SlideShare a Scribd company logo
1 of 29
Download to read offline
IBM QRadar Security
Intelligence Overview
SECURITY INTELLIGENCE AND SENSE ANALYTICS PROTECTS ASSETS FROM ADVANCED
THREATS
2 IBM Security
Today’s challenges – drive QRadar strategy
Escalating Attacks Resource Constraints
• Increasingly sophisticated
attack methods
• Disappearing perimeters
• Accelerating security
breaches
• Constantly changing
infrastructure
• Too many products from
multiple vendors; costly
to configure and manage
• Inadequate and ineffective
tools
• Struggling security teams
• Too much data with limited
manpower and skills to
manage it all
• Managing and monitoring
increasing compliance
demands
Spear Phishing
Persistence
Backdoors
Designer Malware
Increasing Complexity Resource Constraints
3 IBM Security
Providing actionable intelligence
IBM QRadar
Security Intelligence
Platform
AUTOMATED
Driving simplicity and
accelerating time-to-value
INTEGRATED
Unified architecture
delivered in a single console
INTELLIGENT
Correlation, analysis and
massive data reduction
4 IBM Security
Driving simplicity and accelerated time to value
QRadar’s ease-of-use in set-up and maintenance
resulted in reduced time to resolve network
issues and freed-up IT staff for other projects.
Private U.S. University
with large online education community
Immediate
discovery
of network assets
Proactive vulnerability
scans, configuration
comparisons, and policy
compliance checks
Simplified
deployment
Automated configuration
of log data sources
and asset databases
Automated
updates
Stay current
with latest threats,
vulnerabilities,
and protocols
Out-of-the-
box rules and
reports
Immediate time
to value with built-in
intelligence
IBM QRadar is nearly three times
faster to implement across the
enterprise than other SIEM solutions.
2014 Ponemon Institute, LLC
Independent Research Report
5 IBM Security
Ask the right questions
Security Intelligence
The actionable information derived from the analysis
of security-relevant data available to an organization
What was the impact
to the organization?
What security incidents
are happening right
now?
Are we configured
to protect against
advanced threats?
What are the major risks
and vulnerabilities?
• Gain visibility over the organization’s
security posture and identity security gaps
• Detect deviations from the norm
that indicate early warnings of APTs
• Prioritize vulnerabilities to optimize
remediation processes and close critical
exposures before exploit
• Automatically detect threats with prioritized
workflow to quickly analyze impact
• Gather full situational awareness
through advanced security analytics
• Perform forensic investigation reducing time
to find root-cause; use results to drive faster
remediation
Exploit Remediation
REACTION / REMEDIATION PHASE
Post-ExploitVulnerability Pre-Exploit
PREDICTION / PREVENTION PHASE
6 IBM Security
Ask the right questions
Vulnerability
Manager
Risk
Manager
SIEM Log
Manager
Incident
Forensics
What was the impact
to the organization?
What security incidents
are happening right
now?
Are we configured
to protect against
advanced threats?
What are the major risks
and vulnerabilities?
• Gain visibility over the organization’s
security posture and identity security gaps
• Detect deviations from the norm
that indicate early warnings of APTs
• Prioritize vulnerabilities to optimize
remediation processes and close critical
exposures before exploit
• Automatically detect threats with prioritized
workflow to quickly analyze impact
• Gather full situational awareness
through advanced security analytics
• Perform forensic investigation reducing time
to find root-cause; use results to drive faster
remediation
Exploit Remediation
REACTION / REMEDIATION PHASE
Post-ExploitVulnerability Pre-Exploit
PREDICTION / PREVENTION PHASE
7 IBM Security
Embedded intelligence offers automated offense identification
Suspected
IncidentsServers and mainframes
Data activity
Network and virtual activity
Application activity
Configuration information
Security devices
Users and identities
Vulnerabilities and threats
Global threat intelligence
Automated
Offense
Identification
• Unlimited data collection,
storage and analysis
• Built in data classification
• Automatic asset, service and
user discovery and profiling
• Real-time correlation
and threat intelligence
• Activity baselining
and anomaly detection
• Detects incidents
of the box
Embedded
Intelligence
Prioritized Incidents
8 IBM Security
Answering questions to help prevent and remediate attacks
9 IBM Security
Extend clarity around incidents with in-depth forensics data
Suspected
Incidents
Directed Forensics Investigations
• Rapidly reduce time to resolution
through intuitive forensic workflow
• Use intuition more than technical training
• Determine root cause and prevent
re-occurrences
Embedded
Intelligence
Prioritized Incidents
10 IBM Security
IBM Security App Exchange
A Platform for
Security Intelligence
Collaboration
Single collaboration platform for rapidly delivering
new apps and content for IBM Security solutions
Enable rapid innovation
Single Platform
for Collaboration
Access
Partner Innovations
Certified
Security Apps
Allows QRadar users and partners to
deploy new use cases in an accelerated way
Quickly Extend
QRadar Functionality
11 IBM Security
Enabling comprehensive extensions and 3rd party integration
through the QRadar Application Framework
