IBM Security Global Forum

 View Only

The Future of the Modern SOC: IBM Security QRadar XDR

By Lauren Horaist posted Tue November 02, 2021 05:29 PM


Across the many customer conversations I’ve had with customers in the last year and half, two trends have really stood out. First, most organizations are struggling with (or at least very concerned about) ransomware. And second, almost every security team I’ve spoken with has brand new team members, fresh out of college, who are eager to learn, but also face a steep learning curve. In this dynamic, the criticality of endpoint security is certainly top of mind, but so is usability. Optimal security products today must help reduce complexity, provide clear insights, and prioritize an intuitive user experience to help reduce the learning curve for the next generation of practitioners while simplifying and streamlining day-to-day processes for our current security experts.


With that said, I’m incredibly excited to share that today we are announcing our plans to acquire ReaQta, an innovative EDR company that leverages highly performant AI to automatically detect and block threats at the endpoint. The ReaQta team brings hands-on experience in both offensive and defensive cybersecurity, and having been practitioners themselves, they share a strong focus on enabling top-tier, intuitive capabilities that do not require additional team members or in-depth security expertise.


I’m also excited to share that we’re simultaneously announcing IBM Security QRadar XDR, an open and connected extended detection and response (XDR) suite. QRadar XDR brings together our expertise across EDR (via ReaQta), NDR, SIEM and SOAR, and today we are also announcing a new product, IBM Security QRadar XDR Connect, which delivers a set of cloud-native, extended detection and response capabilities that runs on an open security platform (Cloud Pak for Security). The QRadar Suite is designed to help breakdown silos, reduce complexity, unify workflows, and infuse security automation across the detection, investigation, and response lifecycle to help improve security while reducing the day-to-day workload on security teams.

The QRadar Evolution

With today’s announcement we are rebranding our threat detection and response portfolio under the QRadar name. This list includes the XDR suite itself, as well as the components of the suite, along with a brief description:

  • QRadar XDR: The overarching suite encompassing the offerings below:
    • QRadar SIEM: Our core SIEM offering, which also includes User Behavior Analytics
    • QRadar NDR: The network detection and analytics components our SIEM, including QRadar Network Insights, QRadar Network Threat Analytics and DNS Analyzer
    • QRadar SOAR: Our core SOAR offering, acquired in 2016 from Resilient, including the optional Breach Response module
    • QRadar XDR Connect: A NEW offering that includes case management, automated investigation, unified search and threat hunting across multiple tools, and threat intelligence. Stay tuned in the coming months to learn more about the future of XDR Connect.

Vision for the future

 As we look towards the future, there are three key focus areas of our innovation and development.


  1. Unified, cloud-native platform. To help break down silos and reduce complexity, we’re extremely focused on open integrations, and those integrations must also happen within our own product portfolio. In the coming months, we intend to continue working towards delivering a single, unified platform that offers native EDR, NDR, XDR, SIEM and SOAR capabilities, along with unified workflows and shared integrations. As we evolve to a unified platform, the underlying, truly cloud-native architecture will enable greater speed, built-in resilience, and lower costs of the platform itself.


  1. Open, connected integrations. As we look at different approaches to XDR, our point of view is that (to be a bit cliché) “if it ain’t broke, don’t fix it.” We know you’ve got a number of security tools in your environment that you like and that work for you. That’s great – if they’re working well, keep them. The value of an open approach to XDR is that it can augment the tools you have today by providing a unified layer from which you can connect related alerts, automate investigation, understand threat progression, do your own centralized threat hunting, and orchestrate response across your tools at once. Open XDR aims to provide one central place that – through tight, bidirectional integrations – enables you to interact with data and insights from your different tools in a federated way so you can stop console and context switching, act faster, and be more efficient.


  1. Infused, intelligent automation. One of our primary goals is to make your job easier. Regardless of whether or not you use our EDR, NDR or SIEM (of course, we’d like you to use ours!), with QRadar XDR Connect we’re aiming to infuse intelligence and automation throughout the detection and response lifecycle to help you (1) better connect the dots between alerts coming from different solutions so that you can gain a comprehensive view of the actual threat; (2) automatically enrich those threats both with threat intelligence and additional activities that are likely related to the same threat; (3) accelerate response processes by immediately executing low risk actions (e.g. send malware to sandbox, update firewall policy), and providing responders with recommended actions that are validated and easily executed in one click (ex. revoke a user’s account/credentials)


As we work towards further building out the above areas, we fully intend to bring ReaQta into the fold. ReaQta’s unique approach to EDR, coupled with their infused AI to detect behavioral indicators of endpoint threats and automatically block those threats, is highly complementary to our long-term strategy. Equally important, our shared mission of making security teams’ jobs easier will remain at the forefront as we integrate our capabilities over time to deliver a best-in-class unified security platform – without adding to complexity, requiring additional headcount, or demanding a deep level of security expertise from our customers.

Learn more

Read our Blog

Read our Press Release