Considering the spate of cyber threats faced by customers, the need to more easily prioritize these threats, understand the scope and veracity of the attacks, and subsequently automate the responses, has never been more critical. While many security vendors exist to address some challenges, no single technology or vendor provides the complete security customers require. Therefore, providing this extended protection often requires a collaborative ecosystem of security vendors.
Cybersecurity technology partnerships, at their core, are designed to deliver maximum value to customers by exploiting the innovative excellence of each partnering company.
In May 2017, Cisco and IBM announced Security Partnership to address this growing global threat of cybercrime. One of our key announcements was focused on deep product integrations between our two companies. Cisco began building a new set of apps to integrate Cisco Firepower, ThreatGrid, Identity Services Engine (ISE), and Cloud Security (Umbrella and Cloud Lock) into IBM’s QRadar SIEM platform. Through these custom-built apps, QRadar would consume security information collected from the network, endpoints and cloud environments, then classify and prioritize the threats, helping security teams understand and more rapidly respond to advanced threats.
Delivering Outcomes
Security analysts are overwhelmed with an ever-expanding threat landscape, and limited capabilities to identify attacks in real-time. This can adversely impact their ability to escalate and prioritize the most critical threats for further action. This time-consuming task of understanding and classifying threats makes threat remediation an extremely daunting effort for even the most skilled Incident Responders.
This is where the Cisco-IBM technology collaboration delivers powerful capabilities to customers. The Firepower App for QRadar streamlines investigations into critical security event information. The new Firepower app dashboard contains 6 components, that are all drillable to enable analysts to access the underlying data sets within a single QRadar event summary dashboard. This provides a consolidated view of all available details Indicators of Compromise (IoCs) and hosts responsible for sending or receiving the malware.
What’s Up Next?
Next up, we will deliver the ThreatGrid app for QRadar to enable analysts to quickly categorize the threat level of potential malicious files that have been submitted to ThreatGrid inside their environment. Analysts can rapidly drill down from QRadar into the ThreatGrid malware analysis and threat intelligence platform for deeper analysis. This integration expedites the threat investigation process, with a dashboard view into the highest priority threats, delivered directly through QRadar versus having to pivot through disparate tools and interfaces.
Additionally, we are working to extend the reach of QRadar into our Identity Services Engine (ISE), Cisco Umbrella and Cloud Lock. This integration will provide joint customers deeper analysis to more efficiently identify anomalous threats that could indicate a security risk.
This partnership of two strong security companies will enable customers to secure their business outcomes with the most comprehensive security possible.
Post origins: https://blogs.cisco.com/security/cisco-and-ibm-partnering-for-better-security?dysig_tid=9d28555bc67048a19574d315212977f7&DTID=esosah000746&REFERRING_SITE=LinkedIn&CREATIVE=248162+SAH&POSTID=4846ae9b-0b11-452a-919c-323b9784679f
