Resilient Systems has extended f its Incident Response Platform (IRP), which integrates with IBM security intelligence technology. This allows security teams to efficiently streamline the process of escalating security incidents between IBM Security QRadar and the Resilient IRP. Joint customers will now have access to immediate, actionable response playbooks. Resilient Systems’ IRP is freely available to these organisations and their security teams through IBM Security App Exchange, a marketplace where developers across the industry can share applications based on IBM Security technologies. As threats evolve faster than ever, collaborative development amongst the security community will help organisations adapt quickly and speed innovation in the fight against cybercrime. The new application leverages IBM Security QRadar, the company’s security intelligence platform, which analyses data across an organisation’s IT infrastructure in real time to identify potential security threats. Leveraging QRadar’s new open application programming interfaces (APIs) allows Resilient and IBM customers to quickly escalate incidents from QRadar directly into the Resilient platform.
Once an incident is escalated from IBM Security QRadar, the Resilient IRP generates a detailed, customised response plan that empowers team members to act quickly to mitigate any threat. Additionally, users can import and track artifacts and Indicators of Compromise (IOCs), and leverage built-in threat intelligence feeds – including IBM X-Force Exchange – to gain valuable context that informs an intelligent and decisive response.
“Organisations realise they need to respond to cyber incidents faster; improving their ability to respond directly effects their resilience in the face of attacks.” said John Bruce, co-founder and CEO of Resilient Systems. “Integrating with IBM Security’s QRadar gives our joint customers the edge they need to analyse, respond, and resolve threats quickly and effectively.”
This integration provides two ways to create incidents from QRadar within the Resilient platform: manually and automatically. In the manual escalation workflow, users can send incidents to the Resilient Systems application from the QRadar Offenses screen. Additionally, they can add IP address artifacts to existing Resilient incidents. In the automatic escalation workflow, users configure the conditions for QRadar to send offenses to Resilient automatically.
Joint Resilient Systems and IBM customers can benefit from this integration immediately by integrating the Resilient Incident Response Platform with IBM Security QRadar through the IBM Security App Exchange.