Learning about IBM Cloud Pak for Security
What is IBM CloudPak for Security?
IBM CloudPak for Security is a platform for building an integrated security ecosystem. Our initial offerings will solve for two critical needs:
- Simplify and speed investigations: Using federated search, you can investigate threats and indicators of compromise (IOC) across the organization using the security tools you already have in place. Uncover and analyze those insights against your threat intelligence sources or from IBM. Learn more about the Data Explorer here
- Respond quickly and thoroughly to threats: Orchestration and automation help you respond to cybersecurity incidents with confidence. Find and remediate threats by automating and prioritizing tasks, and collaborating across teams. Learn more about Resilient here
For more information about IBM CloudPak for Security, follow this link
How can I integrate with IBM Cloud Pak for Security?
IBM CloudPak for Security connects to third party tools and data sources, including multiple SIEMs, end point detection systems, threat intelligence services and identity and cloud repositories. You can also build a customized connector to any tool or homegrown database in your environment. IBM Security offers a number of options to help, including:
Federating your security data via the Universal Data Insights service and STIX-shifter
- Federated search to investigate and analyze security insights across your company without moving your data UDI is the primary shared data services layer within Cloud Pak for Security. Any application wishing to query/read security data from the variety of shared data sources must do so via this API. It is built using RESTful principles, and integrates with an extensible Open-Source SDK (STIX-SHIFTER) to allow new translation and transmission modules to be contributed by IBM and the world-wide security community.
Providing asset information to correlate with other data sources
- Consolidate asset and risk information from a variety of security and IT tools to identify security gaps and better understand the overall security posture The Connect Assets & Risks is a GraphDB containing asset information that is extracted and uploaded from a variety of data sources. Eg. QRadar, Tenable, MS Azure. This collaboration of asset information is necessary to understand the client’s environment and risk posture.
What is the value to my company to integrate with IBM CloudPak for Security?
- Enable your customer to leverage their security tools more effectively collaboration, improving your customers’ security programs
- Take part in federated searches that can help clients eliminate data silos and derive more value out of their current security tools
- Share Asset & Risk information to help clients understand their IT and the overall security posture of their organization
- Increase your products visibility and stickiness by enabling customers to use your product in more ways, improving your customers Return On Investment
- Reduce your integration overhead and costs by providing a consistent approach to sharing your data with multiple security products, eliminating the need for unique point-point solutions.
Reference material
Educational material
Conduct an Investigation using CloudPak for Security Demonstration,
Communications
Cloud Pak for Security User Group Community
Slack channel for STIX-shifter
What is IBM's role in the Open Cybersecurity Alliance?
Open Cybersecurity Alliance (OCA) project, an OASIS open project, aims to connect the fragmented cybersecurity landscape and enable disparate security products to freely exchange information, out of the box, using mutually agreed upon technologies, standards, and procedures. IBM Security is a co-founder and initial contributor to the OCA project. IBM is contributing the STIX-shifter federated search technology to OCA, which is a core capability offered in IBM CloudPak for Security.