01

3 min read

Executive summary

IBM® X-Force® Threat Management Services is the only end-to-end program that integrates the capabilities of offensive security services, managed security services, incident response, artificial intelligence and continuous improvement. The comprehensive service provides a single workflow for threat management across multiple technology domains, including traditional IT, Operational Technology (OT), Internet of Things (IoT) and Internet of Medical Things (IoMT).

02

7 min read

The need for next-generation MSSPs

Conventional MSSPs

MSSPs are typically expected to undertake the following tasks that would otherwise be handled internally by IT or dedicated security teams:

• Monitoring of networks, core systems and valuable data stores, whether on premises or in the cloud, intends to detect intrusion attempts, data breaches and the presence of malware or exploitable bugs. This monitoring also brings these bugs and malware to the attention of IT personnel. An often-used tool for this activity is an on-premises, or cloud-based, security information and event management (SIEM) system.
• Management and deployment of security tools, also on premises or in the cloud, the MSSP uses can range from dedicated firewalls to malware detection software.
• Mitigation of and response to detected security problems can provide a passive or reactive approach.
• Reporting and internal auditing include those tasks needed for consumption-based billing and designed to demonstrate compliance with incident management and service requirements.

This conventional, scope-limited approach to MSS can benefit organizations by providing security resources your firm may lack, such as allowing dedicated, 24x7 coverage. The variety of MSS offerings can free up internal resources to concentrate on other security demands. Regardless of size, virtually any organization can benefit from the cross-client visibility that MSS can bring to the table.

However, sourcing security activities to a third-party MSSP doesn’t guarantee consistency or unity in security or eliminate protecting data gaps across the enterprise. Threat vectors such as applications, databases, and user authentication and access control systems may be managed separately. Divisions within the enterprise may not share tools even when protecting similar data stores.

More importantly, while a conventional MSSP offers convenience and simplicity in staffing, greater insights into the bigger picture of your enterprise’s security posture aren’t always obtained.

Next-generation MSSPs

Besides system monitoring, tool management and as-needed issue mitigation, an MSSP can deliver value to your enterprise by using artificial intelligence (AI) and data analytics to provide next-generation threat management. With a more comprehensive MSS strategy, insights derived by employing AI with active threat hunting can better protect your enterprise from emerging threats before they do harm. Enterprises can be proactive by integrating knowledge about security issues across their organization into prevention strategy rather than for generic mitigation plans. Offensive security teams, or Red teams, can educate the security monitoring experts, or Blue teams. This integration of offense and defense creates Purple teams and maximizes the effectiveness of a client’s security program.

Such a provider can recognize that intrusion attempts, malware and other security issues must all be addressed cohesively. An MSSP that can extend security tools in this manner should include the following key traits:

03

9 min read

Handling each threat
management phase

A solution that combines a framework-based approach with next-generation MSSP capabilities is the five-part IBM X-Force Threat Management Services. An intelligent mix of cognitive tools, automation, orchestration and human guidance accelerates and enhances each phase of the threat management lifecycle. X-Force Threat Management Services brings the NIST framework to life using advanced technologies and capabilities from the IBM Security Services portfolio to provide coverage across the entire threat management lifecycle.

The IBM X-Force Protection Platform® uses advanced technology to automate and orchestrate key tasks to accelerate detection and response. The X-Force Protection Platform provides an immersive digital client experience including:

• Patented AI
• Mobile app access for threat visibility
• Virtual Security Operations Center (SOC) portal
• Reporting and analytics
• Technology integration
• Threat intelligence

The X-Force Threat Management solution incorporates innovative response techniques such as threat hunting with real-time forensic detail designed to quarantine suspect code from entering an organization’s network or help isolate an infected host. Operating as an MSSP, the X-Force Threat Management team shares information transparently with your organization throughout the duration of any security incident using automated client notifications and human-driven responses. This way, you know exactly what’s happening and what’s being done to manage threats.

Designed to reduce the uneven protection of data security silos, X-Force Threat Management Services emphasizes shared tools and responses and incorporates enterprise IT decision-making throughout the security continuum. Its goal is to collect all relevant data about the threat management lifecycle within your organization and use that data to repeatedly generate insights to help reduce future security problems.

Integrated services feed collected data into a central integrated platform to help provide for seamless orchestration, automation and visibility and allow granular control of security events and incidents through their entire lifecycle. These offerings include the following five phases of X-Force Threat Management Services:

The powerful combination of the following three offerings powers X-Force Threat Management Services:

X-Force Red + Managed Security Services + X-Force

IBM X-Force Red Services

The mission of the X-Force Red team is to try to hack anything to secure everything. X-Force Red is an autonomous team of ethical hackers who provide value to clients by attempting to break into organizations and uncover risky vulnerabilities. Services of this team include the following offerings:

• Penetration testing
• Vulnerability management programs
• ATM testing
• Adversary simulation
• Cloud testing
• Vulnerability assessments

IBM X-Force IRIS

The X-Force Incident Response and Intelligence Services (X-Force IRIS) team from IBM is comprised of highly skilled security professionals, experienced in investigating the world's largest breaches. Services of this team include the following offerings:

• Proactive preparation
• Incident planning
• Cyber range simulations
• Incident response
• Threat assessments
• Threat intelligence

IBM Managed Security Services

IBM Managed Security Services partners with organizations to simplify and secure your dynamic environment with global expertise, scalability and continuous monitoring. With IBM Managed Security Services, your enterprise can receive global coverage with 24x7 visibility and context into threats. Enhancing IBM Managed Security Services are the following offerings:

• State-of-the-art IBM X-Force Command Centers
• Industry-leading threat intelligence
• IBM Watson for Cyber Security AI
• Strict compliance with ISO27001, ISO27017, Payment Card Industry Data Security Standard (PCI DSS), SOC 2, SOC 3 and the Federal Financial Institutions Examination Council (FFIEC)
• Privacy Shield, aligned with the principles of the Greater Data Protection Regulation (GDPR)

This next-generation approach can provide security expertise in threat identification, prevention, detection, response and recovery. IBM can deliver these capabilities, or your organization can perform some of these activities in-house. If your enterprise has already deployed security monitoring tools from other vendors such as Splunk or ArcSight, IBM can link smoothly with these SIEM products. IBM already integrates IBM-associated technologies, easing the adoption of these next-generation services.

