IBM Security Guardium

 View Only

Darning your SOCs: Integrating IBM Security Guardium Insights tickets into IBM Cloud Pak for Security Case Management

By RYAN SCHWARTZ posted Tue January 19, 2021 05:39 PM

  

Let’s talk briefly about the benefits of sharing data security event info across the SOC. Last year, Gartner predicted that a major near-term trend for enterprise CSOs would be to “bring together multiple security-oriented silos.” Gartner goes on to say that the reason for this trend is, as could be expected, for defensive purposes.

By allowing the free flow of security data across once disparate teams, security leaders can now coordinate risk investigation and incident response across the various segments of the security stack—as well as cut down on overall response times. Tickets opened in relation to a data security breach can be shared with the SOC to quickly escalate priority issues and collaborate in response.

On average, it takes 280 days to identify and contain a breach. IBM Security Guardium Insights for IBM Cloud Pak for Security aims to help significantly reduce that time.

A key feature of Guardium Insights v2.5 (released December 7th) is its ability to integrate with IBM Cloud Pak for Security Cases, an incident response application that allows security analysts to view and remediate priority tickets. Check it out for yourself in this quick demo of the workflow:



Through this integration, a ticket created for data security risk being investigated by a data security specialist—i.e. a large, unexpected data extraction by a user that does not typically access the involved database—can be mapped to Cloud Pak for Security and opened as a case within the platform, allowing either:

  • Security analysts to be aware of the threat and view the steps the data security team has taken to remediate it
  • Collaborate with the data security team to investigate and orchestrate a cross-functional response

 
Both of these outcomes help the responding organization as a whole by proactively increasing risk visibility and making relevant resources aware of the issue, two integral parts of an effective threat response.

The best part is that the integration takes seconds to complete as Guardium Insights is built on Red Hat OpenShift and acts as the data security hub of Cloud Pak for Security. 

 

And learn about Guardium Insights here:

Guardium Insights v2.5 announcement blog

Guardium Insights product page

IBM Cloud Pak for Security product page



#Guardium
0 comments
39 views

Permalink