalability and predictability that Service Providers need to grow their security business. Read the solution brief for more information.

Does IBM Security Resilient integrate with IBM Security QRadar?

Yes, by integrating IBM Security Resilient with a SIEM, such as IBM Security QRadar, you can build out a complete threat management solution that covers detection, investigation, and remediation of threats across a wide range of cybersecurity use cases. Read the solution brief for more information.

Does IBM Security Resilient integrate with IBM Security Verify?

Yes, the Security Verify Functions for Resilient application allows you to act on user status from Resilient workflows and it updates the incident with results. Download the app from the App Exchange.

Does IBM Security Resilient integrate with IBM Security MaaS360?

Yes, the MaaS360 Functions for IBM Resilient application allows you to perform certain Mobile Device Management (MDM) actions using MaaS360. Download the app from the App Exchange.

Does IBM Security Resilient integrate with IBM Security Guardium?

Yes, the Guardium Integration App for IBM Security Resilient allows you to enrich existing Resilient incidents with reporting data from Guardium Data Protection, and block risky users or IP addresses from Resilient using Guardium Data Protection's blocking feature.

Support

How is IBM Security Resilient deployed?

IBM Security Resilient can be deployed via on-premise or cloud (SaaS). It is also available as part of Cloud Pak for Security (on-premise).

Is there a community for IBM Security Resilient users and developers?

Yes, IBM Security Resilient has a dedicated space within the IBM Security Community. It is free to join and open to everyone. The community offers a constant stream of freshly updated content, including featured blogs, release updates, and forums for discussion and collaboration. Join the community!

Other common questions

What is Cloud Pak for Security?

IBM Cloud Pak for Security is a platform comprised of containerized software pre-integrated with Red Hat OpenShift. It connects to your existing security tools, and through open standards, it allows you to search for threat indicators across your hybrid, multicloud environment.

Can IBM Security Resilient be deployed through Cloud Pak for Security?

Yes, IBM Security Resilient can be deployed through Cloud Pak for Security. As part of Cloud Pak for Security, Resilient seamlessly integrates with Data Explorer and Threat Intelligence Insights.

Next Steps

See how it works

Buy now and get started