X-Force Threat Management Services offers consumption-based pricing, packaged pricing and options suitable for midsized and large enterprises. This flexibility enables organizations with smaller security demands to tailor their spending while getting the same expertise as the most demanding enterprises.

As a multi-year engagement offering a programmatic framework aligned to standards, X-Force Threat Management Services transforms NIST into an actionable approach that helps you determine the right transformative roadmap to improve security operations.

04

5 min read

Improving investigation
and incident response

This service provides 24x7 security monitoring and human triage for your organization. X-Force Investigate includes governance supplemented by quarterly advisory service, use cases and playbook reviews, with SIEM optimization and lessons learned. Using a proprietary platform from IBM, X-Force Investigate can provide your enterprise with full transparency to investigation resources and progress.

Resilient

Part of the advantage in using X-Force Investigate is that you receive IBM Resilient Security Orchestration, Automation and Incident Response (SOAR) technology. Built on the IBM Resilient Incident Response Platform, SOAR provides intelligent orchestration that can automate response and result in the following benefits for your organization:

• Faster incident response
• Improved uptime
• Predictable and reliable outcomes
• Reduced breach time

Using this platform can help your security teams create and manage playbooks that codify industry best practices and internal procedures. These dynamic playbooks allow your teams to work through all aspects of an incident and generate a trackable, auditable record.

Additionally, the IBM Resilient Incident Response Platform can help automate security incident investigations. The technology reduces the manual steps in incident response security orchestration and automation, which can be invoked at any step in the response process. Analysts benefit significantly from the automation of repeatable, predictable tasks.

IRIS Vision Retainer

X-Force Investigate also provides your organization with IRIS Vision Retainer, an annual retainer service that provides direct and immediate access to highly skilled security consultants. The services offered by the X-Force IRIS team can help you before, during and after a breach so that your organization recovers faster. Threat intelligence infused in each solution enables your security team to be knowledgeable about threats to your environment. Expert security consultants help you proactively prepare for and respond to threats by applying the latest threat intelligence and technical and investigative skills acquired from hundreds of breach investigations.

By using X-Force Investigate with IRIS Vision Retainer, you can help provide your enterprise with these benefits:

• Development of your incident response strategy
• Testing of your cyber readiness
• A combination of expertise with threat intelligence

X-Force Investigate services provide deep forensics analysis, containment and remediation plans quickly implemented when validated critical incident of breach occurs. Minimize disruptions with tested response plans and IBM remote and onsite expertise to help boost your defense. Threat intelligence sources combined with incident response services give the security experts the edge they need to stay ahead of attacks and better understand the risks.

05

5 min read

Focusing on the
high-level threats

As with X-Force Investigate, X-Force Detect is a subset of X-Force Threat Management Services you can get in place of the entire program. IBM X-Force Detect provides you with access to and use of the core technology platform that powers X-Force Threat Management Services. The X-Force Protection Platform provides an immersive digital client experience.

06

3 min read

Ready for OT
and IoT domains

Operational Technology (OT)

Connecting industrial systems to an IT network gives industrial environments a more comprehensive view of individual equipment and entire industrial ecosystems and makes managing and operating those systems easier and more effective.

By constantly monitoring the condition and performance of systems and equipment, smart sensors allow organizations to implement predictive maintenance schedules that help to eliminate costly repairs and downtime. This improves performance, quality and productivity, which leads to increased profitability.

X-Force Threat Management Services for OT provides managed industrial control systems, network monitoring and ecosystem integration across operational technology environments. Dedicated delivery team members from IBM are specialized OT and ICS experts who leverage the Purdue logical framework model for OT security. Learn more about enterprise OT in this paper.

Internet of Things (IoT, IoMT)

The proliferation of enterprise IoT devices is creating new challenges for the security team, opening up undiscovered vulnerabilities. Leaving enterprise IoT devices unaccounted and unmanaged can be an open invitation for threat actors. Additionally, the Internet of Things (IoT) is bringing its connectivity to all markets including the medical industry (IoMT). Medical devices include heart pumps, patient trackers, blood infusion pumps and more. To confront this new reality, organizations need a plan for how they will manage enterprise IoT security. An initial plan involves carefully cataloging and monitoring the devices in real time. In addition, selecting the right security partner to guide your organization through the process can help accelerate addressing this growing area of concern for security and risk leaders. The acceleration in enterprise IoT adoption adds an extra layer of complexity to the overall security infrastructure, resulting in a need for more advanced skills from those maintaining it.

For IoT, X-Force Threat Management Services acts an agentless threat management service for unmanaged and connected devices. X-Force Threat Management Services for IoT can provide security that knows everything about the devices connecting to your network. Learn more about enterprise IoT in this paper.

07

2 min read

Conclusion