QRadar API Components NEW
New open API for rapid innovation and creation
Insider Threats Internet of
Things
Incident Response
Cybersecurity
Use Cases
 Market, technology, business specific
 Seamlessly integrated workflow
 Economic and operational benefit
 More flexibility and less complexity
12 IBM Security
IBM zSecure IBM Security AppScan
IBM Security Network
Protection XGS
IBM Security
Access Manager
IBM Security Privileged
Identity Manager
IBM InfoSphere
Guardium
IBM Security
Identity Manager
IBM Security Directory
Server and Integrator
IBM Endpoint Manager
IBM Trusteer Apex
IBM QRadar is the centerpiece of IBM security integration
IBM QRadar
Security Intelligence
Platform
13 IBM Security
IBM QRadar supports hundreds of third-party products
IBM QRadar
Security Intelligence Platform
14 IBM Security
Flexible appliance, virtual, software and cloud architecture for
high performance and rapid deployment
IBM QRadar
Security Intelligence Platform
• Easy-to-deploy, scalable
model using stackable
distributed appliances
• Does not require
third-party databases
or storage
Scalable appliance
architecture
• Offers automatic failover and
disaster recovery
• Hardware, Software, Virtual
deployments
• Cloud, on-premise and hybrid
deployment
• Perpetual, Rental and SAAS
options
Shared modular
infrastructure
15 IBM Security
Key Security Trends
IBM Security Portfolio
Advanced
Threats
Skills
Shortage
Cloud
Adoption
Mobile
Concerns
Compliance
Mandates
Our strategy is to provide integrated solutions to the market
Consulting and Managed Services Integrated Security Technologies
Security Intelligence and Operations Security Intelligence and Analytics
Strategy,
Risk and Compliance
Cloud and
Managed Services
Advanced Fraud Protection
Identity and Access
Management
Services
Data and
Application
Security
Services
Cybersecurity
Assessment
and Response
Identity
and Access
Management
Data
Security
Application
Security
Infrastructure
and Threat
Protection
Advanced Threat and Security Research
16 IBM Security
Example deployment
• SIEM Replacement
 Ability to view Real Time Alerts while maintaining Searching capabilities on
legacy data
 Addition of Network Flow visibility. Where is the IP coming from and attempting
to go
 Configured and Deployed in less than 45 Days
 12 Million Flows , 280,000 Log Sources
 40 Unique Log Source Types across the enterprise
• FireEye, BlueCoat Proxy, Firewalls, Windows, Linux
 Over 5 Billion events being consumed daily
• Other Highlights
 Within first 45 Days saw misconfigured devices
 Able to quickly utilize external feeds "Reference Sets“ of known Indicators of
Compromise "IOC's“
 Routers pinging Chinese Address Space
17 IBM Security
An integrated, unified architecture in a single
web-based console
Log
Management
Security
Intelligence
Network
Activity
Monitoring
Risk
Management
Vulnerability
Management
Network
Forensics
18 IBM Security
Intelligence, integration, automation to stay ahead of the threat
Identify and quickly
remediate
Deploy comprehensive security
intelligence and incident forensics
Detect insider fraud
Adopt next-generation SIEM
with identity correlation
Address regulation
mandates
Automate data collection
and configuration audits
Consolidate
data silos
Collect, correlate and report on
data in one integrated solution
Better predict
business risks
Engage entire lifecycle of risk
management for network
and security infrastructures
Additional Value
QRADAR
20 IBM Security
Security Intelligence platform that enables
security optimization through advanced threat
detection, meet compliance and policy demands
and eliminating data silos
Portfolio Overview
QRadar Log Manager
• Turnkey log management for SMB and Enterprises
• Upgradeable to enterprise SIEM
QRadar SIEM
• Integrated log, flow, threat, compliance mgmt
• Asset profiling and flow analytics
• Offense management and workflow
Network Activity Collectors (QFlow)
• Network analytics, behavior and anomaly detection
• Layer 7 application monitoring
QRadar Risk Manager
• Predictive threat modeling & simulation
• Scalable configuration monitoring and audit
• Advanced threat and impact analysis
QRadar Vulnerability Manager
• Integrated Network Scanning & Workflow
• Leverage SIEM, Threat, Risk to prioritize
vulnerabilities
QRadar Incident Forensics
• Reconstruct raw network packets to original format
• Determine root cause of security incidents and help
prevent recurrences
QRadar Product Portfolio
21 IBM Security
Addressing organizations’ growing cloud security requirements
Increasingcloudadoption
Serviced from
the cloud
Manage from
the cloud
Utilize
the cloud
Collect from
the Cloud
 A cloud-based hybrid SI deployment managed
from the cloud
 Unified view of on-prem and cloud-based
security data
 Cloud-based SI as a Service delivering a
managed and unified view of operations
 On-prem security data forwarded to the cloud &
synthesized with security data from cloud assets
 On-premises hybrid SI deployment that
optimally leverages cloud resources
 Extended data retention periods and
expanded analytical resources
 On-premises SI extending visibility into cloud
applications and infrastructure
 Unified security view of on-premise and cloud
operations
22 IBM Security
 Network traffic doesn’t lie. Attackers can stop logging and erase
their tracks, but can’t cut off the network (flow data)
• Deep packet inspection for Layer 7 flow data
