IBM Security QRadar SOAR (formerly IBM Resilient) Integration
IBM Security SOAR is a security orchestration, automation and response platform that helps security teams and security operations teams to create and manage incident response playbooks across a diverse infrastructure.
Enrich IBM Security® QRadar® SOAR Playbooks
Tufin SecureTrack, SecureChange and Enterprise provide customers with a fine-grain view of the security and compliance posture of their network security devices, application context and the ability to automate change management to remediate risky configurations. Beyond using Tufin for intelligence network access management, a popular extended use case is SOAR playbook enrichment.
Tufin enriches SOAR playbooks with its unmatched network topology and connectivity intelligence. Details regarding the network access, path analysis, compliance status, device inventory and blast radius are some of the use cases that are made available as playbooks to IBM Security SOAR by Tufin, thus enabling the security analysts to correlate and view incidents from the viewpoint of the network.
Access and Connectivity Insights for Informed Incident Response Automation
The IBM QRadar playbooks help reduce manual back-and-forth incident response steps across third-party orchestration and automation tools. Tufin provides network context to further reduce manual back-and-forth analysis and improve dynamic playbooks.
Proper context is vital for reliable automated workflows and decision making. Unreliable or incomplete contextual information gathered during the triage and investigation stage of an incident can lead to weak decisions, resulting in loss of efficiency, or worse, a potential security incident remaining undetected. The dynamic nature of today’s modern enterprises means that static network documentation, such as spreadsheets of configuration databases, are inefficient and obsolete by the time they are used in a production environment.
Centralized Visualization and Path Analysis
Scoping potential security incidents across a hybrid, heterogeneous infrastructure manually is tedious and nearly impossible. Tufin enables teams to build topology maps that detail connectivity across an entire hybrid network. The map shows source-to-destination traffic routes, information which Tufin accesses to determine if the traffic is permitted by policy. Automated workflows escalate higher-risk events so security teams never waste their time on what could be automated.
Visualize network topology and application connectivity to provide investigators with enhanced visibility to assess the possible scope of an incident quickly and accurately
Automatically initiate, design and implement network access changes using playbooks and Tufin workflows (e.g. to contain potentially infected systems)
Maintain compliance and adherence to established change control processes throughout the incident, with full auditability.
Tufin provides network topology and connectivity intelligence to improve the accuracy of criteria that would trigger a workflow. For example, if there is an alert because malware was detected on a server, Tufin network data can provide context to determine urgency and potential impact. If the server is not exposed to the Internet, that might be a lower priority than compromises on machines that are exposed to the Internet. Likewise, Tufin can provide connectivity intelligence to identify all systems that compromised server as access to.
It is a security orchestration and automated response solution (SOAR). It consolidates case management, automation, real-time collaboration and the management of threat intelligence to serve security teams throughout the incident lifecycle.
IBM Security SOAR has repositories on github that feature content packs, Python APIs, reference documentation, and more
IBM Security SOAR also enables security teams to:
Automate case management for security or privacy events
Automate and document incident response plans
Establish an incident response platform where teams can prepare for privacy breaches and enact remediation
Easily integrate the SOAR platform with hundreds of integrations beyond Tufin
Streamline automation configuration for faster, more accurate playbook creation
Integrate malware analysis into incidents
Perform threat enrichment for incidents before security analysts even begin
Easily facilitate QRadar integration with SIEM applications like Splunk or Microsoft Azure Sentinel
Customize application templates for supported offense fields
Tufin has the broadest ecosystem of api integrations, including the major SOAR platforms, SIEM solutions, vulnerability management tools, such as Tenable, ITSM solutions for end-to-end automation, such as ServiceNow and more.