SlideShare a Scribd company logo

IBM Qradar

Coenraad Smith
Coenraad Smith

IBM Q Radar the best on current IT market

Technology
1 of 31
Download to read offline
© 2015 IBM Corporation IBM Security 1© 2015 IBM Corporation IBM QRadar for Service Providers Extending Market Reach Through Multi-Tenancy & SaaS May 2015 Vijay Dheap Global Product Manager QRadar
© 2015 IBM Corporation IBM Security 2 Agenda  Motivations  QRadar Multi-Tenancy  QRadar Master Console  Security Intelligence on Cloud  Partnering with IBM
* © 2014 IBM Corporation Motivations Making Security Intelligence Accessible
© 2015 IBM Corporation IBM Security 4 It’s A Not So Friendly Cyber World…and Many are Ill-Equipped Risks abound and cost continues to grow Limitations in even grasping an organization’s security posture constraints the ability to adapt it…
© 2015 IBM Corporation IBM Security 5 Organizations of All Sizes Plan on Raising their Basic Security IQ Growing Demand needs to be served by the Best in Class solution – QRadar and Service Providers provide not just the reach but also the expertise to onboard and support these organizations on their security intelligence journey
© 2015 IBM Corporation IBM Security 6 Service Providers Requirements to Serve this Market Demand  Offer a range of security intelligence capabilities from the basic to the advanced to meet the spectrum of security needs of customers • Log Management • SIEM • Network, app, and service usage visibility • Vulnerability Management  Adaptive deployment of the technology depending on the size and scale of the customer • Dedicated environments for large institutions • Shared infrastructure for small/mid-size organizations  Deliver Rapid Time to Value • Quick Deployment • In-built Intelligence • Out-of-the-box integrations  Minimize operational costs in IT infrastructure maintenance and management • Multi-tenancy • Cloud delivery options  Streamline security operations to improve productivity of skilled security analysts on staff • Centralized dashboard
© 2015 IBM Corporation IBM Security 7 QRadar: Enabling Service Providers to Broaden the Reach of Security Intelligence Service Providers can extend Tier 1 security intelligence capabilities to small & mid-size organizations leveraging multi-tenancy Customer A Customer B Customer C Customer D Master Console Service Providers can gain centralized visibility to multiple, diverse QRadar deployments – multi- tenant, or dedicated Customer E Service Providers can either deploy QRadar in the cloud or resell IBM Security Intelligence on Cloud Offering to minimize capital expenditures and offer an operating expense model for security intelligence for their customers New New New
* © 2014 IBM Corporation QRadar Multi-Tenancy
© 2015 IBM Corporation IBM Security 9 MULTI-TENANT enables secure, rapid and cost effective delivery of security intelligence services Multi-Tenant QRadar for Managed Security Service Providers Scalable appliance architecture Shared modular infrastructure  New centralized views and incident management  Mixed single and multi-tenanted deployment options  True horizontal, snap-on scalability capabilities  Extensive APIs for enterprise integration  System configuration template support  Cloud ready with support for 400+ out-of-the-box devices Significant new capabilities to help Service Providers being security to customers IBM Security QRadar is: AUTOMATED drives simplicity and accelerates time-to- value for service providers SCALABLE scales from smallest to largest customers with centralized management of single and multi- tenanted systems INTELLIGENT AUTOMATED INTEGRATED
© 2015 IBM Corporation IBM Security 10 Introducing the Domain Concept Domains are the building blocks for Multi-tenant QRadar  Allows for segregating overlapping IPs  Enables categorizing sources of security data (ex. events, flows) into different sets  Facilitates monitoring and analysis of one or more subsets to attain granular visibility Domains can be defined at three levels: Domain A Domain B Collector-level Collectors (events or flows) are used to distinguish among domains Source-level Domain A Source 1 Source 2 Domain B Source 3 Properties-level Log Source 4 Domain A Property i Domain B Property ii Property iii Sources (log or flow) possibly aggregated by the same collector can be specified as belonging to different domains Specific events within a log source can be associated to various domains Increasing Priority
