IBM has announced that its security analytics platform QRadar will be opened up to give users greater access to threat intelligence in a move to bolster industry collaboration and stay ahead of cyber threats.
The firm has also announced an IBM App Exchange that gives users the ability to create and share tailored computer security applications.
The exchange currently has 14 applications covering user behaviour analytics, endpoint data and incident visualisation.
The apps take advantage of threat data provided by QRadar and will open up fresh APIs and software development kits to the security community, IBM said.
The new applications, designed in collaboration with IBM partners including Carbon Black, BrightPoint Security, Exabeam and Resilient Systems, are designed to provide customers with better visibility into more types of data and also offer new automated search and reporting functions, according to IBM.
“More security threats are being driven by organised criminals and there are crime rings that are sharing their tools to launch attacks,” Kevin Skapinetz, programme director for product and security strategy at IBM told V3.
“[There are] very under-resourced security teams that are trying to fight back against very collaborative groups of attackers, sometimes they are trying to fight back by themselves and that equation doesn’t really work very well for the good guys.
“We are focusing on more open and collaborative approaches.”
The announcement is the latest move in IBM’s ongoing strategy of promoting deeper industry collaboration, explained Skapinetz. Earlier this year the firm opened up its X-Force exchange, which gives users access to the 700TB of stored threat intelligence data.
“This approach is critical for the evolution of security technology and with this announcement we are taking steps to lead that charge,” Skapinetz added.
“Sharing information and threat data is really only the first step in what we are calling collaborative defence and we are seeing a lot of CISOs and security teams use that term.
“Attackers are sharing information but they are also sharing the tools used to launch the attacks and we believe that defenders need to match that level of collaboration by sharing tools, technology and expertise faster than the bad guys.”
Furthermore, Skapinetz stressed that any applications uploaded to the exchange will be thoroughly vetted for security flaws.
“One thing that QRadar users expect is that the system is reliable and the system can work in an enterprise environment and that it’s tested for SOCs,” he told V3.
“As people are creating content whether it be new applications or new reports we are also vetting that content to make sure from a quality assurance standpoint that it can stand the test of a real and live operational SOC.”