Attacks/Breaches
2/29/2016
08:50 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

IBM To Buy Resilient Systems In Bid To Build Incident Response Capabilities

Company has also launched a new incident response service and entered into a partnership with Carbon Black.

IBM Monday announced plans to acquire incident response provider Resilient Systems for an undisclosed sum and launch a new incident response service as part of a broader effort to boost its capabilities in the fast growing market for such capabilities.

IBM also announced a partnership with endpoint security provider Carbon Black under which IBM will use the latter’s incident protection and response technologies to deliver remote incident response services to enterprise customers.

The acquisition and partnership are part of an IBM effort to build services for responding to security incidents in a timely, organized and coordinated manner, Caleb Barlow, vice president of IBM Security, said in comments to Dark Reading. IBM customers are increasingly demanding such capabilities, he says.

Resilient Systems offers a response management platform that is designed to let security teams automate response processes and resolve security incidents more effectively. The company describes its technology as enabling organizations to develop dynamic action pans for nearly 20 different incident scenarios from malware and denial of service attacks to lost devices.

Resilient’s platform is designed to walk enterprise security teams through the incident response process and supports comprehensive analytics, dashboards and reporting features. With headquarters in Cambridge, MA, Resilient employs around 100 people and claims numerous customers among Fortune 500 companies as well as small and mid sized businesses in the financial services, healthcare, retail and government sectors.

Once the acquisition is finalized, Resilient’s Incident Response Platform will complement IBM’s existing QRadar security intelligence platform to create a comprehensive security operations and response capability, Barlow says. IBM’s new X-Force Incident Response Services will be based on iResilient Systems’ as well as IBM’s existing QRadar security incident and event management (SIEM) platform.

“It will also include remote incident response capabilities via our technology partnership with Carbon Black,” Barlow said. Carbon Black’s technology will enable IBM security analysts to conduct forensics on compromised endpoint devices, determine where a breach first occurred, map it across other devices, contain it quickly, and shut it down, Barlow says.

The Resilient purchase gives IBM a way to unite the technical and business aspects of incident response said David Monahan, an analyst with Enterprise Management Associates in an analyst note. With the acquisition, IBM will have a comprehensive set of capabilities ranging from incident detection and forensics to analysis, remediation, process management, resource coordination and communications, he said.

The dramatic rise in mega security breaches in recent times has heightened the need for organizations to have capabilities for quickly detecting and mitigating security incidents. Numerous recent studies and surveys have shown that one of the biggest challenges enterprises face these days is in knowing when they have had a security incident and then having a process for responding to and mitigating it.

“Organizations of all sizes can no longer afford to under-service or ignore incident response,” Monahan said. “IR must move beyond a loose semblance of scattered, incomplete, outdated, and untested documentation to an actual programmatic collection of documentation and tools.”

In a study of 600 organizations conducted last year by the Ponemon Institute, 75 percent said they were not prepared to deal with a security incident. Only 30 percent had a formal incident response plan in place while an even smaller 17 percent had an incident response plan that was applied consistently across the enterprise.

Related Content:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: just wondering...Thanx
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.