IBM Corp. today revealed the latest addition to its lineup of containerized software offerings: a threat hunting tool called Cloud Pak for Security that promises to boost the productivity of network protection teams. 

The product is delivered as a software container and comes integrated with the Red Hat OpenShift application platform. OpenShift lets administrators automate key management tasks using Kubernetes. IBM has an entire family of OpenShift-integrated Cloud Paks that span product categories such as analytics, middleware and application integration.

Cloud Pak for Security is designed to help network protection teams find threats lurking in their companies’ infrastructure. The tool’s flagship feature is a search function that surfaces items of interest such as malware signatures on employee devices. IBM said that administrators can simultaneously search for breach signals across their on-premises endpoints, cloud deployments and security applications with a single request instead of having to separately query each system, which can speed up threat detection.

The retrieved data points are organized by a case management system to ease incident analysis. From there, administrators can create workflow templates to help them handle common tasks and, if they need more advanced automation features, connect to the open-source Ansible platform. 

Ansible provides the ability to create “automation playbooks” that trigger a sequence of pre-set actions in response to specific events. For instance, a company can create a playbook that isolates a server from the rest of the network in the event of a malware infection. Automating parts of the threat response workflow this way in not only speeds up threat response but theoretically also reduces the risk of human error since fewer steps require manual input. 

Mary O’Brien, the general manager of IBM Security, described Cloud Pak for Security as an alternative to the “costly, complex integrations and manual response plans” companies have historically had to build. She said the tool is aimed at enabling  a “more connected” approach to security by allowing administrators to look for threats across disparate systems centrally.  

Ansible and OpenShift, which power Cloud Pak for Security’s automation and container management features, respectively, are both technologies IBM obtained through its $34 billion acquisition of Red Hat Inc. The tool is just the latest example of how the company is monetizing the deal. Earlier this year, IBM inked a $2 billion cloud contract with AT&T Inc. under which the carrier is set to standardize some workloads on OpenShift. 

IBM’s Mary O’Brien appeared on SiliconANGLE’s theCUBE mobile studio this year to discuss how the company is approaching the security market:

Photo: IBM