• Pivoting, drill-down and data mining on flow sources for advanced
detection and forensics
 Helps detect anomalies that might otherwise get missed
 Enables visibility into attacker communications
QRadar QFlow - Differentiated by network flow analytics
23 IBM Security
QRadar QFlow fully supports five key use cases
• Detection of zero-day threats through traffic profiling
Detection of malware and virus/worm activity through behavior profiling and anomaly
detection across all network traffic (applications, hosts, protocols, areas of the network)
• Compliance with policy and regulatory mandates via deep analysis of
application data and protocols
Alerting on out-of-policy behavior and traffic, such as traffic being sent to untrustworthy
geographical regions or unsecure protocols
• Social media monitoring
Anomaly detection and DPI-based content capture that identify and alert on social
media-related threats and risks
• Advanced incident analysis via correlation of flow data with log data
Accurate prioritization of incident data and reduction of false positives by correlating
security events with actual network traffic
• Continuous profiling of assets
Collection and monitoring of continuous information feed from hosts, assets and
services, allowing QRadar SIEM to automatically identify and classify new assets and
discover what ports and services they are running
24 IBM Security
Log
Manager
SIEM
Network
Activity
Monitor
Risk
Manager
QRadar QVM
Questions remain:
• Has that been patched?
• Has it been exploited?
• Is it likely to be exploited ?
• Does my firewall block it?
• Does my IPS block it?
• Does it matter?
Existing VMs
 Reduces data load
– Bringing rich context to
Vulnerability Management
 Improves visibility
– Intelligent, event-driven
scanning, asset discovery,
asset profiling and more
 Breaks down silos
– Leveraging all QRadar
integrations and data
– Unified vulnerability view
across all products
Introducing QRadar Vulnerability Manager
Vulnerability
Manager
25 IBM Security
 Contains an embedded, well proven,
scalable, analyst recognised, PCI
certified scanner
 Detects 70,000+ vulnerabilities
 Tracks National Vulnerability Database
(CVE)
 Present in all QRadar log and flow
collectors and processors
 Integrated external scanner
 Complete vulnerability view supporting
3rd party vulnerability system data feeds
 Supports exception and remediation
processes of VM with seamlessly
integrated reporting and dash boarding
Complete Vulnerability Context and Visibility
Integrated
vulnerability
scanner
Network
discovery
and asset
information
IBM
Security
Context
AppScan
Guardium
Endpoint (BigFix)
Network IPS
X-Force
3rd Party
vulnerability
solutions
e.g. Qualys
Rapid7
Nessus
nCircle
McAfee
QRadar Vulnerability – Integrated Vulnerability Management
26 IBM Security
QRadar Risk Manager – Context driven risk prioritization
 Fully integrated Security Intelligence, and
Risk Management solution
 Most comprehensive risk assessment
covering network usage, configuration
data, vulnerability posture, and current
threat environment
 Powerful, simple to use visualization of
network usage and attack paths
enhancing risk and incident response
 Reduced total cost of ownership through
product consolidation
QRadar Risk Manager enhances Security Intelligence by adding
network topology visualization and path analysis, network device
optimization and configuration monitoring, and improved compliance
monitoring/reporting to QRadar SIEM
27 IBM Security
In 2012, 38% of
targets were
attacked again
once the original
incident was
remediated.
QRadar Incident Forensics – Responding quickly to incidents
Attackers spend
an estimated 243 days
on a victim’s
network before being
discovered
Has our
organization been
compromised?
When was
our security
breached?
How to avoid
becoming a
repeat victim?
What resources and
assets are at risk?
What type of
attack is it?
How do we identify
the attack?
28 IBM Security
Our Security Intelligence platform delivers powerful capabilities IT Security Operations Teams
Tells you exactly when
an incident occurred
Delivers intelligence to
guide forensics
investigations
Merges powerful forensics
capability with simplicity
Next generation network forensics: know what happened, fast
Introducing QRadar Incident Forensics:
Leveraging the strengths of QRadar to optimize the process of investigating
and gathering evidence on advanced attacks and data breaches
• Visually construct threat actor relationships
• Builds detailed user and application profiles across
multiple IDs
• Full packet capture for complete session reconstruction
• Unified view of all flow, user, event, and forensic
information
• Retrace activity in chronological order
• Integrated with QRadar to discover true offenses and
prioritize forensics investigations
• Enables search-driven data exploration to return
detailed, multi-level results in seconds
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind,
express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products
and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service
marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your
enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others.
No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems,
products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products
or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
FOLLOW US ON:
THANK YOU

