Gain seamless orchestration, automation and visibility for granular control of security events
The Five major capabilities of X-Force Threat Management are derived from integrated services that feed collected data into a central integrated platform. These components work together to help provide for seamless orchestration, automation and visibility, allowing granular control of security events and incidents through their entire lifecycle, and include:
- Threat insight utilizes IBM X-Force Incident Response and Intelligence Services (X-Force IRIS), IBM X-Force Red offensive testing and vulnerability management, and X-Force Research and Threat Intelligence, with support from machine learning (with IBM Watson®) for mining of data within each client environment as well as across the IBM Security client portfolio.
- Threat prevention utilizes managed network security tools and X-Force expertise to define threats, identify suspicious behavior patterns and make policy recommendation at any point in the threat management lifecycle
- Threat detection (including threat monitoring, validation, threat analysis and modeling) uses client technologies such as SIEM tools integrated with X-Force Protection Platform to provide capabilities such as searching for known malware. Increasingly, it also encompasses anomaly detection by analyzing user, network, asset and transaction behavior using cognitive technologies. A contemporary mobile experience provides clients access to the information they need, when they need it.
- Threat response utilizes the incident response capability of X-Force Protection Platform integrated with IBM Resilient, supporting enrichment as well as dynamic orchestration based on incident variables to affect threat response actions. To speed the response to threats, it also offers patented risk scoring and automation based on policy.
- Threat recovery utilizes X-Force IRIS and IBM Resiliency Services to help return affected systems to their previous state post-incident, and IBM X-Force IRIS Incident Planning for pre-incident resiliency preparation.
For the core operating capabilities of detection and response, three scalable levels of threat management are globally available, so security needs can be addressed more efficiently for clients of virtually any size, practically anywhere in the world:
- Level 1 provides threat monitoring and detection, security issue verification with automated client notifications, and possible automated mitigation responses. Level 1 processing is highly influenced by cognitive processing, augmented by human analysis and intervention. Due to the time-intensive nature of monitoring, always-on expert monitoring is a key reason for any enterprise to adopt MSS. Not all security events or alerts represent actual threats, so verifying the validity of alerts before investigating and mitigating them helps save time.
- Level 2 experienced security analysts investigate suspicious activities, analyzing confirmed security problems, enriching the understanding of the incident, and making recommendations for further action based on the severity of the threat, the business context of the incident, and the relative priority of all other open incidents.
- Level 3 security analysts act on the intelligence that has been gathered and the recommendations of Level 2 personnel to mitigate or contain the threat and hunt down potentially parallel issues that may have gone undetected in other parts of the environment.
These IBM security operations center (SOC) analysists use both IBM and IBM associated technologies at the endpoint or network layer to respond to incidents. All response actions are orchestrated through predefined procedures and include client communication and involvement to help reliably deliver desired outcomes.
Conventional MSS offerings usually focus on network traffic and core data stores. In contrast X-Force Threat Management considers the enterprise information environment as a whole—addressing security implications of the application layer; the data held throughout the enterprise; people (including employees, administrators and other system users); and infrastructure (both hardware and architecture).
Its platform-agnostic design provides integration with products from an extensive ecosystem of partner solutions including Carbon Black, Crowdstrike, Palo Alto Networks, Cisco, Checkpoint, Fortinet and more.
X-Force Protection Platform integrates capabilities to address each stage of the threat management lifecycle—and the global presence of IBM, which is staffed by empowered, skilled IBM Security employees. X-Force Threat Management can deliver a better experience for enterprise clients by addressing the entire threat ecosystem with continually updated service offerings and features.
This next-generation approach can provide security expertise in threat identification, prevention, detection, response and recovery. IBM can deliver all of these capabilities or the client organization can perform some of them.
For organizations that have already deployed security monitoring tools from other vendors such as Splunk or ArcSight, IBM adopts a vendor-agnostic viewpoint and can link smoothly with these SIEM products. IBM also integrates IBM-associated technologies to ease the adoption of these next-generation services.
X-Force Threat Management offers consumption-based pricing along with pricing, packaging and options suitable for midsized and large enterprises. This pricing enables organizations with smaller security demands to tailor their spending while getting the same expertise as the most demanding enterprises. Integral to this delivery are IBM X-Force Command Centers around the world, which enable IBM specialists to provide nonstop threat management services.
For more information
To learn more about IBM X-Force Threat Management, please contact your IBM representative or IBM Business Partner, or visit: ibm.com/security/services/threat-management
This diagram illustrates the X-Force Protection Platform supported by a powerful partner ecosystem delivering reduced false positives with 15 minute service level agreements (SLA)