The Schwartz Report

Blog archive

IBM Launches Security App Exchange

IBM this week launched a new security marketplace that aims to integrate third-party tools with its QRadar security information and event management (SIEM) platform. The IBM Security App Exchange allows partners and security operation center (SOC) administrators to share security intelligence, workflows, use cases and analytics. It extends upon IBM's X-Force, a 700TB database of security threat intelligence data it gathers from its customers, which the company opened up back in April to anyone who wants to use it. X-Force is now used by 2,000 customers.

The IBM Security App Exchange builds on the X-Force model by letting participants tie into QRadar with custom or commercial tools. IBM kicked of the app exchange with 14 tools, most from IBM as well as from four third-party providers that offer their own specialized monitoring and endpoint protection software.

Among the first partners to offer their tools with the new exchange are Bit9 + Carbon Black, BrightPoint Security, Exabeam and Resilient Systems, whose analytics, endpoint protection and incident response tools are all available on the exchange. The partner tools are integrated with QRadar, which is ranked among the leading SIEM platforms used in security operations centers. IBM touts QRadar's data analytics engine as using threat intelligence to detect and prevent security incidents.  

Partners can use QRadar's APIs to provide compatibility between the platform and their wares.

"This app exchange is a new home for partners and customers to share and download applications, and to enhance and extend their defenses," said Kevin Skapinetz, IBM's director of security strategy. "Think of it as a new way to deploy custom applications leveraging our analytics and our security system as a platform. And equally as important to help with that, we've opened up our analytics platform to support it, so we have new APIs and a new software development kit on top of the QRadar technology."

Brian Hazzard, VP of technical alliance at Bit 9 + Carbon Block, explained that by tying its endpoint detection and response tool with QRadar, SOC administrators don't have to pivot between the two. By exposing the functionality of Carbon Block into QRadar, the administrator or security analyst can view activity in a common interface, Hazzard said.

"That eliminates the swivel chair effect going across products to make the solution unified," Hazzard said. "Ultimately the goal is to make it so that you can do better detection of the threats that are going on and when there is a detection event, the objective is to respond very quickly to ultimately stop the compromise. The key is sharing info and exposing capabilities across the solutions."

IBM's move comes just a week after Microsoft launched the technical preview of its Azure Security Center, with partners that include Barracuda, Checkpoint, Cisco, CloudFlare, F5 Networks, Fortinet, Imperva and Trend Micro. Like IBM's exchange, the new Azure Security Center will aim to share intelligence with Microsoft's new Advanced Threat Analytics, built on the technology of Aorato, a company it acquired a year ago.

"They need to provide Microsoft-branded security offerings without alienating existing and potential security partners," said IDC analyst Robert Westervelt. "[Microsoft CEO Satya] Nadella and his team will have to do a balancing act and Azure Security Center could be the fulcrum  by enabling Microsoft to partner broadly with security vendors that provide specialized functionality and those that Azure customers have already adopted for compliance, controls and visibility. There are definitely similarities to IBM's new Security App Exchange. By offering QRadar, customers have access to custom applications that make the product more powerful and IBM cuts out the cost of acquiring or building out technology to bolt onto the SIEM product."

While software-as-a-service delivery of security is a relatively small market, IDC predicts adoption will grow significantly over the next two to four years. More than half of Web security market revenue will come from the cloud based offerings over traditional on-premises gateways by 2020, according to IDC. Westervelt said Amazon's marketplace introduced an easy way for organizations to buy and implement security offerings and noted Splunk is also successful in adding security functionality from third parties through its application store. "In addition, networking and endpoint security vendors are attempting to capture the opportunity by increasing subscription based security services such as threat intelligence feeds or cloud-based sandboxes to detect advanced threats," he said.

Case in point: Intel Security, which launched its Threat Intelligence Exchange (TIE) based on its McAfee Data Exchange Layer (DXL), counted 16 DXL Alliance partners in October, including Windows privilege management provider Avecto, Brocade, ForeScout, Mobile Iron, Titus and TrapX Security. For its part, IBM's Skapinetz said it has numerous other partners waiting in the wings for its Security App Exchange. "There are others we have in the queue but not ready to talk about," he said. "We'll be adding a lot more in 2016."

Posted by Jeffrey Schwartz on 12/09/2015 at 1:22 PM


comments powered by Disqus

Subscribe on YouTube