More Related Content

What's hot

Q radar architecture deep dive
Q radar architecture   deep diveQ radar architecture   deep dive
Q radar architecture deep diveKamal Mouline
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdfPencilData
 
SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)Osama Ellahi
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapDATA SECURITY SOLUTIONS
 
Whitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceWhitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceCamilo Fandiño Gómez
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCPriyanka Aash
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
Siem solutions R&E
Siem solutions R&ESiem solutions R&E
Siem solutions R&EOwais Ahmad
 
Siem ppt
Siem pptSiem ppt
Siem pptkmehul
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 

What's hot (20)

Q radar architecture deep dive
Q radar architecture   deep diveQ radar architecture   deep dive
Q radar architecture deep dive
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdf
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event Managemen
 
SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmap
 
Whitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceWhitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security Intelligence
 
What is SIEM
What is SIEMWhat is SIEM
What is SIEM
 
IBM QRadar BB & Rules
IBM QRadar BB & RulesIBM QRadar BB & Rules
IBM QRadar BB & Rules
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
Siem solutions R&E
Siem solutions R&ESiem solutions R&E
Siem solutions R&E
 
Siem ppt
Siem pptSiem ppt
Siem ppt
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
 

Similar to IBM QRadar Security Intelligence Overview

A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingSPI Conference
 
Tecnologie a supporto dei controlli di sicurezza fondamentali
Tecnologie a supporto dei controlli di sicurezza fondamentaliTecnologie a supporto dei controlli di sicurezza fondamentali
Tecnologie a supporto dei controlli di sicurezza fondamentaliJürgen Ambrosi
 
Fernando Imperiale - Security Intelligence para PYMES
Fernando Imperiale - Security Intelligence para PYMESFernando Imperiale - Security Intelligence para PYMES
Fernando Imperiale - Security Intelligence para PYMESFernando M. Imperiale
 
IBM - Security Intelligence para PYMES
IBM - Security Intelligence para PYMESIBM - Security Intelligence para PYMES
IBM - Security Intelligence para PYMESFernando M. Imperiale
 
Security Operations and Response
Security Operations and ResponseSecurity Operations and Response
Security Operations and Responsexband
 
Effective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowEffective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowPrecisely
 
QRadar-XDR-Solution.pdf
QRadar-XDR-Solution.pdfQRadar-XDR-Solution.pdf
QRadar-XDR-Solution.pdfssuserf5beb3
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016Francisco González Jiménez
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overviewxband
 
IBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy SectorIBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy SectorFMA Summits
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersIBM Security
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
 
IBM BigFix: Closing the Endpoint Gap Between IT Ops and Security
IBM BigFix: Closing the Endpoint Gap Between IT Ops and SecurityIBM BigFix: Closing the Endpoint Gap Between IT Ops and Security
IBM BigFix: Closing the Endpoint Gap Between IT Ops and SecurityIBM Security
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowIBM Security
 

Similar to IBM QRadar Security Intelligence Overview (20)

A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm Approaching
 
Tecnologie a supporto dei controlli di sicurezza fondamentali
Tecnologie a supporto dei controlli di sicurezza fondamentaliTecnologie a supporto dei controlli di sicurezza fondamentali
Tecnologie a supporto dei controlli di sicurezza fondamentali
 
Fernando Imperiale - Security Intelligence para PYMES
Fernando Imperiale - Security Intelligence para PYMESFernando Imperiale - Security Intelligence para PYMES
Fernando Imperiale - Security Intelligence para PYMES
 
IBM - Security Intelligence para PYMES
IBM - Security Intelligence para PYMESIBM - Security Intelligence para PYMES
IBM - Security Intelligence para PYMES
 
Security Operations and Response
Security Operations and ResponseSecurity Operations and Response
Security Operations and Response
 
