Security Operation Centers (SOCs) today are complex environments. They often have too many separate tools, uncoordinated analysts in the response process, and confusion around alert prioritization. Because of this, SOCs consistently struggle responding to the most urgent incidents.
The integration between IBM Resilient and Carbon Black helps SOCs overcome these challenges. IBM Resilient’s Intelligent Orchestration combined with Carbon Black Response provides a single view for all relevant response data and streamlines the entire security process. This makes it simpler for analysts to quickly and efficiently remediate cyberattacks.
Join experts Chris Berninger, Business Development Engineer, Carbon Black, and Hugh Pyle, Product Manager, IBM Resilient, for this webinar, to learn:
- How the IBM Resilient-Carbon Black integration works within your SOC to accelerate incident response improvement
- Strategies to implement Intelligent Orchestrate and automation into your incident response process
- Actions that can be taken today for maximizing the effectiveness of your SOC
4. 3
About our speakers
Chris Berninger, Business Development
Engineer
Carbon Black
Hugh Pyle, Product Manager
IBM Resilient
5. 4
The Market Leader in Incident Response
Next-Generation IR Platform with Intelligent Orchestration
Largest and most trusted IRP
install base in the world
Only incident response
platform with built-in
intelligent orchestration
Part of the largest
enterprise security
organization in the world
More than 300 customers globally
Customers in more than 30 countries
IBM Resilient Partner Ecosystem delivered
through IBM Security App Exchange
Technology-agnostic platform delivers
enterprise-grade integrations with IT and
security tools
Includes orchestration and
automation capabilities
Resilient is the hub of IBM Security’s
Immune System
Expanding customer support and
services resources
8. 11
Intelligent Orchestration – Drive response. Improve security
Orchestration ecosystem
• Validated integrations, delivered and
supported via IBM Security AppExchange
• Community integrations, playbooks, and
best practices
• Developer community and toolkits for
integrations and automations
Orchestration and automation
• Guided response
• Dynamic Playbooks
• Customizable business logic
• Drag-and-drop visual workflow editor
Best practices and IR expertise
• Privacy and compliance regulations
• Data breach notification reporting
• Customizable industry-standard playbooks
(NIST, CERT, SANS)
Threat intelligence and incident enrichment
• Custom threat intelligence feeds
• Visualization of incident and artifact
relationships
• Automated enrichment from
integrated SIEM,EDR, and others
Collaboration
• Email collaboration
• Task allocation and accountability
• News feed and activity dashboard
Incident escalation, creation, and
management
• Incident ingestion and escalation
• Customizable incident management
• Central incident system of record
Team management
• Metrics and KPIs
• Analytics dashboard and reporting
• Simulations
• Workspaces
• Role-based access control
ORCHESTRATION &
AUTOMATION
AI & HUMAN
INTELLIGENCE
CASE
MANAGEMENT
INTELLIGENT
ORCHESTRATION
INTELLIGENT
ORCHESTRATION
9. IBM-Validated
and Supported
Applications
Community
Applications
Escalation
• SIEM
• Ticketing
• IPS/IDS
• UBA
• DLP
Communication and
Coordination
• Enterprise
communications
• Ticketing
• Crisis management
Containment, Response, Recovery
• Endpoint
• Ticketing
• Next-generation firewall
• Cloud Access Security Broker
Identification and Enrichment
• Endpoint
• Sandbox
• Threat Intelligence
• CMDB
Unlocks power of existing
tools and technologies and
increases security ROI and
time to value.
Enables faster and smarter
response through
shared IR knowledge,
expertise, and resources.
Code Examples
Community-built scripts
and automations
Developer Tools and
SDKs
IBM Resilient-provided
resources and
documentation for building
Resilient apps
Playbooks and
Workflows
Incident response tasks
lists and expertise from
the Resilient community
Integrations
Applications that leverage
your existing IT and security
tools for IR
Best Practices
Community knowledge
sharing, metrics, and
reports
11
IBM Resilient Intelligent Orchestration Ecosystem
10. SEPARATE
TOOLS
ISOLATED
TEAMS
The result – delayed response to urgent incidents
UNCERTAIN
PRIORITIES
Dependent on many
disjointed security
solutions to protect
environment
SOC, IT, and Operations
teams are not
coordinated and up-to-
date
Misalignment of
systems and goals
complicates
prioritization and
planning
Challenges of SOC Management
11. Combine the Right People with the Right Data at the Right Time
1
Consolidate
tools working together
with shared data
Streamline
communication across
essential teams
Empower
and augment SOC
analyst decisions
2 3
How to Accelerate SOC Transformation
13. KEY BENEFITS: CB RESPONSE + IBM RESILIENT
Remote
Remediation
Improved
Context
Leverage rich endpoint
data and threat intel
Remediate issues by
banning specific
artifacts
Accelerated
Response
All IR data available from
a single pane of glass
Key Benefits: Cb Response + Resilient IRP
14. Cb Response detects
threat and alerts Resilient
Resilient pulls relevant
artifact data from Cb
Response
Malicious event takes
place on the endpoint
Resilient automatically
creates an incident
User reviews incident
and triggers Cb
Response to ban files
directly from Resilient
Accelerating a SOC Workflow
15. Rich Endpoint Data
System Health Lookups
Industry-Leading Threat Intel
Artifact Ban Requests
Root Cause Visualization
Cb Response + Resilient IRP: How it Works
16. Follow link to
Attack
Visualization in Cb
Response
Ban files directly
from Resilient via
Cb Response
Automatically
orchestrate
standard response
steps
1 2 3
Accelerating SOC Response
Based on centralized data, you can:
17. Carbon Black Query Results
• Follow link to Attack
Visualization in Cb Response
• Ban files directly from
Resilient via Cb Response
• Automatically orchestrate
standard response steps