© 2015 IBM Corporation IBM Security 11 Automatic Detection & The Default Domain In cases where there is no dedicated event collector to a domain log sources that are automatically detected with no previous domain assignment are allocated to the default domain such that the the Service Provider admin or global admin can make the domain assignment (if any) Prevents data leakage and enforces data separation across domains Domain A Domain B Collector-level Source-level Domain A Source 1 Source 2 Domain B Source 3 Properties-level Log Source 4 Domain A Property i Domain B Property ii Property iii When a dedicated event collectors is assigned to a unique domain, new log sources that are automatically detected are automatically assigned to that domain
© 2015 IBM Corporation IBM Security 12 Domain Data Available in QRadar
© 2015 IBM Corporation IBM Security 13 Domain Support in Rules  Custom rules engine is now domain-aware, automatically isolating correlations from different domains.  New domain test allows for cross domain correlations is desired or necessary
© 2015 IBM Corporation IBM Security 14 Domain Aware Retention Policies  Define domain-based retention policies  Enabled address domain specific data retention policy definition
© 2015 IBM Corporation IBM Security 15 Security Profile Domain Support  Security Profile can be restricted to one or more domains  Security Profile will restrict access to flows, events, assets, and offenses based on domain
© 2015 IBM Corporation IBM Security 16 Offense Domain Support  Domain information carried all the way through offense
© 2015 IBM Corporation IBM Security 17 Asset Model Domain Support  Each asset is assigned to a domain  Assets can have overlapping IP addresses
© 2015 IBM Corporation IBM Security 18 Controlled Access to Domains New User Security Profiles can be instantiated to control access to domain data:  Enables defining user access rights to one or more domains  Allows for delegation of responsibilities across domains  Facilitates defining domain specific visibility Domain A Domain B DomainA Security Profile DomainB Security Profile Once Domains are defined, the next step is to control user privileges to those domains Process in the QRadar Admin Console: 1. Define Security Profiles for the Domains 2. Associate users from those domains to the appropriate security profiles
© 2015 IBM Corporation IBM Security 19 Vulnerability Management on a Domain-Level QRadar Vulnerability Manager now allows scanners to be domain-aware enabling asset profiles to be denoted with domain categorization when scan results are exported. Domain is defined per scanner for dynamic scanning Domain is a selectable criteria when filtering results Credentials controlled through the user’s security profile relating to the domain specified Saved searches for scan results will return assets that also match domain visibility of the user Note a key value proposition of QRadar Vulnerability Manager is that scanners can be enabled on the deployed QRadar infrastructure without incurring additional infrastructure overhead.
© 2015 IBM Corporation IBM Security 20 Summarizing QRadar Multi-Tenancy Capabilities for Service Providers  Support multiple customers in a single QRadar deployment  Service Provider responsible for system administration of all customer domains  Each customer only has visibility to their security data – logs, flows, offenses etc.  Guarantees that customer’s security data is not correlated with security data from other customers  Service Provider responsible for running vulnerability scans but customers can gain visibility to scan reports associated with their domains
* © 2014 IBM Corporation QRadar Master Console
© 2015 IBM Corporation IBM Security 22 Master Console: A Single View Across Multiple QRadar Deployments  Centralized health view and system monitoring  Additional Planned Capabilities: • Centralized offense view and management • Content Management o Log Source Management o Rules o Reports o Saved Searches o Dashboards •User Accounts •Federated Search •Seat Management Network A Network B Network C Network D Network E Multi-tenant QRadar deployment IBM Security Intelligence on Cloud