Effective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowEffective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to Know
 
QRadar-XDR-Solution.pdf
QRadar-XDR-Solution.pdfQRadar-XDR-Solution.pdf
QRadar-XDR-Solution.pdf
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overview
 
IBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy SectorIBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy Sector
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
 
IBM Security Strategy
IBM Security StrategyIBM Security Strategy
IBM Security Strategy
 
Mitigate attacks with IBM BigFix and Q-Radar
Mitigate attacks with IBM BigFix and Q-RadarMitigate attacks with IBM BigFix and Q-Radar
Mitigate attacks with IBM BigFix and Q-Radar
 
Cyber threats
Cyber threatsCyber threats
Cyber threats
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
 
IBM Security Portfolio - 2015
IBM Security Portfolio - 2015IBM Security Portfolio - 2015
IBM Security Portfolio - 2015
 
IBM BigFix: Closing the Endpoint Gap Between IT Ops and Security
IBM BigFix: Closing the Endpoint Gap Between IT Ops and SecurityIBM BigFix: Closing the Endpoint Gap Between IT Ops and Security
IBM BigFix: Closing the Endpoint Gap Between IT Ops and Security
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
 
Post Wannacry Update
Post Wannacry UpdatePost Wannacry Update
Post Wannacry Update
 

More from Camilo Fandiño Gómez

More from Camilo Fandiño Gómez (8)

IBM Security QFlow & Vflow
IBM Security QFlow & VflowIBM Security QFlow & Vflow
IBM Security QFlow & Vflow
 
Whitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorWhitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity Monitor
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level Executives
 
IBM Security SaaS IaaS and PaaS
IBM Security SaaS IaaS and PaaSIBM Security SaaS IaaS and PaaS
IBM Security SaaS IaaS and PaaS
 
IBM Cloud Security Enforcer
IBM Cloud Security EnforcerIBM Cloud Security Enforcer
IBM Cloud Security Enforcer
 
Conoce la Seguridad Cognitiva
Conoce la Seguridad CognitivaConoce la Seguridad Cognitiva
Conoce la Seguridad Cognitiva
 
Top 10 razones para no necesitar un MDM
Top 10 razones para no necesitar un MDMTop 10 razones para no necesitar un MDM
Top 10 razones para no necesitar un MDM
 
IBM Seguridad Móvil - Acompaña tu estrategia BYOD
IBM Seguridad Móvil - Acompaña tu estrategia BYODIBM Seguridad Móvil - Acompaña tu estrategia BYOD
IBM Seguridad Móvil - Acompaña tu estrategia BYOD
 

Recently uploaded

Why Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdfWhy Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdfBrain Inventory
 
Growing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesGrowing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesSoftwareMill
 
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageSales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageDista
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfTobias Schneck
 
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLBig Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLAlluxio, Inc.
 
Generative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-CouncilGenerative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-CouncilVICTOR MAESTRE RAMIREZ
 
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.Sharon Liu
 
Watermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesWatermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesShyamsundar Das
 
Enterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze IncEnterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze Incrobinwilliams8624
 
ERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxAutus Cyber Tech
 
Top Software Development Trends in 2024
Top Software Development Trends in  2024Top Software Development Trends in  2024
Top Software Development Trends in 2024Mind IT Systems
 
online pdf editor software solutions.pdf
online pdf editor software solutions.pdfonline pdf editor software solutions.pdf
online pdf editor software solutions.pdfMeon Technology
 
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...OnePlan Solutions
 
eAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionseAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionsNirav Modi
 
AI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyAI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyRaymond Okyere-Forson
 
Introduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptxIntroduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptxIntelliSource Technologies
 
Deep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampDeep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampVICTOR MAESTRE RAMIREZ
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorShane Coughlan
 
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Jaydeep Chhasatia
 

Recently uploaded (20)

Why Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdfWhy Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdf
 
Growing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesGrowing Oxen: channel operators and retries
Growing Oxen: channel operators and retries
 
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageSales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
 
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLBig Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
 
Generative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-CouncilGenerative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-Council
 
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
 
Watermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesWatermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security Challenges
 
Enterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze IncEnterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze Inc
 
ERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptx
 
Salesforce AI Associate Certification.pptx
Salesforce AI Associate Certification.pptxSalesforce AI Associate Certification.pptx
Salesforce AI Associate Certification.pptx
 
Top Software Development Trends in 2024
Top Software Development Trends in  2024Top Software Development Trends in  2024
Top Software Development Trends in 2024
 
online pdf editor software solutions.pdf
online pdf editor software solutions.pdfonline pdf editor software solutions.pdf
online pdf editor software solutions.pdf
 
