Inside the Check Point & IBM collaboration: What's in store for the future of cyber defence
IBM and Check point are taking their longstanding partnership further into the cybersecurity industry by helping mutual customers boost their threat protection programmes.
IBM Security Intelligence detailed the partnership in a blog last week, which points out that threats are at an all time high, and the two companies have teamed up to find the solutions.
According to IBM, it recommends a three-C-step approach to cybersecurity. Cognitive solutions that can understand, reason and learn; cloud systems that have built-in security in their architecture; and collaboration within industry, such as intelligence sharing, to fight back against cyber criminals.
Check Point launched an event monitoring app on IBM’s App Exchange platform, which is able to consolidate monitoring, logging, reporting and event analysis into one app. The app, SmartView for QRadar, delivers network and security events from Check Point devices to QRadar for forensic analysis through a unified console, the company says.
“Security is proving to be best played as a team sport, with trust and open communication among fellow players as a best practice for winning. We’re taking the next step in collaboration and are thrilled to have Check Point as a security partner to join and support this new ecosystem,” IBM says in a blog.
In an IBM Security podcast, Deepraj Emmanuel Datt, solution design leader at IBM Security Services Asia Pacific, says that the practices across people, process technology process must be tightened.
“Hygiene is not necessarily building a fortress, and that’s something we’ve seen through our application modernisation exercises,” he says.
Evan Dumas, Check Point’s head of Emerging Technologies for APAC, Middle East and Africa, says that vendors such as IBM and Check Point collect a lot of intelligence.
He mentions that organisations need to layer specific targeted intelligence over their security solutions. This can include looking across the clear web, deep web and dark web for their people, assets and their brands.
“Typically, some of the senior-level people are all being targeted at some level. When you collect intelligence it’s interesting, but what makes it useful is when you deliver it into your architecture,” he says in the podcast.
Datt adds that end-to-end integration and visibility are important in any organisation.
He explains that IBM and Check Point are working together, particularly in the area of Security Information and Event Monitoring (SIEM) tools.
“So if an endpoint detects something malicious, a ticket is generated and manually escalated to SIEM. The SIEM looks at it and may take time to act upon it. Then the incident response platform needs to be manually activated for remediation. The entire process could take a lot of time and has manual intervention. Does the organization have this much time?” IBM asks in the blog.
Datt comments that automation has a major effect on how effective any solution is.
Dumas explains that Check Point uses advanced evasion technology to catch attacks. This information flows into QRadar and Watson to find a practical remediation strategy. Datt concludes that countries such as Indonesia and Malaysia are in great need for those kinds of technologies.
“The enterprises there literally work in siloes to be able to have endpoint monitoring, SIEM event monitoring and looking at what the execution plan is.”
He believes that the partnership will be able to bring strong security solutions to these enterprises.