A war is raging out there. Every minute of every day, cybercriminals
are devising, developing and introducing new and
increasingly sophisticated security threats.


In today’s threat landscape, where 80 percent of cyber attacks come from highly organized, well-funded crime rings that share data, tools and expertise to increase their effectiveness, how do you defend yourself? How can your security team pinpoint the attacks, determine their impact and keep up with rapidly evolving challenges?

Many organizations strain to stay ahead of the next attack, infiltration of malware or instigation of fraud. Security professionals face the daunting challenge of making informed, intelligent decisions and springing to action, often with no time to spare.

The good news is that you don’t have to go it alone. If cybercriminals work together, you can do the same. Working through IBM® Security App Exchange, you can collaborate with more than 10,000 participating security professionals, download new security applications and take advantage of new, security-related application program interfaces (APIs) to extend the capabilities of your existing technologies.

With IBM Security App Exchange, you have an effective network of resources to help you not only respond rapidly, stave off security incidents and plug vulnerabilities but also to adopt a preemptive approach based on actual experience and best practices that can help you prevent damage to your data and your business.

Launched in December 2015, IBM Security App Exchange is a proven platform for helping integrate and utilize the collective knowledge of your peers, who are also constantly working to reduce their attack surfaces. Since the launch, the system has experienced more than 20,000 application downloads.

Designed for convenient web access, the IBM Security App Exchange provides a wealth of benefits to its participants. For customers, it is an avenue for improving security threat awareness and processes, as well as for sharing and obtaining extensions to enhance and customize their IBM Security technology applications. For Business Partners, it is a platform for promoting integrated, complementary product offerings, while also contributing valuable expertise to security teams around the world

An ecosystem of maximized value

The pervasive nature of cybercrime underscores the urgent need for ongoing, customized security solutions that add value beyond standard product offerings. It also demands continuous improvements that address new threats and blind spots, openly communicated across the security landscape by your adversaries and allies.

IBM has built a reputation for collecting data from cutting-edge security technology solutions. Today, a growing number of partner products feed information to IBM QRadar®, IBM BigFix® and other IBM Security solutions. For example, QRadar collects log events and network flows from more than 450 applications and devices, which help it provide superior context for security incidents.

In addition to superior data collection, IBM has evolved its capabilities by integrating credible threat intelligence. IBM Security Network Protection has included IBM X-Force® threat intelligence since its inception, while QRadar recently added the option of an X-Force intelligence feed to support console alerts about late-breaking threats. Earlier this year, the launch of the IBM X-Force Exchange expanded intelligence gathering to include third parties. This collaborative platform provides access to volumes of actionable threat data from across the globe, tracking 15 billion security events daily in more than 130 countries. It is a 24x7 operation dedicated to keeping companies ahead of the latest threats, and that’s exactly the impetus behind the IBM Security App Exchange.

Knowing about a new threat is useful, but finding a solution to defeat it is even better. The IBM Security App Exchange enables participants to share code or post solutions that limit the attacker advantage and help diminish the value of exploit kits and other cybercriminal tools. New application programming interfaces (APIs) and the IBM Security App Exchange will help tip the scale back toward network defenders. It’s a win-win in every respect.

The evolution of collaborative defense in IBM Security solutions The evolution of collaborative defense in IBM Security solutions

The IBM Security App Exchange has been the innovative approach towards the evolution of “collaborative defense” technology integrations in IBM Security solutions.


How it works

IBM Security App Exchange has come a long way from its initial capabilities, which provided only IBM QRadar extensions and applications. It continues to provide QRadar rules, reports, searches, reference sets, custom properties, analytics and dashboards, historical data analysis plugins and QRadar applications. This content enhances the out-of-the-box QRadar capabilities so security teams don’t have to “re-invent the wheel” to fight specific threats. But now IBM Security App Exchange offers more.

Its Premier Apps solution offers a significant expansion in capabilities of an IBM Security solution for a targeted use case, such as behavioral analytics or cognitive security operations.

The platform also offers additional solutions, including IBM QRadar User Behavior Analytics (UBA) and IBM QRadar Advisor with Watson®.

IBM QRadar UBA provides an efficient means for detecting anomalous or malicious behaviors with new insight into deviation in user behavior to detect and prioritize risky user activities—quickly showing who is doing what on your networks. The application comes with ready-to-go anomaly detection, as well as behavioral rules and analytics. It leverages the curated log and activity data already in QRadar, thereby speeding time to insights. By streamlining monitoring, detection and investigation, the QRadar solution helps security analysts become more productive and manage insider threats more efficiently.

IBM QRadar Advisor with Watson combines the cognitive capabilities of IBM Watson and the industry-leading IBM QRadar Security Intelligence Platform to uncover hidden threats and automate insights. It enriches security incidents compiled by the QRadar platform with insights from IBM Watson for Cyber Security, enabling analysts to investigate and respond to threats at unprecedented speed and scale. By augmenting analysts’ ability to act on threats with confidence, Watson revolutionizes the way security analysts work.

Additional enhancements to other IBM Security solutions are regularly posted as they become available. And when new developments surface on the X-Force Exchange, security teams can check the IBM Security App Exchange for an off-the-shelf solution.

IBM and its Business Partners are actively contributing to the IBM Security App Exchange. When a partner or client creates a QRadar, BigFix or other type of extension (such as an application or “app”), the IBM Security team quickly verifies the solution to ensure its validity, quality and functionality, and then posts it on the collaboration site for immediate availability.

