Techaisle Blog

I have been a regular attendee of IBM Think for many years. The recently held IBM Think 2023 was a defining moment in more ways than one. First, IBM presented a cohesive narrative around Open Hybrid Cloud, Security, AI, and Ecosystem that resonated with customers and partners. Second, IBM demonstrated its commitment to helping companies leverage AI by introducing watsonx. This platform includes foundation models, generative AI, and a governance toolkit. Finally, at its recent Think event, IBM emphasized the impact of ChatGPT and AI on businesses and demonstrated the capabilities of watsonx. The company also highlighted the importance of its partner ecosystem and announced plans to invest in and expand its network to double its revenues. In this article, I will discuss several strategic initiatives that are likely to make a significant impact. In particular, I will delve into the details of the new QRadar suite, the generative AI capabilities of watsonx, and IBM’s efforts to empower partner success.

The rise in remote work and global interconnectivity of devices has brought significant changes and challenges to cybersecurity. Organizations are dealing with complex IT systems that require better visibility, threat detection, and incident response capabilities. Adopting cloud technology, especially hybrid cloud environments, has further complicated the situation. Security teams need help to secure public-facing applications running in the cloud and ensure all applications are up to date.

There is a growing demand for gathering more security data to enhance visibility. However, data collection can be costly and complicated, particularly when transferring it between different cloud platforms. In addition, organizations deploy multiple security tools to protect their new cloud infrastructure, adding to the challenges faced by security professionals.

Organizations are setting up enhanced Security Operations Centers (SOCs) to address these challenges. However, SOC professionals often face overwhelming workloads and require user-friendly tools that can be integrated with different security products. In addition, manual investigation of threats slows down their response time. To address these challenges, IBM has introduced a range of security solutions, including the IBM QRadar Suite.

QRadar Suite: Overview

The QRadar Suite is a subscription-based (SaaS) offering that combines AI-enhanced versions of IBM's existing threat detection and response solutions into a comprehensive global product. It represents a significant advancement and expansion of the QRadar brand, encompassing all critical technologies related to threat detection, investigation, and response. The original QRadar technology was integrated into IBM's portfolio after the acquisition of Q1 Labs in 2011. The new QRadar Suite goes beyond traditional security information and event management (SIEM) capabilities, aiming to provide a unified experience for security management. Its goal is to assist organizations in managing extended detection and response (EDR/XDR) capabilities, SIEM functionalities, and Security Orchestration Automation and Response (SOAR) in cybersecurity.

In addition, IBM has enhanced the suite's capabilities via strategic acquisitions. For example, the inclusion of SOAR capabilities results from the purchase of Resilient in 2016, while the EDR capabilities are attributed to the addition of ReaQta in 2021. Additionally, the QRadar Suite includes a new product, QRadar Log Insights, a cloud-based tool for security log management and federated search and investigation.

Standout Elements: Unified Interface, Automated Investigation, and Flexible Purchase

The QRadar Suite stands out due to three key features: a unified interface, automated investigation capabilities, and flexible purchase options.

Firstly, the suite has been developed in collaboration with security analysts, resulting in a unified and modernized interface that centralizes capabilities and workflows across IBM QRadar and 3rd party solutions. The Unified Analyst Experience (UAX) centralizes insights across both IBM and 3rd Party security tools, not just IBM products. It does this through its “Federated Search” capability. This consistent interface assists analysts throughout their investigation, response, and threat-hunting workflows across EDR/XDR, SIEM, SOAR, and Security Log Management (SLM). In addition, it empowers them to navigate the attack chain swiftly and efficiently, enhancing their response effectiveness.

Secondly, the suite includes Threat Investigator, an AI-powered automated investigation feature that helps manage and prioritize threat alerts by providing comprehensive details about threats and recommending automated response actions for quick mitigation. By automating the data mining processes across various security systems, Threat Investigator reduces the manual effort required for alert investigation, enabling faster response times. The suite also combines essential threat detection, research, and response technologies. Built on an open hybrid cloud platform (OpenShift), it enables extensive interoperability with over 900 pre-built integrations and has a comprehensive partner ecosystem. Leveraging MITRE and SIGMA natively, the suite allows security teams to adapt and keep pace with attackers seamlessly.

Thirdly, it offers flexible purchase options. Customers can obtain individual components separately or as a comprehensive suite. While most components are delivered as a service through AWS, the SIEM component is initially present on the IBM Cloud. It becomes available on AWS at the end of June, allowing for streamlined deployment, enhanced visibility, and seamless integration across cloud environments and data sources. In addition, the modular design of the suite enables customers to start using it with their desired products and easily add additional components as needed.

As the market becomes flooded with specialized security solutions, an important question arises: Who can effectively integrate and manage all these different solutions? Cisco is making changes to position itself as a leading contender. As a comprehensive solution provider, Cisco can fill gaps in the cybersecurity landscape and ensure a cohesive approach to security, especially cloud security. It is building and integrating its portfolio of offerings, for example, XDR, Umbrella, Duo, Talos, many others, and now Armorblox.

As threats evolve, security efforts have shifted from solely preventing incidents to investigating them quickly and anticipating future risks. With IT environments now comprising interconnected networks, communication tools, mobile devices, cloud applications, and more, security is a top priority. Techaisle data shows that security is an IT priority for 74% of small businesses, 85% of SMBs, and 100% of midmarket firms. Endpoint security is already relatively widely adopted by SMBs. In addition, security suppliers have made headway in gaining customers for mobile hardware and access control security services. While Endpoint Detection and Response (EDR) tools are helpful, their capabilities are limited to detecting and responding to threats on endpoints and servers. Prevention remains the best approach to security, but detection is essential.

