Enrich IBM Security® QRadar® SOAR Playbooks

Tufin SecureTrack+, SecureChange+ and Enterprise provide customers with a fine-grain view of the security and compliance posture of their network security devices, application context and the ability to automate change management to remediate risky configurations. Beyond using Tufin for intelligence network access management, a popular extended use case is SOAR playbook enrichment.

Tufin enriches SOAR playbooks with its unmatched network topology and connectivity intelligence. Details regarding the network access, path analysis, compliance status, device inventory and blast radius are some of the use cases that are made available as playbooks to IBM Security SOAR by Tufin, thus enabling the security analysts to correlate and view incidents from the viewpoint of the network.

Access and Connectivity Insights for Informed Incident Response Automation

The IBM QRadar playbooks help reduce manual back-and-forth incident response steps across third-party orchestration and automation tools. Tufin provides network context to further reduce manual back-and-forth analysis and improve dynamic playbooks.

Proper context is vital for reliable automated workflows and decision making. Unreliable or incomplete contextual information gathered during the triage and investigation stage of an incident can lead to weak decisions, resulting in loss of efficiency, or worse, a potential security incident remaining undetected. The dynamic nature of today’s modern enterprises means that static network documentation, such as spreadsheets of configuration databases, are inefficient and obsolete by the time they are used in a production environment.

Centralized Visualization and Path Analysis

Scoping potential security incidents across a hybrid, heterogeneous infrastructure manually is tedious and nearly impossible. Tufin enables teams to build topology maps that detail connectivity across an entire hybrid network. The map shows source-to-destination traffic routes, information which Tufin accesses to determine if the traffic is permitted by policy. Automated workflows escalate higher-risk events so security teams never waste their time on what could be automated.


What can I do with an IBM Resilient - Tufin integration?
  • Visualize network topology and application connectivity to provide investigators with enhanced visibility to assess the possible scope of an incident quickly and accurately
  • Automatically initiate, design and implement network access changes using playbooks and Tufin workflows (e.g. to contain potentially infected systems)
  • Maintain compliance and adherence to established change control processes throughout the incident, with full auditability.
How does Tufin enrich common SOAR use cases with IBM Resilient?

Tufin provides network topology and connectivity intelligence to improve the accuracy of criteria that would trigger a workflow. For example, if there is an alert because malware was detected on a server, Tufin network data can provide context to determine urgency and potential impact. If the server is not exposed to the Internet, that might be a lower priority than compromises on machines that are exposed to the Internet. Likewise, Tufin can provide connectivity intelligence to identify all systems that compromised server as access to.

What is IBM Security SOAR (formerly Resilient)?

It is a security orchestration and automated response solution (SOAR). It consolidates case management, automation, real-time collaboration and the management of threat intelligence to serve security teams throughout the incident lifecycle.

IBM Security SOAR has repositories on github that feature content packs, Python APIs, reference documentation, and more

IBM Security SOAR also enables security teams to:

  • Automate case management for security or privacy events
  • Automate and document incident response plans
  • Establish an incident response platform where teams can prepare for privacy breaches and enact remediation
  • Easily integrate the SOAR platform with hundreds of integrations beyond Tufin
  • Streamline automation configuration for faster, more accurate playbook creation
  • Integrate malware analysis into incidents
  • Perform threat enrichment for incidents before security analysts even begin
  • Easily facilitate QRadar integration with SIEM applications like Splunk or Microsoft Azure Sentinel
  • Customize application templates for supported offense fields
What other solutions does Tufin integrate with with to improve security operations and incident response?

Tufin has the broadest ecosystem of api integrations, including the major SOAR platforms, SIEM solutions, vulnerability management tools, such as Tenable, ITSM solutions for end-to-end automation, such as ServiceNow and more.

Related Resources

Get the visibility and control you need to secure your enterprise.

Only Tufin provides automation and a unified security policy, from on-prem to cloud, across NetSec and DevOps.