© 2015 IBM Corporation IBM Security 23 Facilitating Access to Underlying QRadar Deployments Pass-through APIs Master ConsoleAPIs QRadarAPIsQRadarAPIs Customer A Customer B Analyst An Analyst can employ the Master Console Pass-through APIs to programmatically invoke the QRadar APIs of deployments to which she has access to. This can be used to build custom applications desired by the service provider Click-through Log-in Customer A Customer B An Analyst can log-in to a specific deployment of QRadar which they are to manage from the Master console to get additional details they may need as part of the investigative process
© 2015 IBM Corporation IBM Security 24 Deploying Master Console  Every customer who purchases QRadar is entitled to Master Console – no additional cost to the customer  Master Console is a software package included in the QRadar ISO – updates provided via fix central  The customer is responsible for installing this software on their own hardware, VM or cloud instance - the recommended specifications are equivalent to the QRadar 3105 hardware appliance specifications  Using the QRadar ISO the customer should install the Master Console using the 8500 activation key.
* © 2014 IBM Corporation IBM Security Intelligence on Cloud
© 2015 IBM Corporation IBM Security 26 Extending QRadar Security Intelligence Platform to the Cloud FLEXIBLE a full suite of upgradeable security analytics offerings and service levels to choose from COST EFFECTIVE acquire and deploy quickly with no CapEx to purchase PEACE OF MIND trusted IBM security service professionals available to provide guidance and meet your security requirements Threat Indicators  Cloud-based offering of the #1 Security Intelligence solution  Protects against threats and reduces compliance risk  Leverages real-time threat intelligence from X-Force  Collects data from both on-premise and cloud resources Accelerate your ability to identify and stop cyber threats with Extensive data sources Security devices Servers and mainframes Network and virtual activity Data activity Application activity Configuration information Vulnerabilities and threats Users and identities
© 2015 IBM Corporation27 IBM Security Systems IBM Security Intelligence on Cloud Service Highlights • Security Intelligence as a Service • X-Force Exchange integration • Physically segregated client data • Real time & historical correlation of assets, events, and vulnerabilities • Advanced threat detection • Configurable SOC and management dashboards • Supports integrations of 450+ security & IT solutions • Seamless integration with IBMGlobal SOC for additional Security Services Secure robust channel Software Gateways Professionally deployed and managed solution enabling organizations to focus on monitoring security intelligence operations Security Intelligence
* © 2014 IBM Corporation Partnering with IBM
© 2015 IBM Corporation IBM Security 29 Go-To-Market Options Application Specific Licensing (ASL) Appliances or Software (including virtual appliances) Support either perpetual license or monthly payments • Zero upfront costs – pay only for EPS or Flows consumed by customers every month or quarterly • Earn discounts – as business pipeline scales earn discounted pricing or specify commitments to get discounted price up front Removes restriction on how EPS and Flows are allocated across two or more customers Current, standard processes remain in place to establish an ASL agreement Resell  Appliances, Software (including virtual appliances), or SaaS (IBM Security Intelligence on Cloud)  Collaborate with IBM to design and develop your marketing material  Realize in-built margin and complement with value added services  Current, standard processes remain in place to establish a Reseller agreement
© 2015 IBM Corporation IBM Security 30 IBM Value Proposition for Service Providers  Best in Class Security Intelligence Solution that is not only scalable but also flexible to meet the needs of a Service Provider • Dedicated Environment or Multi-Tenant • On Premise or Cloud Delivered • Horizontally Scalable • Full Spectrum of Security Intelligence capabilities  Rapid Time to Value  Simplified Deployment options  Out-of-the-box security content and integrations  Platform upon which high-value services can be offered cost- effectively & in a streamlined fashion  Tailored security building blocks  Single Pane of Glass for Security monitoring & management  Choice of Go-to-Market options to suit various business models • Minimize up-front costs • Maximize margins • Maintain customer relationships
© 2015 IBM Corporation IBM Security 31 www.ibm.com/security © Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY

