IBM Security Analytics Platform Now Open To Developers

The IBM Security QRadar analytics platform is now open to developers, enabling them to build custom apps. The company also launched the Security App Exchange, a marketplace in which the security community can create and share apps.

Larry Loeb, Blogger, Informationweek

December 9, 2015

3 Min Read
<p align="left">(Image: Henrik5000/iStockphoto)</p>

Insider Threats: 10 Ways To Protect Your Data

Insider Threats: 10 Ways To Protect Your Data

Insider Threats: 10 Ways To Protect Your Data (Click image for larger view and slideshow.)

IBM is opening up its security analytics platform IBM Security QRadar. This move will allow developers to build custom apps to take advantage of the platform's security intelligence capabilities.

At the same time, Big Blue is launching the IBM Security App Exchange, which is a marketplace for the security community to create and share apps.

IBM's Security QRadar platform analyzes data across an organization's IT infrastructure to identify potential security threats. The latest version will allow customers to create rules that will automatically take actions once specific threats have been detected. For example, according to IBM, rules created within QRadar can automatically trigger actions that block IP addresses and control user access based on their risk profile. Additionally, applications that are developed using the new QRadar application framework can also leverage custom rules to automatically respond to threats.

[When good data intentions go bad. Read 14 Creepy Ways To Use Big Data.]

IBM is also further integrating QRadar with IBM BigFix endpoint security management to help customers better prioritize threats and patches on user devices. QRadar can now also identify the exposed endpoints that do not have BigFix installed, helping clients find rogue or unmanaged assets more quickly.

IBM and its partners -- including Bit9 + Carbon Black, BrightPoint Security, Exabeam, and Resilient Systems -- have already populated the IBM Security App Exchange with customized apps that extend IBM Security QRadar in areas such as user behavior, endpoint data, and incident visualization.

Others partners, such as STEALTHbits and iSIGHT Partners, also have apps in development.

These apps take advantage of new open application programming interfaces (APIs) for IBM's QRadar platform. The tool uses data analytics and threat intelligence to detect security incidents for thousands of security operation centers. In a prepared statement, IBM said the platform is in use by almost half of the Fortune 100.

One of the apps already present in the Security App Exchange is Exabeam User Behavior Analytics, which integrates user-level behavioral analytics and risk profiling directly into the QRadar dashboard. According to IBM, this real-time view of user risk allows companies to detect subtle behavioral differences between a normal employee and an attacker who might be using that same credential.

A new IBM-developed app lets QRadar users pull in any threat intelligence feed that uses the open-standard STIX and TAXII formats. This app can use data to create custom rules for correlation, searching, or reporting. For example, users could bring in public collections of dangerous IP addresses from IBM X-Force Exchange, and create a rule to raise the magnitude of any offense that includes IP addresses from that watch list.

The opening of this security analytics platform is the second step IBM has taken this year to advance industry collaboration. Earlier this year, IBM opened its 700TB database of security threat data through the IBM X-Force Exchange.

The X-Force Exchange includes one of the largest catalogs of vulnerabilities in the world, malware threat intelligence from a network of 270 million endpoints, threat information based on more than 25 billion Web pages and images, and deep intelligence on more than 8 million spam and phishing attacks.

According to IBM, more than 2,000 organizations have joined this threat-sharing platform since it was announced in April.

**New deadline of Dec. 18, 2015** Be a part of the prestigious InformationWeek Elite 100! Time is running out to submit your company's application by Dec. 18, 2015. Go to our 2016 registration page: InformationWeek's Elite 100 list for 2016.

About the Author(s)

Larry Loeb

Blogger, Informationweek

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet protocol. His latest book has the commercially obligatory title of Hack Proofing XML. He's been online since uucp "bang" addressing (where the world existed relative to !decvax), serving as editor of the Macintosh Exchange on BIX and the VARBusiness Exchange. His first Mac had 128 KB of memory, which was a big step up from his first 1130, which had 4 KB, as did his first 1401. You can e-mail him at [email protected].

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights