IBM is moving into the endpoint detection and response (EDR) market with the acquisition of ReaQta.
IBM is positioning the announcement as part of its launch of an XDR product. Extended detection and response (XDR) has emerged in recent years as a unified enterprise security platform, a way for vendors to package their offerings together into a comprehensive cybersecurity solution.
But the more important impact of the acquisition may be on the EDR market, a cornerstone of IT security that IBM has lacked a native product in until now, instead partnering with more than a dozen of the top EDR vendors.
ReaQta, with a primary business office in the Netherlands and headquarters in Singapore, isn’t one of the better known names in the EDR space, but it has been working on the right technology for a cyber threat landscape full of advanced persistent threats, zero-day threats and ransomware, among other advanced attack tactics. ReaQta calls its technology an “AI Autonomous Detection & Response platform,” with automated threat hunting features and behavioral threat detection that the company says isn’t burdened by complexity.
IBM said ReaQta’s platform “leverages a unique ‘Nano OS’ that monitors the operating systems from the outside, helping to prevent interference by adversaries.”
ReaQta turned in a decent, if unspectacular, performance in recent independent testing by MITRE. That was ahead of a few better-known names, however. User reviews are few in number but positive.
See our picks for the Top EDR Products
IBM’s ‘Open’ XDR
In a nod to its history of partnerships in the security market, IBM said its XDR suite takes an “open approach that extends across disparate tools, data and hybrid cloud environments.”
IBM QRadar XDR is built on IBM’s cloud-native security platform, Cloud Pak for Security. Big Blue said the new XDR offering “will help streamline threat detection and response workflows whether in the cloud or on premises,” giving security teams the “insights and automation they need to act quickly.”
Core products of the new XDR offering are QRadar SIEM and QRadar Network Insights, and ReaQta’s EDR tools will join the lineup when the acquisition closes later this year.
To make good on the promise of interoperability, IBM also unveiled XDR Connect, which helps companies connect and automate threat detection and response across their existing security tools, “helping businesses capitalize on existing investments.”
IBM said XFR Connect “offers a centralized management of security incidents with pre-defined detection and response rules via more than 30 open source, pre-built integrations, and data connectors.”
“Complexity has created a cloak that attackers are operating under, furthering their ability to circumvent defenders,” IBM Security General Manager Mary O’Brien said in a statement. “The future of security is open, using technologies that can connect the security insights that are buried across disparate tools and advanced AI to identify and automatically respond to threats more quickly across their entire infrastructure, from endpoint to cloud. With our expanded capabilities via QRadar XDR and the planned addition of ReaQta, IBM is helping clients get ahead of attackers with the first XDR solution that reduces vendor lock-in via the use of open standards.”
IBM’s security business is hard to quantify, spread across a number of business lines like software and services. But the company has a number of standout products. Nine have made our top security products lists, while IBM itself is one of our top cybersecurity companies.
See our picks for the Top XDR Solutions