Recommended

IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadarPencilData
 
Siem ppt
Siem pptSiem ppt
Siem pptkmehul
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 
IBM Qradar & resilient
IBM Qradar & resilientIBM Qradar & resilient
IBM Qradar & resilientPrime Infoserv
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 

Recommended

IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadarPencilData
 
Siem ppt
Siem pptSiem ppt
Siem pptkmehul
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 
IBM Qradar & resilient
IBM Qradar & resilientIBM Qradar & resilient
IBM Qradar & resilientPrime Infoserv
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
Qradar - Reports.pdf
Qradar - Reports.pdfQradar - Reports.pdf
Qradar - Reports.pdfPencilData
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:Anton Chuvakin
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM ArchitectureNishanth Kumar Pathi
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk
 
Q radar architecture deep dive
Q radar architecture deep diveQ radar architecture deep dive
Q radar architecture deep diveKamal Mouline
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhydn|u - The Open Security Community
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsAnton Chuvakin
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptxAjit Wadhawan
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
What is SIEM
What is SIEMWhat is SIEM
What is SIEMPatten John
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Ivanti
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA IBM Security
 
Extend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsExtend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsIBM Security
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityIBM Security
 

More Related Content

What's hot

Qradar - Reports.pdf
Qradar - Reports.pdfQradar - Reports.pdf
Qradar - Reports.pdfPencilData
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk
 
Q radar architecture deep dive
Q radar architecture deep diveQ radar architecture deep dive
Q radar architecture deep diveKamal Mouline
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsAnton Chuvakin
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Ivanti
 

What's hot (20)

Qradar - Reports.pdf
Qradar - Reports.pdfQradar - Reports.pdf
Qradar - Reports.pdf
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM Architecture
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
 
Q radar architecture deep dive
Q radar architecture deep diveQ radar architecture deep dive
Q radar architecture deep dive
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and Lessons
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
What is SIEM
What is SIEMWhat is SIEM
What is SIEM
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 

Similar to IBM Qradar

Extend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsExtend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsIBM Security
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityIBM Security
 
QRadar_on_Cloud_client_presentation.PPTX
QRadar_on_Cloud_client_presentation.PPTXQRadar_on_Cloud_client_presentation.PPTX
QRadar_on_Cloud_client_presentation.PPTXNatashaVerma29
 
IBM Softlayer ile bulutta 3. Boyut Bora Taşer IBM
IBM Softlayer ile bulutta 3. Boyut Bora Taşer IBMIBM Softlayer ile bulutta 3. Boyut Bora Taşer IBM
IBM Softlayer ile bulutta 3. Boyut Bora Taşer IBMWebrazzi
 
Interoute Intelligent Monitoring
Interoute Intelligent MonitoringInteroute Intelligent Monitoring
Interoute Intelligent MonitoringOnomi
 
Deploying Cloud Use Cases
Deploying Cloud Use CasesDeploying Cloud Use Cases
Deploying Cloud Use CasesJason Singh
 
IBM Softlayer Bluemix Marketplace
IBM Softlayer Bluemix MarketplaceIBM Softlayer Bluemix Marketplace
IBM Softlayer Bluemix MarketplaceSimon Baker
 
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonBT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonDigital Catapult
 
Security Building Blocks of the IBM Cloud Computing Reference Architecture
Security Building Blocks of the IBM Cloud Computing Reference ArchitectureSecurity Building Blocks of the IBM Cloud Computing Reference Architecture
Security Building Blocks of the IBM Cloud Computing Reference ArchitectureStefaan Van daele
 
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...hasimatwork
 
Cloudy with SaaS-Shine 18march2015
Cloudy with SaaS-Shine 18march2015Cloudy with SaaS-Shine 18march2015
Cloudy with SaaS-Shine 18march2015Simon Baker
 
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...IBM Security
 
Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Scalar Decisions
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudControlCase
 
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021VMware Tanzu
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...Amazon Web Services
 
L105704 ibm-cloud-private-z-cairo-v1902a
L105704 ibm-cloud-private-z-cairo-v1902aL105704 ibm-cloud-private-z-cairo-v1902a
L105704 ibm-cloud-private-z-cairo-v1902aTony Pearson
 
Implementing zero trust in IBM Cloud Pak for Integration
Implementing zero trust in IBM Cloud Pak for IntegrationImplementing zero trust in IBM Cloud Pak for Integration
Implementing zero trust in IBM Cloud Pak for IntegrationKim Clark
 

