RiskIQ launched RiskIQ PassiveTotal App For IBM QRadar, which integrates with IBM security intelligence technology to achieve fully integrated external threat context to security incidents. Joint customers can accelerate incident remediation seamlessly by accessing internet datasets as they investigate offenses in IBM QRadar.
RiskIQ scans and collects external internet data at massive scale—datasets the RiskIQ’s PassiveTotal App uses to create a feedback loop in which QRadar is constantly being updated with the latest threat data.
The new application is freely available to the security community through the IBM Security App Exchange, a marketplace where developers across the industry can share applications based on IBM Security technologies. As threats are evolving faster than ever, collaborative development amongst the security community will help organizations adapt quickly and speed innovation in the fight against cybercrime.
RiskIQ PassiveTotal App For IBM QRadar leverages IBM Security QRadar, the company’s security intelligence platform which analyzes data across an organization’s IT infrastructure in real-time to identify potential security threats. Leveraging QRadar’s new open application programming interfaces (API), RiskIQ PassiveTotal App For IBM QRadar allows users to reduce the number of alerts they need to manage, speed up incident response and prevent cyberattacks.
“You cannot prevent attacks on—and from—assets you don’t know about,” said Elias Manousos, CEO of RiskIQ. “RiskIQ’s PassiveTotal increases the visibility your IBM QRadar security intelligence deployment has while you perform your analysis and incident response. By bringing in key external data elements you can reduce the time to resolution, as well as time to detection for the threats coming your way, all from within the IBM QRadar interface.”
RiskIQ PassiveTotal App For IBM QRadar uses RiskIQ reference sets, which are created automatically, make the integration completely bi-directional, enabling the security operations team to create IBM QRadar rules based on external internet data and thus get automatically alerted to offenses. As the alert is triaged and put into an incident response workflow, the external information is available for fast resolution. Data enrichment applied to both threat detection and IR functions benefits the security team as a whole.