What is IBM Cloud Pak for Security
IBM Cloud Pak for Security provides a platform to quickly integrate your existing security tools and generate deeper insights into threats across hybrid, multi-cloud environments.
The following diagram illustrates a high-level overview of IBM Cloud Pak for Security.
QRadar Security Intelligence Platform
IBM® QRadar Security Intelligence Platform (SIEM) is offered as both an on-premises solution or ‘On Cloud’ solution (IBM QRoC) and delivers intelligent security analytics, enabling visibility, detection, and investigation for a wide range of known and unknown threats. Event analytics ingest, parse, normalise, correlate, and analyse log and event data to detect indicators of threats. Event analytics also identify anomalous activities, automatically connect related threat activity, and alert security teams to potential threats. Flow analytics collect, extract, and normalise valuable network flow data and packet metadata to augment log-based security insights. Flow analytics also identify network and application-level threat activity, such as phishing, lateral movement, and data exfiltration.
For more information, see QRadar Security Intelligence Platform documentation
QRadar User Behavior Analytics
QRadar User Behavior Analytics is a tool for detecting insider threats in your organisation. UBA, used with the existing data in your QRadar system, can help you generate new insights around users and user risk.
For more information, see User Behavior Analytics.
IBM Security Orchestration & Automation – SOAR (Formerly Resilient)
IBM Security Orchestration & Automation requires a license and is available as a stand-alone virtual appliance or as an application that is fully integrated into IBM Cloud Pak for Security.
IBM Security Orchestration & Automation provides the following benefits:
- Create response plans that are based on industry standards and best practices.
- Integrate more easily with security and IT tools, and orchestrate responses to events and incidents.
- Collaborate across the organization, equipping various stakeholders with the tools to fulfil their roles and tasks as part of an incident response effort.
If you have an Orchestration & Automation license, you can choose between the stand-alone version on a virtual appliance or the application on Cloud Pak for Security:
- The stand-alone virtual appliance version provides the full feature set of the IBM Resilient Security Orchestration, Automation, and Response (SOAR) Platform. For more information, see IBM Resilient Security Orchestration, Automation, and Response Platform.
- The application that is integrated on Cloud Pak for Security provides most, but not all, of the IBM Resilient Security Orchestration, Automation, and Response Platform feature set. For more information, see Orchestration & Automation.
IBM Security Data Explorer
IBM® Security Data Explorer is a platform application that enables customers to do federated search and investigation across their hybrid, multi-cloud environment in a single interface and workflow. Data Explorer enables users to complete investigations in a timely manner without compromising visibility. Core underlying services and capabilities include:
- Federated data search to unite silos of security data and provide complete visibility across security solutions (for example, Security Information and Event Management, Endpoint Detection and Response, Data lake), and cloud infrastructures (for example, Azure, Amazon Web Services (AWS))
- Single, unified interface and workflow to investigate threats and Indicators of Compromise into user-selected data sources
- In-context data enhancements from Connected Assets and Risk data sources and IBM® Security Threat Intelligence Insights
- Workflows to track, append, create security cases from the native platform case management system.
For more information, see Data Explorer.
IBM Security Threat Intelligence Insights
IBM Security Threat Intelligence Insights is an application that delivers unique, actionable, and timely threat intelligence. The application provides almost all of the functions that IBM X-Force Exchange provides:
- IBM-derived threat intelligence across threat activity, threat groups, malware, and industries
- Continuous and automated Am I Affected searches across connected data sources to proactively identify your most relevant threats.
- Analytical and adaptive threat-scoring to help prioritise threats for further investigation and response.
For more information, see Selecting your Threat Intelligence Insights package and Threat Intelligence Insights.
IBM Security Guardium Insights
Guardium Insights is a collaborative, robust data security platform that is designed to help to unify and modernise the security operations centre (SOC). It enables your teams to consolidate visibility across on-premises and cloud databases; retain data security and audit data for years; and leverage machine learning and analytics to surface key insights, detect anomalous behaviour, and uncover hidden threats. This collected data can be shared with Cloud Pak for Security. Tickets created within Guardium Insights can be mapped to the Cloud Pak for Security Case Management application. This combination of capabilities provides context-rich case data about data security threats directly to SOC analysts. This security advantage helps ensure that key stakeholders across the security organisation are notified and aids in orchestrating a collaborative response to high-priority data threats. Additionally, as Guardium Insights is built on Red Hat OpenShift and utilises microservice Kubernetes containers, it can be deployed with Cloud Pak for Security to give security teams the flexibility to embed their critical security and data security tools directly into their cloud environments or other environments within which they need to deploy.
For more information see IBM Security Guardium Insights.
IBM Security Guardium Protection
Guardium Data Protection is a data activity monitoring and compliance reporting solution that is purpose-built to protect sensitive data stored across platforms. Guardium Data Protection helps organizations protect their critical data, wherever it resides, on-premises and across hybrid multi-cloud environments. With its robust visibility, actionable data threat insights, real-time alerting, active controls, and automated compliance workflows, Guardium Data Protection makes it easier for organizations to protect their data as they modernize their IT landscape and migrate to hybrid multi-cloud deployments. The solution helps address the ever-increasing number of regulatory mandates, especially privacy while preventing and stopping cyber attacks.
For more information, see IBM Security Guardium Insights documentation.