Similar to IBM Qradar (20)

Extend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsExtend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPs
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
 
QRadar_on_Cloud_client_presentation.PPTX
QRadar_on_Cloud_client_presentation.PPTXQRadar_on_Cloud_client_presentation.PPTX
QRadar_on_Cloud_client_presentation.PPTX
 
IBM Softlayer ile bulutta 3. Boyut Bora Taşer IBM
IBM Softlayer ile bulutta 3. Boyut Bora Taşer IBMIBM Softlayer ile bulutta 3. Boyut Bora Taşer IBM
IBM Softlayer ile bulutta 3. Boyut Bora Taşer IBM
 
Interoute Intelligent Monitoring
Interoute Intelligent MonitoringInteroute Intelligent Monitoring
Interoute Intelligent Monitoring
 
Deploying Cloud Use Cases
Deploying Cloud Use CasesDeploying Cloud Use Cases
Deploying Cloud Use Cases
 
IBM Softlayer Bluemix Marketplace
IBM Softlayer Bluemix MarketplaceIBM Softlayer Bluemix Marketplace
IBM Softlayer Bluemix Marketplace
 
Check Point and Accenture Webinar
Check Point and Accenture Webinar Check Point and Accenture Webinar
Check Point and Accenture Webinar
 
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonBT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob Rowlingson
 
Security Building Blocks of the IBM Cloud Computing Reference Architecture
Security Building Blocks of the IBM Cloud Computing Reference ArchitectureSecurity Building Blocks of the IBM Cloud Computing Reference Architecture
Security Building Blocks of the IBM Cloud Computing Reference Architecture
 
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
 
Cloudy with SaaS-Shine 18march2015
Cloudy with SaaS-Shine 18march2015Cloudy with SaaS-Shine 18march2015
Cloudy with SaaS-Shine 18march2015
 
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...
 
Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
 
ERP in the cloud for public sector | James Norman | March 2016
ERP in the cloud for public sector | James Norman | March 2016ERP in the cloud for public sector | James Norman | March 2016
ERP in the cloud for public sector | James Norman | March 2016
 
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
 
L105704 ibm-cloud-private-z-cairo-v1902a
L105704 ibm-cloud-private-z-cairo-v1902aL105704 ibm-cloud-private-z-cairo-v1902a
L105704 ibm-cloud-private-z-cairo-v1902a
 
Implementing zero trust in IBM Cloud Pak for Integration
Implementing zero trust in IBM Cloud Pak for IntegrationImplementing zero trust in IBM Cloud Pak for Integration
Implementing zero trust in IBM Cloud Pak for Integration
 

More from Coenraad Smith

Making blockchain ready for business
Making blockchain ready for businessMaking blockchain ready for business
Making blockchain ready for businessCoenraad Smith
 
IBM Gaming met Bluemix
IBM Gaming met BluemixIBM Gaming met Bluemix
IBM Gaming met BluemixCoenraad Smith
 
Ibm spectrum storage protecion
Ibm spectrum storage protecion Ibm spectrum storage protecion
Ibm spectrum storage protecion Coenraad Smith
 

More from Coenraad Smith (10)

8(to)7
8(to)78(to)7
8(to)7
 
IBM PartnerWorld
IBM PartnerWorld IBM PartnerWorld
IBM PartnerWorld
 
Blockchain
BlockchainBlockchain
Blockchain
 
Making blockchain ready for business
Making blockchain ready for businessMaking blockchain ready for business
Making blockchain ready for business
 
IBM & Aspera
IBM & AsperaIBM & Aspera
IBM & Aspera
 
IBM Cloud for-dummies
IBM Cloud for-dummiesIBM Cloud for-dummies
IBM Cloud for-dummies
 
Butterfly
ButterflyButterfly
Butterfly
 
IBM Gaming met Bluemix
IBM Gaming met BluemixIBM Gaming met Bluemix
IBM Gaming met Bluemix
 
