IBM and Cisco form force to tackle cybercrime
June 1, 2017
Two of the world’s biggest technology companies – Cisco and IBM – are working together to address the growing global threat of cybercrime. The two will collaborate closely across products, services and threat intelligence for the benefit of their customers.
Cisco security products will be integrated with IBM's QRadar to protect organisations across networks, endpoints and the cloud. Customers will also benefit from the scale of IBM Global Services support of Cisco products in its MSSP managed security service provider offerings.
The collaboration also establishes a relationship between the IBM X-Force and Cisco Talos security research teams, who will begin collaborating on threat intelligence research and coordinating on major cyber-security incidents.
One of the core issues impacting security teams is the proliferation of security tools that do not communicate or integrate. A recent Cisco survey of 3000 chief security officers found that two-thirds of their organisations use between six and fifty different security products. Managing such complexity is challenging over-stretched security teams and can lead to potential gaps in security.
The Cisco and IBM security relationship is focused on helping organisations reduce the time required to detect and mitigate threats, offering integrated tools to help them automate a threat response with greater speed and accuracy.
"In cyber security, taking a data-driven approach is the only way to stay ahead of the threats impacting your business," said Bill Heinrich, chief information security director at BNSF Railway. "Cisco and IBM working together greatly increases our team's ability to focus on stopping threats versus making disconnected systems work with each other. This more open and collaborative approach is an important step for the industry and our ability to defend ourselves against cybercrime."
The cost of data breaches to enterprises continues to rise. In 2016, the Ponemon Institute found for companies surveyed the cost was at its highest ever at $4m, up 29 per cent over the past three years. A slow response can also impact the cost of a breach – incidents that took longer than 30 days to contain cost $1m more than those contained within 30 days. These rising costs make visibility into threats, and blocking them quickly, central to an integrated threat defence approach.
The combination of Cisco's security offerings and its architectural approach, integrated with IBM's cognitive security operations platform, should help users secure their organisations more effectively from the network to the endpoint to the cloud.
As part of the collaboration, Cisco will build applications for IBM's QRadar security analytics platform. The first two applications will be designed to help security teams understand and respond to advanced threats and will be available on the IBM Security App Exchange. These will enhance user experience, and help companies identify and remediate incidents more effectively when working with Cisco's NGFW firewall, intrusion protection system, malware protection and threat grid.
"Cisco's architectural approach to security allows organisations to see a threat once, and stop it everywhere," said David Ulevitch, general manager at Cisco Security. “By combining Cisco's comprehensive security portfolio with IBM Security's operations and response platform, Cisco and IBM bring best-of-breed products across the network, endpoint and cloud, paired with advanced analytics and orchestration capabilities.
In addition, IBM's IRP resilient incident response platform will integrate with Cisco's threat grid to provide security teams with insights needed to respond to incidents faster. For example, analysts in the IRP can look up indicators of compromise with threat grid's threat intelligence, or detonate suspected malware with its sandbox technology. This enables security teams to gain valuable incident data in the moment of response.
"Cybercrime is expected to cost the world $6tn annually by 2021," said Marc van Zadelhoff, general manager for IBM Security. “This is why IBM has been a proponent of open collaboration and threat sharing in cyber security to change the economics for criminals. With Cisco joining our immune system of defence, joint customers will greatly expand their ability to enhance their use of cognitive technologies like IBM Watson for cyber security. Also, having our IBM X-Force and Cisco Talos teams collaborating is a tremendous advantage for the good guys in the fight against cybercrime."
IBM X-Force and Cisco Talos research teams will collaborate on security research aimed at addressing the most challenging cyber-security problems facing mutual customers by connecting their leading experts. For joint customers, IBM will deliver an integration between X-Force Exchange and Cisco's threat grid. This integration expands the historical and real-time threat intelligence that security analysts can correlate for deeper insights.
For example, Cisco and IBM recently shared threat intelligence as part of the recent WannaCry ransomware attacks. The teams coordinated their response and researchers exchanged insights into how the malware was spreading. They continue to collaborate on the investigation to ensure joint customers, and the industry, have the most relevant information.
Through this expanded collaboration, IBM's managed security services team, which manages security for more than 3700 customers globally, will work with Cisco to deliver services aimed at further reducing complexity. One of the first offerings is designed for the growing hybrid cloud market. As enterprise customers migrate security infrastructure to public and private cloud providers, IBM Security will provide managed security services in support of Cisco security platforms in leading public cloud services.