1 Introduction
Over the past years, Cybersecurity has evolved from a technical challenge for the IT Security Division of businesses to a major concern for business leaders. Cybersecurity incidents cause massive damage to organizations from small businesses to global leaders. Understanding the current status of attacks across the entire IT landscape of businesses and being able to rapidly identify and respond immediately is essential to mitigate the potential damage they can cause.
On the other hand, the evolution of IT infrastructures from central, on premises data centers to hybrid IT environments running both on premises and in multi-cloud environments increases the complexity of gathering and processing the relevant data. DevOps environments also add a new element of volatility to the IT infrastructures. In addition, containerized environments – specifically if run in multi-cloud and hybrid scenarios – add to the complexity, where even critical business workloads are run in a very agile manner.
To add complexity, there is no one single tool for monitoring and analyzing data, or for automating the response to incidents. Most businesses have several such tools, one or more for each of the multiple environments in which applications run. There is a wide range of sources for security-relevant data in this hybrid world with few or even many tools consuming this data. Both the many sources of data for security and threat analytics, as well as the many systems consuming and processing that data and helping businesses to respond creates challenges.
It has become extremely difficult to create and staff process and to build infrastructures that support this complex environment. One such example is the SOC (Security Operations Center), which collects all relevant data from the hybrid, distributed, and volatile IT environments. In consequence, there is a risk that relevant data will be missed, incidents not identified in a timely manner leading to a failure to respond. Furthermore, with such a variety of such tools in place, it is also difficult to respond in a consolidated and efficient manner. Incident response, both from an organizational and technical perspective, becomes extremely complex.
Cybersecurity must deal with the reality and complexity of today’s IT environments. Point-to-point integrations of data sources to analytical solutions and to incident response solutions fail – too complex, too costly, too slow. There is need for visibility across all the relevant source data, so that systems can build on that data to detect, identify and respond effectively to cyber incidents.
There is, as yet, no defined category for such solutions because, until now, there were no such solutions available. While some vendors have good integration within their own technology or provide interfaces to their analytical applications, a comprehensive integration framework with a broad range of out-of-the-box integrations to relevant sources and analytical tools has been lacking until now.
IBM Cloud Pak for Security is now the first open platform that supports the integration of existing security tools for generating insights into cyber events across hybrid, multi-cloud environments. It is one component of a series of such enterprise-ready, containerized software solutions, named Cloud Paks, that IBM has started to bring to the market.