IBM Security App Exchange home page

The IBM Security App Exchange makes it easy to find content for specific products, industries or threat categories.


Case study: Excellium Services

When Excellium Services launched in 2012, company founders had been hearing for years that small-to-midsized businesses were having difficulty finding security experts to address the new threats appearing daily. So the information security consulting and technological integration firm, located in Luxembourg, had a clear mission: to offer security expertise, continuous surveillance and provisioning of controls to clients in a wide range of industries—from professional services and finance to energy and transportation.

One of the keys to its success has been the use of Threat Intelligence for IBM QRadar through IBM X-Force App Exchange. The application uses sophisticated sense analytics to baseline normal behavior, detect anomalies and uncover threats rapidly.

Using Threat Intelligence, Excellium has been able to more quickly and accurately detect advanced threats for its clients while gaining greater ease of use and lower total cost of ownership for its own operations. The QRadar solution, for example, helps reduce millions of security events to a short, manageable and prioritized list of offenses requiring action so security analysts can better meet the company’s service level agreements (SLAs) for incident detection and response.

Enhancing QRadar deployments

The IBM Security App Exchange provides an expanded hub of QRadar content, so organizations can work together to help defeat advanced threats and improve the efficiencies of IT security teams. QRadar users can download industry-, threat-, device- and vendor-specific content from the collaboration site. Plus, they can access custom reports, dashboards, specialty analytics and threat information, leveraging the Structured Threat Information eXpression (STIX) and Trusted Automated Exchange of Indicator Information (TAXII) standards for threat sharing.

Why participate?

It’s simple: if the bad guys are working together, shouldn’t we? Participation in the IBM Security App Exchange allows IBM, IBM Business Partners, developers and customers to collaborate and crowdsource content, and build a comprehensive ecosystem around IBM Security offerings. The less time each of us spends developing redundant integrations, behavior analytics profiles, correlation rules and reference sets, the more time we’ll all have to monitor suspicious activity, review configurations, patch vulnerabilities and conduct other activities that will reduce our exposures.


Customer benefits

The IBM Security App Exchange helps customers:

  • Address time and skills shortages
  • Gain full access to IBM Security portfolio analytics with custom applications such as right-click buttons, tabs, toolbar buttons and visualizations
  • Benefit from additional QRadar correlation rules development, dashboards, new visualizations, reference sets and third-party product integrations
  • Rate applications based on performance, ease-of-use and other attributes
  • Share newly developed content with industry peers

Partner benefits

By joining the Ready for IBM Security Intelligence program, and delivering IT security content via the IBM Security App Exchange, participants can expand the reach of value-added technologies that build upon IBM Security solutions, such as QRadar Security Intelligence Platform. A presence on the IBM Security

App Exchange website allows Business Partners to:

  • Use the IBM Security App Exchange as a channel to reach IBM customers and prospects
  • Develop new services and product capabilities based on community posts and input, while mining collective knowledge across the expansive IBM Security community
  • Gain wider visibility for promotional and marketing advantages, as well as new sales
  • Participate in monthly newsletters sent to more than 300,000 customers, prospects, partners and IBM employees
  • Engage via blogs, video references, IBM social media activities, IBM developerWorks®, IBM conferences and sales training events
whitepaper exchange

With content from the IBM Security App Exchange, security teams can enhance the out-of-the-box visibility of IBM Security solutions, including QRadar Security Intelligence Platform.


Why IBM?

For years, organizations have made the most of their limited budgets by purchasing point solutions to address their myriad security concerns. But as attackers grow more sophisticated, so must an organization’s defenses. IBM Security offers a broad range of technology, including the key components of the IBM Security Operations and Response architecture, that work together to prevent, detect and respond to cybercriminals acting alone or in collusion.

The IBM Security App Exchange decouples new technology integrations and enhancements from formal software release cycles, so customers have more flexibility to extend their IBM Security defenses without adding complexity to the basic solutions. The platform builds upon the new security intelligence application development framework available in QRadar version 7.2.8 and later. And rest assured, new integrations, applications and add-ons are validated by IBM development before they’re posted to the website and made available for downloading.

The IBM Security App Exchange builds on the open and robust platform of QRadar as the focal point for IBM Security technology integration from within the collaborative X-Force Exchange platform. It is the premier collaboration site for sharing software enhancements to IBM Security products, providing customers, Business Partners, system integrators and IBM with an integrated ecosystem for maximizing the capabilities of IBM Security solutions.

For more information

To learn more about the IBM Security App Exchange and discover new ways to extend your IBM Security solutions

About IBM Security

IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force® research and development, provides security intelligence to help organizations holistically protect their people, infrastructures, data and applications, offering solutions for identity and access management, database security, application development, risk management, endpoint management, network security and more. These solutions enable organizations to effectively manage risk and implement integrated security for mobile, cloud, social media and other enterprise business architectures. IBM operates one of the world's broadest security research, development and delivery organizations, monitors 15 billion security events per day in more than 130 countries, and holds more than 3,000 security patents

Footnotes

¹United Nations Office on Drugs and Crime, “Comprehensive Study on
Cybercrime,” February 2013. https://www.unodc.org/documents/
organized-crime/UNODC_CCPCJ_EG.4_2013/
CYBERCRIME_STUDY_210213.pd