Blue mix
Blue mixBlue mix
Blue mix
 
Ibm spectrum storage protecion
Ibm spectrum storage protecion Ibm spectrum storage protecion
Ibm spectrum storage protecion
 

Recently uploaded

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Recently uploaded (20)

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

IBM Qradar

  • 1. © 2015 IBM Corporation IBM Security 1© 2015 IBM Corporation IBM QRadar for Service Providers Extending Market Reach Through Multi-Tenancy & SaaS May 2015 Vijay Dheap Global Product Manager QRadar
  • 2. © 2015 IBM Corporation IBM Security 2 Agenda  Motivations  QRadar Multi-Tenancy  QRadar Master Console  Security Intelligence on Cloud  Partnering with IBM
  • 3. * © 2014 IBM Corporation Motivations Making Security Intelligence Accessible
  • 4. © 2015 IBM Corporation IBM Security 4 It’s A Not So Friendly Cyber World…and Many are Ill-Equipped Risks abound and cost continues to grow Limitations in even grasping an organization’s security posture constraints the ability to adapt it…
  • 5. © 2015 IBM Corporation IBM Security 5 Organizations of All Sizes Plan on Raising their Basic Security IQ Growing Demand needs to be served by the Best in Class solution – QRadar and Service Providers provide not just the reach but also the expertise to onboard and support these organizations on their security intelligence journey
  • 6. © 2015 IBM Corporation IBM Security 6 Service Providers Requirements to Serve this Market Demand  Offer a range of security intelligence capabilities from the basic to the advanced to meet the spectrum of security needs of customers • Log Management • SIEM • Network, app, and service usage visibility • Vulnerability Management  Adaptive deployment of the technology depending on the size and scale of the customer • Dedicated environments for large institutions • Shared infrastructure for small/mid-size organizations  Deliver Rapid Time to Value • Quick Deployment • In-built Intelligence • Out-of-the-box integrations  Minimize operational costs in IT infrastructure maintenance and management • Multi-tenancy • Cloud delivery options  Streamline security operations to improve productivity of skilled security analysts on staff • Centralized dashboard
  • 7. © 2015 IBM Corporation IBM Security 7 QRadar: Enabling Service Providers to Broaden the Reach of Security Intelligence Service Providers can extend Tier 1 security intelligence capabilities to small & mid-size organizations leveraging multi-tenancy Customer A Customer B Customer C Customer D Master Console Service Providers can gain centralized visibility to multiple, diverse QRadar deployments – multi- tenant, or dedicated Customer E Service Providers can either deploy QRadar in the cloud or resell IBM Security Intelligence on Cloud Offering to minimize capital expenditures and offer an operating expense model for security intelligence for their customers New New New
  • 8. * © 2014 IBM Corporation QRadar Multi-Tenancy
  • 9. © 2015 IBM Corporation IBM Security 9 MULTI-TENANT enables secure, rapid and cost effective delivery of security intelligence services Multi-Tenant QRadar for Managed Security Service Providers Scalable appliance architecture Shared modular infrastructure  New centralized views and incident management  Mixed single and multi-tenanted deployment options  True horizontal, snap-on scalability capabilities  Extensive APIs for enterprise integration  System configuration template support  Cloud ready with support for 400+ out-of-the-box devices Significant new capabilities to help Service Providers being security to customers IBM Security QRadar is: AUTOMATED drives simplicity and accelerates time-to- value for service providers SCALABLE scales from smallest to largest customers with centralized management of single and multi- tenanted systems INTELLIGENT AUTOMATED INTEGRATED
  • 10. © 2015 IBM Corporation IBM Security 10 Introducing the Domain Concept Domains are the building blocks for Multi-tenant QRadar  Allows for segregating overlapping IPs  Enables categorizing sources of security data (ex. events, flows) into different sets  Facilitates monitoring and analysis of one or more subsets to attain granular visibility Domains can be defined at three levels: Domain A Domain B Collector-level Collectors (events or flows) are used to distinguish among domains Source-level Domain A Source 1 Source 2 Domain B Source 3 Properties-level Log Source 4 Domain A Property i Domain B Property ii Property iii Sources (log or flow) possibly aggregated by the same collector can be specified as belonging to different domains Specific events within a log source can be associated to various domains Increasing Priority
