IBM aims at hybrid cloud, enterprise security
Cloud Pak for Security features open-source Red Hat technology for hunting threats and automation to speed response to cyberattacks
21 November 2019 | 0
IBM is taking aim at the challenging concept of securely locking-down company applications and data spread across multiple private and public clouds and on-premises locations.
IBM is addressing this challenge with its Cloud Pak for Security, which features open-source technology for hunting threats, automation capabilities to speed response to cyberattacks, and the ability integrate customers’ existing point-product security-system information for better operational safekeeping – all under one roof.
IBM Cloud Paks are bundles of Red Hat’s Kubernetes-based OpenShift Container Platform along with Red Hat Linux and a variety of connecting technologies to let enterprise customers deploy and manage containers on their choice of infrastructure, be it private or public clouds, including AWS, Microsoft Azure, Google Cloud Platform, Alibaba and IBM Cloud.
Cloud Pak for Security is the latest of six that are available today, the others being Data, Application, Integration, Automation and Multicloud Management, and they also incorporate containerized IBM middleware designed to let customers quickly spin-up enterprise-ready containers, the company said.
The Cloud Paks are part of a massive Big Blue effort to develop an advanced cloud ecosystem with the technology it acquired with its $43 billion buy of Red Hat in July. The Paks will ultimately include IBM’s DB2, WebSphere, API Connect, Watson Studio, Cognos Analytics and more.
“The infrastructure is evolving in such a way that the traditional perimeter is going away and in the security domain, customers have a plethora of point-vendor solutions and now cloud-vendor security offerings to help manage this disparate environment,” said Chris Meenan, director, offering management & strategy, IBM Security.
Protecting this fragmented IT environment requires security teams to undertake complex integrations and continuously switch between different screens and point products. More than half of security teams say they struggle to integrate data with disparate security and analytic tools and combine that data across their on-premises and cloud environments to spot advanced threats, Meenan said.
One of the foundational components of Cloud Pak for Security is that it can, from a single containerized dashboard, connect, gather and see information from existing third-party tools and data sources, including multiple security-information and event-management software platforms, endpoint detection systems, threat-intelligence services, identity and cloud repositories, IBM said. Cloud Pak Connectors have been included for integration with security tools from vendors including IBM, Carbon Black (now part of VMware), Tenable, Elastic, BigFix, and Splunk, as well as public-cloud setups from IBM, AWS, and Microsoft Azure.
The big deal here is that the tool lets security teams connect all data sources to uncover hidden threats and make better risk-based decisions, while leaving the data where it resides, without needing to move that data into the platform for analysis, Meenan said.
“There’s a ton of security data out there, and the last thing we wanted to do was force customers to build another data lake of information,“ Meenan said. “Cloud Pak lets customer access data at rest on a variety of security systems, search and query those systems all via a common open-source federated framework.”
For example, the system supports Structured Threat Information Expression (STIX), an open source language used to exchange cyberthreat intelligence. The platform also includes other open source technology IBM co-developed through the OASIS Open Cybersecurity Alliance.
Once the data is gathered and analyzed the platform lets security teams orchestrate and automate their response to hundreds of common security scenarios, IBM said. Via the Cloud Pak’s support for Red Hat Ansible automation technology customers can define actions such as segmenting a multicloud domain or locking down a server quickly. Meenan said.
The platform helps customers formalize security processes, orchestrate actions and automate responses across the enterprise, letting companies react faster and more efficiently while arming themselves with information needed for increasing regulatory scrutiny, IBM said.
The Security Cloud Pak is a platform on which Big Blue will develop future applications, Meenan said, “to address new challenges and risks such as insider security threats, all designed in realistic ways for customer to deploy without having to rip and replace anything.”
IDG News Service