IBM and Cisco have announced that they are to collaborate and better integrate their solutions to improve cybersecurity. In their press release announcement, the collaboration move will include:
“IBM Security’s QRadar, Watson for Cybersecurity, App Exchange, X-Force Threat Intelligence, Resilient IRP and managed security services, and Cisco’s Next-Generation Firewall (NGFW), Next-Generation Intrusion Protection System (NGIPS) and Advanced Malware Protection (AMP) and Threat Grid, as well as its Talos research team.”
It might seem strange from the outside to think that vendors are still working out integration around security but it’s the reality of a highly competitive environment. There are now over 300 vendors offering enterprise security products. Many of these are point products or small suites of products. In the main they do a good job within their narrow focus but this leaves enterprise security teams with a problem.
The enterprise security landscape is very wide. As enterprises look at best of breed products they face the challenge of integrating them to create a seamless security solution. Without that integration there are fracture lines in their security that can be exploited. Even with the larger security suites there is no guarantee there are not gaps but they have the advantage of being integrated when it comes to sharing data.
This brings us back to the IBM/Cisco announcement. The two companies are to integrate all the data from Cisco security solutions into IBM’s QRadar product. IBM is also providing additional support for Cisco products through its Managed Security Service Provider (MSSP) programme. In addition IBM X-Force and Cisco Talos security teams will begin sharing and collaborating on threat intelligence research. Those same teams will also collaborate on major cybersecurity incidents.
A power partnership to leverage
All of this is good news for customers. By capturing the data from Cisco endpoints, IBM can feed that back to IBM Watson for Cybersecurity. It will be able to see more of the network traffic and have more endpoint data to work with. This will allow it to build a better profile of attacks and predict potential targets. The network data collection adds a new dimension to security research. Although IBM gathers data from networks around the world, Cisco is the dominant player in terms of global network equipment deployments. It has a massive presence across cloud companies and telcos.
Allowing Watson for Cybersecurity to do more analysis of that data is also a good move. It should be able to more effectively identify where attacks are coming from and how they spread. That type of information is critical to early remediation of large scale attacks against infrastructure.
With the two companies sharing threat intelligence data customers should also expect to see an increase in Indicators of Compromise data. This is data that allows an enterprise to spot early signs of an attack. It might be communication from an infected machine to a command and control (C&C) server. It could also be files names or domain names that are being used to spread malware.
What is also key for customers is that there is no indication that this will increase their security costs. As such, better coverage, more security and at the same price will cheer CISOs, CIOs and CFOs alike. They will all see this as a clear win for themselves as customers.
In the current climate and undoubtedly for the foreseeable future, security continues to be a top of mind concern for organisations across the market landscape. The global impact of high profile malware breaches such as Wannacry and the large number of major organisations caught in its web paint an ominous picture for security practices and investment. The numerous accounts of security lapses and vulnerabilities within the software apps and infrastructure that make up the IT estate of many organisations, suggest that too many are still not capitalising on the software security solutions and practices open to them.
The CISO’s task is tough: especially for obtaining the cross organisational support, collaboration and investment in resources and time that a multifaceted software and cyber security defence strategy necessitates. The security sector certainly continues to be highly competitive and challenging to navigate. However, it is clear from the strategies and focus of some of the key players in the industry that greater effort is being made to deliver a more rounded approach to software and cyber security. They are leveraging the capabilities delivered by cognitive and machine learning analytics and using cloud delivery services for more flexible and affordable access. Both IBM and Cisco have strong security offerings that focus on: security operations and improving the response time; protecting information and data; identifying risks and promoting open collaboration with third party solutions. Their ecosystem play is reinforced by their announced partnership.
It will be interesting to see if this sparks a much wider integration conversation across the security business. There is no question that this will be seen as a threat by some of IBM and Cisco’s competitors. They will be concerned that they are unable to match what is offered. The solution is for them to improve their integration with these two companies. This will give them more data from which to improve their security solutions and give their customers a much wider set of security information.