Cybersecurity collaboration: Is it on your QRadar?

From international, state-on-state cooperative initiatives at the beginning of the year; through to a string of high profile hacks, 2015 has in every way been the year of cybersecurity. As the complexity and frequency of threats have increased, so too have the responses of the ‘White Hat’ community.

The solution for organisations the world over is a brilliantly simple one and takes its inspiration directly from the activities of the black hat community itself – collaboration and transparency. However, due to the nature of cybersecurity, the notion of transparency and collaboration has been slow to garner support and gather pace. With the creation of the X-Force Exchange in April and the App Exchange in December, we are opening up a whole new opportunity and approach to tackling the threat of cybercrime as we begin to look to 2016 and beyond.

The App Exchange itself is based on the QRadar security analytics platform. QRadar processes billions of data points and uses security analytics and threat intelligence to find and prioritise security threats on company networks, Essentially, QRadar helps companies find the bad guys amongst a sea of big data. It’s a powerful tool in the fight against cybercrime, and one of the most powerful ways we can use it is by opening access to it to the wider community.

With the launch of the Security App Exchange, that message of collaboration is coming to the fore in cybersecurity.

• Sharing, collaboration and open technology approaches have been part of IT for a long time. Why has it taken the security side so long to catch up?

Security has traditionally, and by its nature, been a secretive affair and so sharing and collaboration have not historically been part of the culture. Looking at the current cybersecurity landscape we see that the "bad guys" are collaborating on the Dark Web, and we need to collaborate and share if we are to counter the threat. Sharing information on security threats is crucial, but we also need to collaborate on the security tools we’re using to protect against them.

• Is cybersecurity a collective responsibility for the business world?

Cybersecurity is a global issue and a shared responsibility. We need to work together as an industry if we are to counter the threat. Similar to how the containment of a pandemic requires global collaboration across the public and private sector, the same holds true for cyberattacks.

• Will adding so many potential contributors to the project itself not pose a security concern?

All of the community contributions to the App Exchange will be vetted by IBM Security to ensure integrity and customer trust in the applications.

• Will there be compatibility or complexity issues with so many diverse contributors all creating apps for the store?

Right now the App Exchange is populated with apps based on the QRadar open API, but we intend for this to be used as the platform for sharing apps based on other IBM security technologies moving forward. The apps will increase the visibility and intelligence of QRadar, but through the simple App Store format and integrating them directly into the QRadar interface, they aren’t increasing complexity for security teams.

• What, apart from the security of the business incentive, would encourage businesses to invest in development and testing of an app for the store?

Security teams, which are often understaffed, spend a huge amount of time customising their security tools with searches and filters to address the latest threats. IBM Security App Exchange will essentially allow security teams to “crowd source” the development of these custom applications and share them amongst themselves. For example, if a bank sees a new banking Trojan emerging they might create a custom search tool in QRadar to detect and block it’s malware signature. They could then upload this search tool as a free “app” in IBM’s App Exchange. Then, other QRadar customers could easily download the app, allowing them to quickly block the threat without spending extra resources to develop a similar search tool themselves. By allowing security teams to pool their expertise and share apps amongst themselves. They’ll be able to more quickly respond to emerging threats.

• Will this be open to individual companies or developers, or is it designed for the in-house teams at businesses.

All of the above. In a nutshell, what we’re doing will allow the broader security community to easily create and share apps based on IBM security technologies.

• Can you explain a little about the commercial side? Is there a cost to businesses to sign up, download or use apps?

The apps currently posted to the IBM App Exchange are available free of charge, and IBM has a licence to distribute the apps to QRadar customers. The business partners creating apps own the apps themselves and they would be licenced directly to the customers. We believe the security software industry is moving to a more open and collaborative model like the rest of the IT industry and we want to compete on the best implementations of products, not the data, as that’s not helpful to our clients. We’re confident our tools are the best out there. In fact, IBM Security has leading products in 12 of 14 Gartner Magic Quadrants.

• Will IBM guide the development of the apps, or is it going to be a case of the community contributing where necessary in response to an evolving threat landscape?

As described further above, IBM Security App Exchange will essentially allow security teams to “crowd source” the development of these custom applications and share them amongst themselves. To increase and facilitate this, IBM is releasing open APIs and software development kits to spur the development of new applications based on QRadar technology. The new “open application framework” will include API’s and software developer kits that allow community developed apps to integrate directly into the QRadar platform and interface. Already the store has several contributed apps from industry partners, and we’re looking forward to further contributions coming through as well as ones we develop in-house.

Martin Borrett, IBM Distinguished Engineer, CTO, IBM Security Europe

Image Credit: Sergey Nivens/Shutterstock