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
 
eAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionseAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspections
 
AI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyAI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human Beauty
 
Introduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptxIntroduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptx
 
Deep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampDeep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - Datacamp
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
 
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
 

IBM QRadar Security Intelligence Overview

  • 1. IBM QRadar Security Intelligence Overview SECURITY INTELLIGENCE AND SENSE ANALYTICS PROTECTS ASSETS FROM ADVANCED THREATS
  • 2. 2 IBM Security Today’s challenges – drive QRadar strategy Escalating Attacks Resource Constraints • Increasingly sophisticated attack methods • Disappearing perimeters • Accelerating security breaches • Constantly changing infrastructure • Too many products from multiple vendors; costly to configure and manage • Inadequate and ineffective tools • Struggling security teams • Too much data with limited manpower and skills to manage it all • Managing and monitoring increasing compliance demands Spear Phishing Persistence Backdoors Designer Malware Increasing Complexity Resource Constraints
  • 3. 3 IBM Security Providing actionable intelligence IBM QRadar Security Intelligence Platform AUTOMATED Driving simplicity and accelerating time-to-value INTEGRATED Unified architecture delivered in a single console INTELLIGENT Correlation, analysis and massive data reduction
  • 4. 4 IBM Security Driving simplicity and accelerated time to value QRadar’s ease-of-use in set-up and maintenance resulted in reduced time to resolve network issues and freed-up IT staff for other projects. Private U.S. University with large online education community Immediate discovery of network assets Proactive vulnerability scans, configuration comparisons, and policy compliance checks Simplified deployment Automated configuration of log data sources and asset databases Automated updates Stay current with latest threats, vulnerabilities, and protocols Out-of-the- box rules and reports Immediate time to value with built-in intelligence IBM QRadar is nearly three times faster to implement across the enterprise than other SIEM solutions. 2014 Ponemon Institute, LLC Independent Research Report
  • 5. 5 IBM Security Ask the right questions Security Intelligence The actionable information derived from the analysis of security-relevant data available to an organization What was the impact to the organization? What security incidents are happening right now? Are we configured to protect against advanced threats? What are the major risks and vulnerabilities? • Gain visibility over the organization’s security posture and identity security gaps • Detect deviations from the norm that indicate early warnings of APTs • Prioritize vulnerabilities to optimize remediation processes and close critical exposures before exploit • Automatically detect threats with prioritized workflow to quickly analyze impact • Gather full situational awareness through advanced security analytics • Perform forensic investigation reducing time to find root-cause; use results to drive faster remediation Exploit Remediation REACTION / REMEDIATION PHASE Post-ExploitVulnerability Pre-Exploit PREDICTION / PREVENTION PHASE
  • 6. 6 IBM Security Ask the right questions Vulnerability Manager Risk Manager SIEM Log Manager Incident Forensics What was the impact to the organization? What security incidents are happening right now? Are we configured to protect against advanced threats? What are the major risks and vulnerabilities? • Gain visibility over the organization’s security posture and identity security gaps • Detect deviations from the norm that indicate early warnings of APTs • Prioritize vulnerabilities to optimize remediation processes and close critical exposures before exploit • Automatically detect threats with prioritized workflow to quickly analyze impact • Gather full situational awareness through advanced security analytics • Perform forensic investigation reducing time to find root-cause; use results to drive faster remediation Exploit Remediation REACTION / REMEDIATION PHASE Post-ExploitVulnerability Pre-Exploit PREDICTION / PREVENTION PHASE
  • 7. 7 IBM Security Embedded intelligence offers automated offense identification Suspected IncidentsServers and mainframes Data activity Network and virtual activity Application activity Configuration information Security devices Users and identities Vulnerabilities and threats Global threat intelligence Automated Offense Identification • Unlimited data collection, storage and analysis • Built in data classification • Automatic asset, service and user discovery and profiling • Real-time correlation and threat intelligence • Activity baselining and anomaly detection • Detects incidents of the box Embedded Intelligence Prioritized Incidents
  • 8. 8 IBM Security Answering questions to help prevent and remediate attacks
  • 9. 9 IBM Security Extend clarity around incidents with in-depth forensics data Suspected Incidents Directed Forensics Investigations • Rapidly reduce time to resolution through intuitive forensic workflow • Use intuition more than technical training • Determine root cause and prevent re-occurrences Embedded Intelligence Prioritized Incidents
