Story image

Inside the Check Point & IBM collaboration: What's in store for the future of cyber defence

23 Aug 17

IBM and Check point are taking their longstanding partnership further into the cybersecurity industry by helping mutual customers boost their threat protection programmes.

IBM Security Intelligence detailed the partnership in a blog last week, which points out that threats are at an all time high, and the two companies have teamed up to find the solutions.

According to IBM, it recommends a three-C-step approach to cybersecurity. Cognitive solutions that can understand, reason and learn; cloud systems that have built-in security in their architecture; and collaboration within industry, such as intelligence sharing, to fight back against cyber criminals.

Check Point launched an event monitoring app on IBM’s App Exchange platform, which is able to consolidate monitoring, logging, reporting and event analysis into one app. The app, SmartView for QRadar, delivers network and security events from Check Point devices to QRadar for forensic analysis through a unified console, the company says.

“Security is proving to be best played as a team sport, with trust and open communication among fellow players as a best practice for winning. We’re taking the next step in collaboration and are thrilled to have Check Point as a security partner to join and support this new ecosystem,” IBM says in a blog.

In an IBM Security podcast, Deepraj Emmanuel Datt, solution design leader at IBM Security Services Asia Pacific, says that the practices across people, process technology process must be tightened.

“Hygiene is not necessarily building a fortress, and that’s something we’ve seen through our application modernisation exercises,” he says.

Evan Dumas, Check Point’s head of Emerging Technologies for APAC, Middle East and Africa, says that vendors such as IBM and Check Point collect a lot of intelligence.

He mentions that organisations need to layer specific targeted intelligence over their security solutions. This can include looking across the clear web, deep web and dark web for their people, assets and their brands.

“Typically, some of the senior-level people are all being targeted at some level. When you collect intelligence it’s interesting, but what makes it useful is when you deliver it into your architecture,” he says in the podcast.

Datt adds that end-to-end integration and visibility are important in any organisation.

He explains that IBM and Check Point are working together, particularly in the area of Security Information and Event Monitoring (SIEM) tools.

“So if an endpoint detects something malicious, a ticket is generated and manually escalated to SIEM. The SIEM looks at it and may take time to act upon it. Then the incident response platform needs to be manually activated for remediation. The entire process could take a lot of time and has manual intervention. Does the organization have this much time?” IBM asks in the blog.

Datt comments that automation has a major effect on how effective any solution is.

Dumas explains that Check Point uses advanced evasion technology to catch attacks. This information flows into QRadar and Watson to find a practical remediation strategy.
Datt concludes that countries such as Indonesia and Malaysia are in great need for those kinds of technologies.

“The enterprises there literally work in siloes to be able to have endpoint monitoring, SIEM event monitoring and looking at what the execution plan is.”

He believes that the partnership will be able to bring strong security solutions to these enterprises.

How to stay safe when shopping online
Online shopping is a great way to avoid the crowds – but there are risks.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Why data backups should be a part of daily operations
"Disaster recovery needs to address complete system failure and provide a set of security policies to govern disaster incidents."
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
GCSB welcomes Inspector-General's report on intelligence warrants
Intelligence warrants can include surveillance, private communications interception, searches of physical places and things, and the seizure of communications, information and things.
Corelight and Exabeam partner to improve network monitoring
The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
SailPoint releases first identity annual report
SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."