  • 11. © 2015 IBM Corporation IBM Security 11 Automatic Detection & The Default Domain In cases where there is no dedicated event collector to a domain log sources that are automatically detected with no previous domain assignment are allocated to the default domain such that the the Service Provider admin or global admin can make the domain assignment (if any) Prevents data leakage and enforces data separation across domains Domain A Domain B Collector-level Source-level Domain A Source 1 Source 2 Domain B Source 3 Properties-level Log Source 4 Domain A Property i Domain B Property ii Property iii When a dedicated event collectors is assigned to a unique domain, new log sources that are automatically detected are automatically assigned to that domain
  • 12. © 2015 IBM Corporation IBM Security 12 Domain Data Available in QRadar
  • 13. © 2015 IBM Corporation IBM Security 13 Domain Support in Rules  Custom rules engine is now domain-aware, automatically isolating correlations from different domains.  New domain test allows for cross domain correlations is desired or necessary
  • 14. © 2015 IBM Corporation IBM Security 14 Domain Aware Retention Policies  Define domain-based retention policies  Enabled address domain specific data retention policy definition
  • 15. © 2015 IBM Corporation IBM Security 15 Security Profile Domain Support  Security Profile can be restricted to one or more domains  Security Profile will restrict access to flows, events, assets, and offenses based on domain
  • 16. © 2015 IBM Corporation IBM Security 16 Offense Domain Support  Domain information carried all the way through offense
  • 17. © 2015 IBM Corporation IBM Security 17 Asset Model Domain Support  Each asset is assigned to a domain  Assets can have overlapping IP addresses
  • 18. © 2015 IBM Corporation IBM Security 18 Controlled Access to Domains New User Security Profiles can be instantiated to control access to domain data:  Enables defining user access rights to one or more domains  Allows for delegation of responsibilities across domains  Facilitates defining domain specific visibility Domain A Domain B DomainA Security Profile DomainB Security Profile Once Domains are defined, the next step is to control user privileges to those domains Process in the QRadar Admin Console: 1. Define Security Profiles for the Domains 2. Associate users from those domains to the appropriate security profiles
  • 19. © 2015 IBM Corporation IBM Security 19 Vulnerability Management on a Domain-Level QRadar Vulnerability Manager now allows scanners to be domain-aware enabling asset profiles to be denoted with domain categorization when scan results are exported. Domain is defined per scanner for dynamic scanning Domain is a selectable criteria when filtering results Credentials controlled through the user’s security profile relating to the domain specified Saved searches for scan results will return assets that also match domain visibility of the user Note a key value proposition of QRadar Vulnerability Manager is that scanners can be enabled on the deployed QRadar infrastructure without incurring additional infrastructure overhead.
  • 20. © 2015 IBM Corporation IBM Security 20 Summarizing QRadar Multi-Tenancy Capabilities for Service Providers  Support multiple customers in a single QRadar deployment  Service Provider responsible for system administration of all customer domains  Each customer only has visibility to their security data – logs, flows, offenses etc.  Guarantees that customer’s security data is not correlated with security data from other customers  Service Provider responsible for running vulnerability scans but customers can gain visibility to scan reports associated with their domains
  • 21. * © 2014 IBM Corporation QRadar Master Console
  • 22. © 2015 IBM Corporation IBM Security 22 Master Console: A Single View Across Multiple QRadar Deployments  Centralized health view and system monitoring  Additional Planned Capabilities: • Centralized offense view and management • Content Management o Log Source Management o Rules o Reports o Saved Searches o Dashboards •User Accounts •Federated Search •Seat Management Network A Network B Network C Network D Network E Multi-tenant QRadar deployment IBM Security Intelligence on Cloud
