Light Dark
November 22, 2016 By Chris Meenan 3 min read
Intelligence & Analytics
Threat Intelligence
X-Force

IBM launched its IBM Security App Exchange at the tail end of 2015, so it has been live for almost a year now. We always thought the App Exchange had significant potential, but we’ve been blown away by its success with our customers and other security vendors. We now have security information and event management (SIEM) customers imploring other vendors to provide a QRadar app as a prerequisite to joining their security operations. It has also helped IBM demonstrate its security immune system in a tangible way.

App Exchange Offers Market Insights

The program has been so successful that we passed our 12-month target for third-party vendors and apps on the Exchange after only seven months. We are currently seeing approximate monthly totals of:

  • 3,500 downloads;
  • 35,000 visits; and
  • 11,000 unique visitors.

These numbers illustrate the App Exchange’s value to IBM customers, partners and the overall market. We’ve also trained over 90 security vendors in app development and have a vibrant backlog of third-party and IBM apps that we are planning to launch over the next few months.

One thing that was clear from the outset was the wide variety of security operations that the apps are addressing. This offers some interesting insights into what products are hot in the security market. While the IBM Security App Exchange is product-agnostic, it is currently dominated by apps for the QRadar Security Intelligence Platform, followed by IBM BigFix and IBM X-Force. Because QRadar sits right in the center of organizations’ threat detection and response processes, most systems involved in security operations should interface with it in some way.

Since the App Exchange launched, we’ve added over 70 apps that fall into the following broad categories:

  • Visualizations;
  • Threat Intelligence;
  • User Behavior Analytics (UBA);
  • Incident Response;
  • Endpoint Detection and Response;
  • Hunting;
  • Compliance Use Cases; and
  • Other Threat Detection Use Cases.

High Demand for Use Cases

The first set of stats shows the relative number of apps on the App Exchange in each category. Apps that fall into the categories of Threat Detection Use Cases and Compliance Use Cases account for more than half the offerings. Demand is high because these are the first use cases that most organizations address when implementing security operations.

The third most common set of apps fall into the category of User Behavior Analytics. The market is piping hot for these apps due to the fact that more than 50 percent of threats fall into this category. Demand for apps that fall into the Threat Intelligence category is similarly high.

Download Ratios

The second set of stats show the relative ratio of app downloads in each category. Again, the top category is Threat Detection Use Cases. This is very closely followed by User Behavior Analytics, with both Visualizations and Threat Intelligence hot on its heels. It’s interesting that Visualizations ranks so high in downloads while the category includes a relatively small set of apps. This may represent an unmet need.

Of course, download statistics are skewed by the length of time some apps have been available on the App Exchange. QRadar UBA, for example, has only been available for four months, but is already the third most downloaded app. Some newer apps in the areas of Endpoint Detection and Response, Incident Response and Hunting, while low in volume and relative downloads, are growing quickly. It’ll be interesting to review this trend in another six months to a year.

Key Takeaways

In summary, the key insights we can take away from this data are:

  • Threat Detection Use Cases, Threat Intelligence and User Behavior Analytics are at the forefront of most security programs.
  • Organizations place great value in threat, risk and incident visualizations, and there may be unmet demand in this area.
  • Compliance use cases are still an important foundation.
  • We’re starting to see a real pickup in areas of Endpoint Detection and Response, Hunting and Incident Response.

That’s just a sampling of the insights we can draw from the App Exchange statistics. We’ll continue to track the App Exchange’s development and shine a light on what apps are gaining traction in the market. Stay tuned!

Visit the IBM Security App Exchange

 |  |  |  | 
Chris Meenan
VP, Product Management, IBM Security

More from Intelligence & Analytics
October 30, 2023

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

September 12, 2023

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

September 7, 2023

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature