IBM has expanded its containerized software portfolio with a threat detection tool, named Cloud Pak for Security. The tool is designed to increase the productivity of network security teams by simplifying threat searches.
Cloud Pak for Security helps teams to detect threats in their company’s infrastructure. To do so, it uses, among other things, a search function that detects traces of malware on employees’ devices.
This search function makes it possible to simultaneously search for signals of a breach of the on-premise endpoints, cloud deployments and security applications in a single search. Like this, administrators don’t have to search every single system. As a result, threats can be detected earlier.
Organising data points
All data points are then organised using a case management system. This should make it easier to analyse incidents.
After organising the data points, administrators can set up workflow templates to handle common tasks. It is also possible to connect to the Ansible platform, with which ‘automation playbooks’ can be created.
These playbooks activate a series of predefined actions, in order to respond to specific incidents. For example, a playbook can isolate a server from the rest of the network if malware is found on it.
Cloud Pak for Security is, as mentioned before, a containerised tool and is therefore also available as a software container. Furthermore, the tool has an integration with the Red Hat OpenShift application platform.
OpenShift makes it possible for administrators to automate important management tasks using Kubernetes. IBM acquired the platform after taking over Red Hat for 34 billion dollars last year. As a result, Ansible, which is also a Red Hat product, also became the property of IBM.
IBM now has a whole family of Cloud Paks that are integrated into OpenShift. These products come in different categories, such as analytics, middleware and application integration.