Cisco’s new XDR technology presents exciting opportunities for business growth by leveraging its vast network infrastructure and customer data to tackle security challenges. To strengthen its position in the security industry, Cisco is streamlining its go-to-market strategy and investing in partnerships to unify its cybersecurity offerings. Its partner growth strategy includes upgrading firewalls and refreshing products for existing customers, offering competitive pricing and margins to win new business, and introducing new partner offers for Security Operations Centers, such as Managed Detection and Response using Cisco XDR.

Cyberattacks targeting small and medium-sized businesses (SMBs) have increased, particularly ransomware and DDoS attacks. Implementing multi-factor authentication (MFA) safeguards employee identities and credentials. However, only 16% of SMBs and 25% of midmarket firms use MFA enterprise-wide. Similarly, only 13% of SMBs and 16% of midmarket firms have adopted single sign-on. However, the intent to adopt is significantly higher. Cisco offers MFA and single-sign-on (SSO) through its Duo offering, introducing innovations such as passwordless and risk-based authentication and Verified Duo Push. In addition, Duo has made security more accessible by integrating its Duo Trusted Endpoints capability into all service tiers, allowing users to restrict access only from corporate-managed devices or devices registered with Duo. This helps prevent unauthorized access attempts from unknown devices. In the advanced tiers, users can also assess the devices’ health before granting access and block risky or non-compliant devices, such as those running out-of-date software.

Securing endpoints and servers is essential for organizations, but cybercriminals are finding ways to bypass these measures through covert attacks. Instead of directly targeting high-value assets in data centers, they gain access through laptops and move laterally through the network. As a result, relying solely on an EDR solution or a firewall is not enough to detect and prevent cyberattacks. To fully protect IT infrastructure, it’s necessary to integrate prevention, detection, and response technologies into a single solution. This is where Extended Detection and Response (XDR) comes in, providing a comprehensive approach to security.

XDR builds upon the concept of EDR and expands its scope. It goes beyond the endpoint and server by integrating data from various security tools, including firewalls, email gateways, endpoint, network, identity, DNS, public cloud tools, and mobile threat management solutions. While it is possible to connect these components manually, a comprehensive XDR solution is designed to function as a unified system wherein components are interconnected and work together seamlessly to optimize threat detection and response workflows. Cisco's XDR solution in one such system.

Dell’s recent enhancements to its security portfolio address midmarket companies' specific security concerns and goals. Dell has significantly expanded its security portfolio with in-house capabilities and partnerships to enhance its threat protection, management, and incident response capabilities. The company’s new additions are crucial in addressing mid-market businesses' security challenges. According to Techaisle data, cybersecurity prevention investments are the highest technology priority for core and upper midmarket firms. With an average spending increase of 8.6%, 64% of midmarket firms are boosting their investments in cybersecurity solutions. The main reason for this spending increase is advanced threats and the rise of remote working, as reported by 61% of firms. In today's digital environment, cyberattacks are becoming increasingly prevalent and sophisticated, posing a threat to companies of all sizes. The traditional approach to security revolved around building higher cyber walls, hoping that no one would cross them. However, in the last ten years, attackers have found ways to breach these walls, making it necessary to have preventive strategies in place. Businesses must therefore prepare for the possibility of breaches and their potential impacts. Consequently, they must have a comprehensive security portfolio that offers end-to-end protection – from detecting and preventing threats to minimizing the damage in the event of a breach and helping users recover their data.

Mid-market enterprises are particularly susceptible to cyberattacks due to their limited resources compared to larger organizations. They face the same challenges as their larger counterparts but require more resources to defend themselves. To address these challenges, mid-market businesses need a security portfolio that can protect their operations from cyberattacks and minimize the risk of financial and reputational damage, especially as cyber threats become increasingly sophisticated. This article examines how recent updates to Dell’s security solutions portfolio can help mid-market businesses navigate the evolving threat landscape and enhance their protection capabilities.

OpenText's transformation from a Canadian document management company to one of the world's leading software providers is nothing short of remarkable. The driving force behind its growth has been a focus on cloud-based solutions, which led the company to go on an acquisition spree, bringing several specialized companies/brands under its umbrella. Cybersecurity is one arena where OpenText has taken a deliberate approach over the last decade with multi-billion dollars of capital investment to bring together critical purpose-built solutions to provide holistic coverage to its customers.

The company’s acquisition of data protection provider Carbonite (ninth cloud-specific acquisition overall) and endpoint/threat intelligence software provider Webroot marked a significant milestone in its quest to create a single, unified, and robust security portfolio.

With the Carbonite and Webroot acquisitions, OpenText became a go-to option for managed service providers (MSPs) and small and medium businesses (SMBs) seeking a one-stop shop for security and data protection, filling a void in the market with its broad portfolio. Experts have opined on OpenText’s offerings: “It's one vendor, one brand, one program, one partner strategy, one go-to-market, so small customers and partners don't need to work with multiple vendors. OpenText Cybersecurity can provide all of it."

However, this was just the beginning. OpenText's subsequent acquisitions of email encryption software provider Zix, security software provider AppRiver, Network Detection and Response provider Bricata, and enterprise software provider Micro Focus further strengthened its position in cybersecurity. The approach to consolidate all security and data protection services in a single platform – serving as the foundation to deploy the right capabilities and manage and administer their environment has made things easier for customers of all sizes. In addition, OpenText's comprehensive portfolio provides a robust and reliable option for businesses seeking to enhance their cyber resiliency. In the following sections, we will explore OpenText's trajectory to becoming one of the leaders in the cybersecurity domain.