Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Leveraging Validated and Community Apps to Build a Versatile and Orchestrated Response Plan


Published on

IBM Resilient customers are building versatile, adaptable incident response playbooks and workflows with expanded functions and community applications – recently released on the IBM Security App Exchange.

With the new IBM Resilient community, you can collaborate with fellow security experts on today’s top security challenges, share incident response best practices, and gain insights into the newest integrations.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Leveraging Validated and Community Apps to Build a Versatile and Orchestrated Response Plan

  1. 1. Integrating Incident Response IBM RESILIENT INCIDENT RESPONSE PLATFORM 2018-10-31 Product Manager Hugh Pyle
  2. 2. 2 IBM Security About our Speakers Hugh Pyle, Product Manager IBM Resilient Jamie Cowper, Security Marketing Leader, Resilient IBM Resilient
  3. 3. 3 IBM Security Today’s Agenda • What’s new in Resilient v31 • Integrating IBM Resilient with the rest of your security operations tools ̶ Threat Intelligence ̶ Workflows and Functions ̶ IBM Security App Exchange • Integrations in practice: demonstrations
  4. 4. 4 IBM Security Resilient v31 • Local language versions: jp, kr, zh, zh-TW, it, fr, de, es, pt-BR, ru, en • Dashboard improvements: filters & aggregations • Privacy regulation updates • Disaster Recovery (DR) deployment tools • Audit & Logging improvements • Activity Fields in workflows • Many usability improvements to Python scripting
  5. 5. 5 IBM Security Resilient v31.0
  6. 6. 6 IBM Security 6 IBM Resilient: Leading With Intelligent Orchestration
  7. 7. 7 IBM Security IBM Resilient Intelligent Orchestration Ecosystem IBM-Validated and Supported Applications Community Applications Escalation • SIEM • Ticketing • IPS/IDS • UBA • DLP Communication and Coordination • Enterprise communications • Ticketing • Crisis management Containment, Response, Recovery • Endpoint • Ticketing • Next-generation firewall • Cloud Access Security Broker Identification and Enrichment • Endpoint • Sandbox • Threat Intelligence • CMDB Unlocks power of existing tools and technologies and increases security ROI and time to value. Enables faster and smarter response through shared IR knowledge, expertise, and resources. Code Examples Community-built scripts and automations Developer Tools and SDKs IBM Resilient-provided resources and documentation for building Resilient apps Playbooks and Workflows Incident response tasks lists and expertise from the Resilient community Integrations Applications that leverage your existing IT and security tools for IR Best Practices Community knowledge sharing, metrics, and reports 11
  8. 8. 8 IBM Security
  9. 9. 9 IBM Security
  10. 10. 10 IBM Security
  11. 11. 11 IBM Security IBM Security App Exchange & Community App Exchange Community App Exchange IBM Validated playbooks and integrations from IBM and technology partners Community-supplied playbooks and integrations Contributors can be… Technology Partners IBM engineers Customers IBM review activities… Functionality validation Security review Functional testing of use cases Functionality review Basic security review Support… Support is available from app vendor (by email or forum) Support may be available from app author NEW
  12. 12. Integrations in practice
  13. 13. 13 IBM Security Automatic Threat Lookup
  14. 14. Demo: QRadar Functions
  15. 15. Demo: Utility Functions
  16. 16. 16 IBM Security
  17. 17. 17 IBM Security Engage with other Resilient users Download the latest technical content Access insights into new releases
  18. 18. @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. FOLLOW US ON: THANK YOU