IBM Security Analytics Platform Now Open To Developers

The IBM Security QRadar analytics platform is now open to developers, enabling them to build custom apps. The company also launched the Security App Exchange, a marketplace in which the security community can create and share apps.
Insider Threats: 10 Ways To Protect Your Data
Insider Threats: 10 Ways To Protect Your Data
(Click image for larger view and slideshow.)

IBM is opening up its security analytics platform IBM Security QRadar. This move will allow developers to build custom apps to take advantage of the platform's security intelligence capabilities.

At the same time, Big Blue is launching the IBM Security App Exchange, which is a marketplace for the security community to create and share apps.

IBM's Security QRadar platform analyzes data across an organization's IT infrastructure to identify potential security threats. The latest version will allow customers to create rules that will automatically take actions once specific threats have been detected. For example, according to IBM, rules created within QRadar can automatically trigger actions that block IP addresses and control user access based on their risk profile. Additionally, applications that are developed using the new QRadar application framework can also leverage custom rules to automatically respond to threats.

[When good data intentions go bad. Read 14 Creepy Ways To Use Big Data.]

IBM is also further integrating QRadar with IBM BigFix endpoint security management to help customers better prioritize threats and patches on user devices. QRadar can now also identify the exposed endpoints that do not have BigFix installed, helping clients find rogue or unmanaged assets more quickly.

IBM and its partners -- including Bit9 + Carbon Black, BrightPoint Security, Exabeam, and Resilient Systems -- have already populated the IBM Security App Exchange with customized apps that extend IBM Security QRadar in areas such as user behavior, endpoint data, and incident visualization.

Others partners, such as STEALTHbits and iSIGHT Partners, also have apps in development.

These apps take advantage of new open application programming interfaces (APIs) for IBM's QRadar platform. The tool uses data analytics and threat intelligence to detect security incidents for thousands of security operation centers. In a prepared statement, IBM said the platform is in use by almost half of the Fortune 100.

One of the apps already present in the Security App Exchange is Exabeam User Behavior Analytics, which integrates user-level behavioral analytics and risk profiling directly into the QRadar dashboard. According to IBM, this real-time view of user risk allows companies to detect subtle behavioral differences between a normal employee and an attacker who might be using that same credential.

A new IBM-developed app lets QRadar users pull in any threat intelligence feed that uses the open-standard STIX and TAXII formats. This app can use data to create custom rules for correlation, searching, or reporting. For example, users could bring in public collections of dangerous IP addresses from IBM X-Force Exchange, and create a rule to raise the magnitude of any offense that includes IP addresses from that watch list.

The opening of this security analytics platform is the second step IBM has taken this year to advance industry collaboration. Earlier this year, IBM opened its 700TB database of security threat data through the IBM X-Force Exchange.

The X-Force Exchange includes one of the largest catalogs of vulnerabilities in the world, malware threat intelligence from a network of 270 million endpoints, threat information based on more than 25 billion Web pages and images, and deep intelligence on more than 8 million spam and phishing attacks.

According to IBM, more than 2,000 organizations have joined this threat-sharing platform since it was announced in April.

**New deadline of Dec. 18, 2015** Be a part of the prestigious InformationWeek Elite 100! Time is running out to submit your company's application by Dec. 18, 2015. Go to our 2016 registration page: InformationWeek's Elite 100 list for 2016.