  • 23. © 2015 IBM Corporation IBM Security 23 Facilitating Access to Underlying QRadar Deployments Pass-through APIs Master ConsoleAPIs QRadarAPIsQRadarAPIs Customer A Customer B Analyst An Analyst can employ the Master Console Pass-through APIs to programmatically invoke the QRadar APIs of deployments to which she has access to. This can be used to build custom applications desired by the service provider Click-through Log-in Customer A Customer B An Analyst can log-in to a specific deployment of QRadar which they are to manage from the Master console to get additional details they may need as part of the investigative process
  • 24. © 2015 IBM Corporation IBM Security 24 Deploying Master Console  Every customer who purchases QRadar is entitled to Master Console – no additional cost to the customer  Master Console is a software package included in the QRadar ISO – updates provided via fix central  The customer is responsible for installing this software on their own hardware, VM or cloud instance - the recommended specifications are equivalent to the QRadar 3105 hardware appliance specifications  Using the QRadar ISO the customer should install the Master Console using the 8500 activation key.
  • 25. * © 2014 IBM Corporation IBM Security Intelligence on Cloud
  • 26. © 2015 IBM Corporation IBM Security 26 Extending QRadar Security Intelligence Platform to the Cloud FLEXIBLE a full suite of upgradeable security analytics offerings and service levels to choose from COST EFFECTIVE acquire and deploy quickly with no CapEx to purchase PEACE OF MIND trusted IBM security service professionals available to provide guidance and meet your security requirements Threat Indicators  Cloud-based offering of the #1 Security Intelligence solution  Protects against threats and reduces compliance risk  Leverages real-time threat intelligence from X-Force  Collects data from both on-premise and cloud resources Accelerate your ability to identify and stop cyber threats with Extensive data sources Security devices Servers and mainframes Network and virtual activity Data activity Application activity Configuration information Vulnerabilities and threats Users and identities
  • 27. © 2015 IBM Corporation27 IBM Security Systems IBM Security Intelligence on Cloud Service Highlights • Security Intelligence as a Service • X-Force Exchange integration • Physically segregated client data • Real time & historical correlation of assets, events, and vulnerabilities • Advanced threat detection • Configurable SOC and management dashboards • Supports integrations of 450+ security & IT solutions • Seamless integration with IBMGlobal SOC for additional Security Services Secure robust channel Software Gateways Professionally deployed and managed solution enabling organizations to focus on monitoring security intelligence operations Security Intelligence
  • 28. * © 2014 IBM Corporation Partnering with IBM
  • 29. © 2015 IBM Corporation IBM Security 29 Go-To-Market Options Application Specific Licensing (ASL) Appliances or Software (including virtual appliances) Support either perpetual license or monthly payments • Zero upfront costs – pay only for EPS or Flows consumed by customers every month or quarterly • Earn discounts – as business pipeline scales earn discounted pricing or specify commitments to get discounted price up front Removes restriction on how EPS and Flows are allocated across two or more customers Current, standard processes remain in place to establish an ASL agreement Resell  Appliances, Software (including virtual appliances), or SaaS (IBM Security Intelligence on Cloud)  Collaborate with IBM to design and develop your marketing material  Realize in-built margin and complement with value added services  Current, standard processes remain in place to establish a Reseller agreement
  • 30. © 2015 IBM Corporation IBM Security 30 IBM Value Proposition for Service Providers  Best in Class Security Intelligence Solution that is not only scalable but also flexible to meet the needs of a Service Provider • Dedicated Environment or Multi-Tenant • On Premise or Cloud Delivered • Horizontally Scalable • Full Spectrum of Security Intelligence capabilities  Rapid Time to Value  Simplified Deployment options  Out-of-the-box security content and integrations  Platform upon which high-value services can be offered cost- effectively & in a streamlined fashion  Tailored security building blocks  Single Pane of Glass for Security monitoring & management  Choice of Go-to-Market options to suit various business models • Minimize up-front costs • Maximize margins • Maintain customer relationships
  • 31. © 2015 IBM Corporation IBM Security 31 www.ibm.com/security © Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY