Companies generally agree that sharing threat intelligence helps to improve everyone’s cybersecurity posture, but some companies are hesitant to do it for fear of giving away too much information.
That attitude is beginning to change, however, and IBM is the latest to adopt a more friendly approach to threat intelligence. The company recently announced that it was opening up its security analytics platform for custom application development as well as launching an app exchange for creating and sharing apps based on IBM security technologies, it said in a press release.
IBM Security QRadar consolidates log source event data from thousands of devices, endpoints and applications distributed throughout a network and performs analytics on raw data to distinguish real threats from false positives, the company said. IBM customers, partners and developers can now leverage the platform's advanced security intelligence capabilities through new open application programming interfaces (APIs), the company said.
IBM also has launched IBM Security App Exchange, a marketplace for the security community to create and share apps based on these new QRadar APIs. IBM and partners including Bit9 + Carbon Black, BrightPoint Security, Exabeam and Resilient Systems already have built a total of 14 new apps for the IBM Security App Exchange that extend QRadar security analytics in areas like user behavior, endpoint data and incident visualization, according to IBM. Other partners such as STEALTHbits and iSIGHT Partners also have apps in development.
For example, Exabeam’s User Behavior Analytics app integrates user-level behavioral analytics and risk profiling directly into the QRadar dashboard, providing a real-time view of user risk that allows companies to detect small behavioral differences between a normal employee and an attacker using that same credential, according to IBM.
The opening of QRadar and launch of the security app exchange is not the first major move IBM has taken this year to promote sharing of threat intelligence and industry collaboration to fight cyber criminals. In April, IBM opened its 700 terabyte database of security threat data through its IBM X-Force Exchange platform. Since then more than 2,000 organizations have joined the program to share threat intelligence.
Marc van Zadelhoff, vice president, strategy and product management for IBM Security, said it’s imperative that industry leaders like IBM take initiative to extend security technologies to share threat intelligence to promote better cybersecurity globally, which suggests that stakeholders can expect similar moves from Big Blue in the future.
“With thousands of customers now standardizing on IBM’s security technologies, opening this platform for closer collaboration and development with partners and customers changes the economics of fighting cybercrime,” he said in the press release. “Sharing expertise across the security industry will allow us to innovate more quickly in order to help stay ahead of increasingly sophisticated attacks.”
Editor's note: This story was updated on Dec. 23, 2015, to correct an editing error that misidentified the number of companies that have joined the IBM program. The correct number is more than 2,000.