IBM this week introduced some major new features to its Cloud Pak for Security platform designed to broaden security protection and streamline response efforts across the threat lifecycle.
The platform, originally launched last year, integrates an organization’s existing security tools with its own analytics functions to provide deeper insights into threats and risks across cloud and on-premises environments.
The updated version of the platform, available now, expands the platform to include all pillars of threat management, including detection, investigation and response, and connects those capabilities via artificial intelligence and automation workflows to streamline response efforts across the threat lifecycle, according to IBM Security Vice President Aarti Borkar.
“Data security has traditionally been completely siloed from threat management, with separate tools, teams and workflows,” she said. Instead, IBM is taking the approach of bringing data security insights directly into Cloud Pak for Security's security response workflow. That will allow security analysts to access deeper data-level insights about where their sensitive data resides, who has access to it and how to protect it — all from within their primary response platform, she added.
The announcement also highlighted upcoming capabilities that will be available later this year. The first is a set of new data security integrations designed to bring data security directly into the platform’s threat management and security response workflows. These integrations take the form of a built-in data security hub, which Borkar said will give security analysts the tools to detect and respond to data breach incidents more quickly.
“Historically, security analysts would have needed to access a different toolset or even coordinate with the database administration team to investigate and contain data breach incidents, determine the policies surrounding that data, who has accessed it and how it is being used,” she said. “Now they can do this all from within the primary platform they are already using to respond to threats of all types, while also taking advantage of automation playbooks to speed their response to common types of data security incidents.”
Also available later this year will be the addition of five third-party threat management feeds: AlienVault Open Threat Exchange (OTX), Cisco Threat Grid, MaxMind Geolocation, SANS Internet Storm Center and VirusTotal. Additional threat feeds will be added in 2021.
These improvements are in line with IBM’s overall goals for advancing security, Borkar said, which envision security as an open, platform-based approach that can simplify and connect security across the fragmented IT landscape. She said the company intends to continue to add capabilities to Cloud Pak for Security by connecting additional data sources and toolsets from IBM and others, while exploring new ways that these capabilities can be further combined and automated to simplify security operations.