  • 10. 10 IBM Security IBM Security App Exchange A Platform for Security Intelligence Collaboration Single collaboration platform for rapidly delivering new apps and content for IBM Security solutions Enable rapid innovation Single Platform for Collaboration Access Partner Innovations Certified Security Apps Allows QRadar users and partners to deploy new use cases in an accelerated way Quickly Extend QRadar Functionality
  • 11. 11 IBM Security Enabling comprehensive extensions and 3rd party integration through the QRadar Application Framework QRadar API Components NEW New open API for rapid innovation and creation Insider Threats Internet of Things Incident Response Cybersecurity Use Cases  Market, technology, business specific  Seamlessly integrated workflow  Economic and operational benefit  More flexibility and less complexity
  • 12. 12 IBM Security IBM zSecure IBM Security AppScan IBM Security Network Protection XGS IBM Security Access Manager IBM Security Privileged Identity Manager IBM InfoSphere Guardium IBM Security Identity Manager IBM Security Directory Server and Integrator IBM Endpoint Manager IBM Trusteer Apex IBM QRadar is the centerpiece of IBM security integration IBM QRadar Security Intelligence Platform
  • 13. 13 IBM Security IBM QRadar supports hundreds of third-party products IBM QRadar Security Intelligence Platform
  • 14. 14 IBM Security Flexible appliance, virtual, software and cloud architecture for high performance and rapid deployment IBM QRadar Security Intelligence Platform • Easy-to-deploy, scalable model using stackable distributed appliances • Does not require third-party databases or storage Scalable appliance architecture • Offers automatic failover and disaster recovery • Hardware, Software, Virtual deployments • Cloud, on-premise and hybrid deployment • Perpetual, Rental and SAAS options Shared modular infrastructure
  • 15. 15 IBM Security Key Security Trends IBM Security Portfolio Advanced Threats Skills Shortage Cloud Adoption Mobile Concerns Compliance Mandates Our strategy is to provide integrated solutions to the market Consulting and Managed Services Integrated Security Technologies Security Intelligence and Operations Security Intelligence and Analytics Strategy, Risk and Compliance Cloud and Managed Services Advanced Fraud Protection Identity and Access Management Services Data and Application Security Services Cybersecurity Assessment and Response Identity and Access Management Data Security Application Security Infrastructure and Threat Protection Advanced Threat and Security Research
  • 16. 16 IBM Security Example deployment • SIEM Replacement  Ability to view Real Time Alerts while maintaining Searching capabilities on legacy data  Addition of Network Flow visibility. Where is the IP coming from and attempting to go  Configured and Deployed in less than 45 Days  12 Million Flows , 280,000 Log Sources  40 Unique Log Source Types across the enterprise • FireEye, BlueCoat Proxy, Firewalls, Windows, Linux  Over 5 Billion events being consumed daily • Other Highlights  Within first 45 Days saw misconfigured devices  Able to quickly utilize external feeds "Reference Sets“ of known Indicators of Compromise "IOC's“  Routers pinging Chinese Address Space
  • 17. 17 IBM Security An integrated, unified architecture in a single web-based console Log Management Security Intelligence Network Activity Monitoring Risk Management Vulnerability Management Network Forensics
  • 18. 18 IBM Security Intelligence, integration, automation to stay ahead of the threat Identify and quickly remediate Deploy comprehensive security intelligence and incident forensics Detect insider fraud Adopt next-generation SIEM with identity correlation Address regulation mandates Automate data collection and configuration audits Consolidate data silos Collect, correlate and report on data in one integrated solution Better predict business risks Engage entire lifecycle of risk management for network and security infrastructures
  • 20. 20 IBM Security Security Intelligence platform that enables security optimization through advanced threat detection, meet compliance and policy demands and eliminating data silos Portfolio Overview QRadar Log Manager • Turnkey log management for SMB and Enterprises • Upgradeable to enterprise SIEM QRadar SIEM • Integrated log, flow, threat, compliance mgmt • Asset profiling and flow analytics • Offense management and workflow Network Activity Collectors (QFlow) • Network analytics, behavior and anomaly detection • Layer 7 application monitoring QRadar Risk Manager • Predictive threat modeling & simulation • Scalable configuration monitoring and audit • Advanced threat and impact analysis QRadar Vulnerability Manager • Integrated Network Scanning & Workflow • Leverage SIEM, Threat, Risk to prioritize vulnerabilities QRadar Incident Forensics • Reconstruct raw network packets to original format • Determine root cause of security incidents and help prevent recurrences QRadar Product Portfolio
  • 21. 21 IBM Security Addressing organizations’ growing cloud security requirements Increasingcloudadoption Serviced from the cloud Manage from the cloud Utilize the cloud Collect from the Cloud  A cloud-based hybrid SI deployment managed from the cloud  Unified view of on-prem and cloud-based security data  Cloud-based SI as a Service delivering a managed and unified view of operations  On-prem security data forwarded to the cloud & synthesized with security data from cloud assets  On-premises hybrid SI deployment that optimally leverages cloud resources  Extended data retention periods and expanded analytical resources  On-premises SI extending visibility into cloud applications and infrastructure  Unified security view of on-premise and cloud operations
