Introduction to IBM Cloud Pak for Security

IBM Cloud Pak for Security provides a platform that helps enterprise security teams more quickly integrate their existing security tools to generate deeper insights into threats across hybrid, multicloud environments. It uses an infrastructure-independent common operating environment that runs anywhere. You can quickly search for threats, orchestrate actions, and automate responses without moving your data. The Cloud Pak addresses the following critical business needs:

  • Simplify and speed investigations. Using federated search, you can investigate threats and indicators of compromise (IOC) across the organization by using the security tools that you already have in place. Uncover and analyze those insights against your threat intelligence sources or sources from IBM. Learn more about the Data Explorer.
  • Respond quickly and thoroughly to threats. Orchestration and automation help you respond to cybersecurity incidents with confidence. Find and remediate threats by automating and prioritizing tasks and collaborating across teams. Learn more about Resilient.
  • Prioritize relevant threat information and scan for threats in your environment. Learn more about IBM Security Threat Intelligence Insights.

How you can integrate with IBM Cloud Pak for Security

IBM Cloud Pak for Security connects to third-party tools and data sources, including multiple security information and event management (SIEM) tools, endpoint detection systems, threat intelligence services, and identity and cloud repositories. You can also build a customized connector to any tool or homegrown database in your environment. IBM Cloud Pak for Security offers several options to help, such as federating your security data and providing asset information to correlate with other data sources.

Federate your security data via the Universal Data Insights service and STIX-shifter

Federated search gives you the ability to investigate and analyze security insights across your company without moving your data. Any application that queries or reads security data from the shared data sources can use the Universal Data Insights service API. It integrates with an extensible open source software development kit (SDK) called STIX-shifter, which is provided through the OASIS Open Cybersecurity Alliance.

Provide asset information to correlate with other data sources

Consolidate asset and risk information from various security and IT tools to identify security gaps and better understand the overall security posture. The Connect Assets and Risks (CAR) connector provides asset information that is extracted and uploaded from various data sources, such as SIEM tools, threat detection products, and endpoint products. This collaboration of asset information is necessary to understand a company’s environment and risk posture.

Summary

Cloud Pak for Security offers your customers a lot of value with this integration approach. By providing a security platform that consolidates security information from multiple sources, your customers can:

  • Extract more value out of their existing security tools.
  • Improve analyst productivity with the power to do more.
  • Leave the data where it is by federating data without having to move it. No additional data lake required.
  • Uncover hidden threats faster by searching across disparate data from one screen.
  • Reduce privacy risks from duplicating your data to data lakes.
  • Avoid building costly product integrations internally by leveraging pre-built integrations.

Learn how to develop a new STIX-shifter adapter with the tutorial, Exchange cyber threat intelligence with STIX-shifter.