McAfee integrates DXL with IBM Resilient in move to full interoperability with Resilient platform

The McAfee integration with IBM Resilient IRP is available now, and will soon be complemented by full certification of interoperability, which will provider customers and partners with even more value.

D.J. Long, head of the Security Innovation Alliance and VP of Strategic Business Development at McAfee

Cybersecurity software vendor McAfee has announced an expansion of their integration with the IBM  Resilient Incident Response Platform [IRP]. The integration is with McAfee’s DXL [Data Exchange Layer], and lets Resilient IRP users now query McAfee Threat Intelligence Exchange [McAfee TIE] as a threat reputation service. The Resilient IRP now also natively connects to McAfee ePolicy Orchestrator [ePO] to increase the volume of threats available to each platform. The integration of the Resilient IRP and DXL, McAfee TIE and McAfee ePO is now generally available on the IBM Security App Exchange.

The integration will ultimately lead to the full certification of the McAfee solutions with Resilient IRP.

“We are now in the latter stages of testing aimed at creating a fuller certification of McAfee being fully interoperable with IBM Resilient,” said D.J. Long, who as head of the Security Innovation Alliance and VP of Strategic Business Development at  McAfee, wears a number of interesting hats, handling strategic alliances and creative alliances, and playing a role in corporate development activities around M&As. “This involves our DXL, EPO, ATD [Advanced Threat Defense] and MAR [McAfee Active Response]. IBM is doing most of this work, and at their recent IBM Think event, we demonstrated a very solid proof of concept on the show floor, and it generated a great deal of interest.”

This certification will be a very big deal for McAfee, their customers, and their partners.

“When the certifications are completed, and we are approaching the end of the certification process, it will tell customers that these products have been certified to work well together,” he stated. “This certification process is taken very seriously. If a customer of ours is also an IBM customer, the demonstrated ability to have our products work better together allows them to avoid security application sprawl, with many solutions not working well together. It lets them have more of a platform strategy.”

The integrations also benefit McAfee and their channel.

“Integrating with more different points provides us both with best of breed solutions, and creates product drag for each of us in each other’s accounts,” Long said. “Except for SIEMs, we don’t compete directly with IBM, so it makes for a good partnership.

“For partners, it’s another opportunity to generate revenue and profits,” he added. “Many partners carry both IBM and McAfee, but they don’t often fully realize the degree to which they can work together, so that the products make a great combined solution.”

Long noted that Resilient is a very difference kind of platform from McAfee ePO.

“Resilient is an orchestration and automation platform that initiates incident response and can determine the best course of remediation, while ePO is more of a management plane,” he said. “ePO is not an incident response platform as much as a communications and management plane that helps to manage endpoints. Given Resilient’s specific capabilities, it is strengthened by being integrated with third party capabilities like this.”

Long explained this additional value that McAfee brings to the Resilient IRP.

“Resilient is an outstanding platform,” he stated. “Using McAfee TIE allows it to be used as a real-time information bus, and plays to McAfee’s strengths in capturing endpoint alerts. On the basis of what Resilient concludes, we can query and do subsequent remediation, to exploit Resilient’s capabilities in terms of getting a response. We use Resilient for the purpose for which it was originally designed.”

Long also stressed how this kind of mutual collaboration is something that is steeped in McAfee’s  history, and positions them well going forward.

“IBM has a strategy like ours in being collaborative,” he said. “Their strategy is to centralize focus on the security operations centre with this and with their QRadar SIEM platform. Resilient is emerging as a leader within the orchestration and automation space, and is collaborating with endpoint vendors that share a common vision. Associating with a strong endpoint protection capability like ours is something that is attractive to them. The difference between the two of us is that I think the open ecosystem we have established is simply the best in the industry. It’s more mature – ten years old. IBM is ramping up their own efforts here, and we are pleased to be a partner of theirs.”