  • 22. 22 IBM Security  Network traffic doesn’t lie. Attackers can stop logging and erase their tracks, but can’t cut off the network (flow data) • Deep packet inspection for Layer 7 flow data • Pivoting, drill-down and data mining on flow sources for advanced detection and forensics  Helps detect anomalies that might otherwise get missed  Enables visibility into attacker communications QRadar QFlow - Differentiated by network flow analytics
  • 23. 23 IBM Security QRadar QFlow fully supports five key use cases • Detection of zero-day threats through traffic profiling Detection of malware and virus/worm activity through behavior profiling and anomaly detection across all network traffic (applications, hosts, protocols, areas of the network) • Compliance with policy and regulatory mandates via deep analysis of application data and protocols Alerting on out-of-policy behavior and traffic, such as traffic being sent to untrustworthy geographical regions or unsecure protocols • Social media monitoring Anomaly detection and DPI-based content capture that identify and alert on social media-related threats and risks • Advanced incident analysis via correlation of flow data with log data Accurate prioritization of incident data and reduction of false positives by correlating security events with actual network traffic • Continuous profiling of assets Collection and monitoring of continuous information feed from hosts, assets and services, allowing QRadar SIEM to automatically identify and classify new assets and discover what ports and services they are running
  • 24. 24 IBM Security Log Manager SIEM Network Activity Monitor Risk Manager QRadar QVM Questions remain: • Has that been patched? • Has it been exploited? • Is it likely to be exploited ? • Does my firewall block it? • Does my IPS block it? • Does it matter? Existing VMs  Reduces data load – Bringing rich context to Vulnerability Management  Improves visibility – Intelligent, event-driven scanning, asset discovery, asset profiling and more  Breaks down silos – Leveraging all QRadar integrations and data – Unified vulnerability view across all products Introducing QRadar Vulnerability Manager Vulnerability Manager
  • 25. 25 IBM Security  Contains an embedded, well proven, scalable, analyst recognised, PCI certified scanner  Detects 70,000+ vulnerabilities  Tracks National Vulnerability Database (CVE)  Present in all QRadar log and flow collectors and processors  Integrated external scanner  Complete vulnerability view supporting 3rd party vulnerability system data feeds  Supports exception and remediation processes of VM with seamlessly integrated reporting and dash boarding Complete Vulnerability Context and Visibility Integrated vulnerability scanner Network discovery and asset information IBM Security Context AppScan Guardium Endpoint (BigFix) Network IPS X-Force 3rd Party vulnerability solutions e.g. Qualys Rapid7 Nessus nCircle McAfee QRadar Vulnerability – Integrated Vulnerability Management
  • 26. 26 IBM Security QRadar Risk Manager – Context driven risk prioritization  Fully integrated Security Intelligence, and Risk Management solution  Most comprehensive risk assessment covering network usage, configuration data, vulnerability posture, and current threat environment  Powerful, simple to use visualization of network usage and attack paths enhancing risk and incident response  Reduced total cost of ownership through product consolidation QRadar Risk Manager enhances Security Intelligence by adding network topology visualization and path analysis, network device optimization and configuration monitoring, and improved compliance monitoring/reporting to QRadar SIEM
  • 27. 27 IBM Security In 2012, 38% of targets were attacked again once the original incident was remediated. QRadar Incident Forensics – Responding quickly to incidents Attackers spend an estimated 243 days on a victim’s network before being discovered Has our organization been compromised? When was our security breached? How to avoid becoming a repeat victim? What resources and assets are at risk? What type of attack is it? How do we identify the attack?
  • 28. 28 IBM Security Our Security Intelligence platform delivers powerful capabilities IT Security Operations Teams Tells you exactly when an incident occurred Delivers intelligence to guide forensics investigations Merges powerful forensics capability with simplicity Next generation network forensics: know what happened, fast Introducing QRadar Incident Forensics: Leveraging the strengths of QRadar to optimize the process of investigating and gathering evidence on advanced attacks and data breaches • Visually construct threat actor relationships • Builds detailed user and application profiles across multiple IDs • Full packet capture for complete session reconstruction • Unified view of all flow, user, event, and forensic information • Retrace activity in chronological order • Integrated with QRadar to discover true offenses and prioritize forensics investigations • Enables search-driven data exploration to return detailed, multi-level results in seconds
  • 29. © Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions FOLLOW US ON: THANK YOU