By Charles King, Pund-IT® May 3, 2023
“Scalability” is a commonplace concept among IT vendors and enterprise customers, but the means they use to achieve scalable performance have changed significantly over time. Not all that long ago, companies purchased more IT assets than they immediately required and then “grew into them.”
Over time, vendors began offering new solutions, such as capacity on-demand which allows customers to enable dormant processors in scalable servers to address long-term business growth or short-term compute capacity requirements. Today, cloud-based as-a-service (aaS) offerings help companies ensure that they have the means to address their most important needs.
That said, the value of scalability impacts less physical but still existential challenges, including how organizations detect, analyze and respond to growing cyber threats and attacks. The recently announced IBM Security QRadar Suite offers an excellent example of how a vendor can help enterprise customers successfully address such problems.
Cyberattack and response evolution
First, consider how businesses deal with cyberattacks. Rather than sourcing security solutions through a single vendor, companies often source tools and offerings through multiple providers and specialists. That adds complexity to Security Operation Center (SOC) team training and solutions management, especially as IT infrastructures and cyberattack strategies continue to evolve.
How does that evolution manifest itself? IT infrastructures grow over time and tend to become increasingly heterogeneous as new staff and management cycle out and in. In addition, the solutions that businesses adopt are also constantly evolving. A decade ago, cloud mostly referred to AWS. Today, enterprises depend on hybrid cloud environments leveraging multiple vendors services and solutions. Finally, there are always innovative new products being developed and deployed, like extending powerful compute and analytics processes to the far edges of corporate networks.
While evolutionary hybrid cloud and edge offerings can be highly beneficial, they also impose additional complexity tolls on businesses and staff. Plus, they inherently expand the attack surfaces that can be exploited. That makes it easy for cyber crooks, like those employed by organized crime and rogue states, to execute attacks, including adware, spyware, phishing, trojans, worms and zero-day exploits, as well as increasingly common ransomware and “steal now/decrypt later” thefts of encrypted data.
As a result, conventional security strategies and solutions may be inadequate or unable to address enterprises’ essential needs and goals.
IBM’s Security-as-a-Service (SaaS) approach and benefits
How is IBM addressing this? According to the company, its new offering is designed to unify and accelerate the efforts of security analysts across the full incident lifecycle. The IBM Security QRadar Suite represents “a major evolution and expansion of the QRadar brand, spanning all core threat detection, investigation and response technologies.”
Along with developing new and updated solutions, IBM based the new offerings on open technologies and designed it to address the demands of hybrid cloud business environments. In addition, the company is delivering the QRadar Suite as-a-service through IBM Cloud. To achieve this, the company followed three core elements:
- A common, unified, modern user interface that works across all QRadar Suite products, thus increasing analysts’ speed and efficiency across the attack chain. According to IBM, embedded enterprise-grade AI and automation can speed alert investigation and triage by 55% in the first year, on average.
- Designed to be delivered aaS, QRadar Suite products support simplified deployment, visibility and integration across cloud environments and data sources. It also offers a new, cloud-native log management capability optimized for data ingestion, rapid search and analytics at scale.
- The QRadar Suite is built around an open foundation, leverages IBM’s extensive partner ecosystem, and includes over 900 pre-built integrations designed to provide interoperability between IBM and numerous third-party toolsets.
According to IBM, the QRadar Suite represents a culmination of its years of security investments, acquisitions and developments, as well as the experience gained in IBM Managed Security Service engagements with over 400 enterprise clients. The QRadar Suite is designed to automatically contextualize and prioritize alerts, display data in visual format for rapid consumption, and provide shared insights and automated workflows between products. In concert with the unified analyst interface, IBM’s approach can drastically reduce the steps and screens required to investigate and respond to cyberthreats.
IBM Security QRadar Suite offerings
IBM’s QRadar Suite includes the following core products, initially delivered as SaaS and updated with the new unified analyst experience:
- QRadar Log Insights: A new, cloud-native log management and security observability solution designed to provide simplified data ingestion, sub-second search and rapid analytics alongside federated search and investigation.
- QRadar EDR and XDR: EDR helps companies protect their endpoints against previously unknown, zero-day threats – using automation and machine-learning and behavioral models to detect anomalies and respond to attacks in near real-time. For companies that wish to extend these capabilities beyond endpoints, IBM offers XDR with alert correlation, automated investigation, and recommended responses across network, cloud, email and more, plus managed detection and response (MDR).
- QRadar SOAR: SOAR helps organizations automate and orchestrate incident response workflows and ensure processes are followed in consistent, optimized and measurable ways. It includes 300 pre-built integrations and offers playbooks for responding to 180+ global data breach and privacy regulations.
- QRadar SIEM: IBM’s QRadar SIEM has been enhanced with the new unified analyst interface. It offers real-time detection, leveraging AI, network and user behavior analytics, and real-world threat intelligence that provides more accurate, contextualized and prioritized alerts. IBM also plans to make QRadar SIEM available as-a-service on AWS by the end of Q2 2023.
IBM’s reputation for scalable development is well known in the tech industry. The company is a leader in both established data center solutions and emerging commercial technologies, like Quantum computing, in terms of scale, flexibility and usability. That history and IBM’s deep experience in enterprise and business security makes the company a logical source for delivering highly scalable leading-edge offerings, like the IBM Security QRadar Suite.
The QRadar Suite’s new unified user interface, along with its AI- and automation-enabled features should help SOC teams effectively address increasingly sophisticated and dangerous cyberattacks. Additionally, its delivery as a service through IBM Cloud should simplify QRadar Suite deployments and integration across hybrid multi-cloud environments and data sources.
Finally, developing the new solutions on an open foundation and including 900+ pre-built integrations should help ensure that SOC teams will be able to gain the full benefits of the QRadar Suite while also using many or all of their existing security tools.
Overall, IBM Security QRadar Suite is likely to garner the interest and enhance the security of numerous enterprise customers.
© 2023 Pund-IT®. All rights reserved.