Submit Search
Upload
IBM Qradar
•
1 like
•
3,130 views
Coenraad Smith
Follow
IBM Q Radar the best on current IT market
Read less
Read more
Technology
Report
Share
Report
Share
1 of 31
Download now
Download to read offline
Recommended
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
IBM Security QRadar
IBM Security QRadar
Virginia Fernandez
Introduction to QRadar
Introduction to QRadar
PencilData
Siem ppt
Siem ppt
kmehul
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
hardik soni
IBM Qradar & resilient
IBM Qradar & resilient
Prime Infoserv
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
Sagar Joshi
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
M sharifi
Recommended
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
IBM Security QRadar
IBM Security QRadar
Virginia Fernandez
Introduction to QRadar
Introduction to QRadar
PencilData
Siem ppt
Siem ppt
kmehul
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
hardik soni
IBM Qradar & resilient
IBM Qradar & resilient
Prime Infoserv
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
Sagar Joshi
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
M sharifi
Qradar - Reports.pdf
Qradar - Reports.pdf
PencilData
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
SIEM Primer:
SIEM Primer:
Anton Chuvakin
Beginner's Guide to SIEM
Beginner's Guide to SIEM
AlienVault
SIEM Architecture
SIEM Architecture
Nishanth Kumar Pathi
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
Q radar architecture deep dive
Q radar architecture deep dive
Kamal Mouline
McAfee SIEM solution
McAfee SIEM solution
hashnees
Security Information Event Management - nullhyd
Security Information Event Management - nullhyd
n|u - The Open Security Community
SIEM presentation final
SIEM presentation final
Rizwan S
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
OWASP Delhi
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and Lessons
Anton Chuvakin
SOAR and SIEM.pptx
SOAR and SIEM.pptx
Ajit Wadhawan
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
k33a
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
Kangaroot
Next-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
What is SIEM
What is SIEM
Patten John
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Ivanti
IBM QRadar UBA
IBM QRadar UBA
IBM Security
Extend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPs
IBM Security
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
IBM Security
More Related Content
What's hot
Qradar - Reports.pdf
Qradar - Reports.pdf
PencilData
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
SIEM Primer:
SIEM Primer:
Anton Chuvakin
Beginner's Guide to SIEM
Beginner's Guide to SIEM
AlienVault
SIEM Architecture
SIEM Architecture
Nishanth Kumar Pathi
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
Q radar architecture deep dive
Q radar architecture deep dive
Kamal Mouline
McAfee SIEM solution
McAfee SIEM solution
hashnees
Security Information Event Management - nullhyd
Security Information Event Management - nullhyd
n|u - The Open Security Community
SIEM presentation final
SIEM presentation final
Rizwan S
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
OWASP Delhi
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and Lessons
Anton Chuvakin
SOAR and SIEM.pptx
SOAR and SIEM.pptx
Ajit Wadhawan
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
k33a
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
Kangaroot
Next-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
What is SIEM
What is SIEM
Patten John
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Ivanti
IBM QRadar UBA
IBM QRadar UBA
IBM Security
What's hot
(20)
Qradar - Reports.pdf
Qradar - Reports.pdf
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
SIEM Primer:
SIEM Primer:
Beginner's Guide to SIEM
Beginner's Guide to SIEM
SIEM Architecture
SIEM Architecture
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Q radar architecture deep dive
Q radar architecture deep dive
McAfee SIEM solution
McAfee SIEM solution
Security Information Event Management - nullhyd
Security Information Event Management - nullhyd
SIEM presentation final
SIEM presentation final
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and Lessons
SOAR and SIEM.pptx
SOAR and SIEM.pptx
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
Next-Gen security operation center
Next-Gen security operation center
What is SIEM
What is SIEM
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
IBM QRadar UBA
IBM QRadar UBA
Similar to IBM Qradar
Extend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPs
IBM Security
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
IBM Security
QRadar_on_Cloud_client_presentation.PPTX
QRadar_on_Cloud_client_presentation.PPTX
NatashaVerma29
IBM Softlayer ile bulutta 3. Boyut Bora Taşer IBM
IBM Softlayer ile bulutta 3. Boyut Bora Taşer IBM
Webrazzi
Interoute Intelligent Monitoring
Interoute Intelligent Monitoring
Onomi
Deploying Cloud Use Cases
Deploying Cloud Use Cases
Jason Singh
IBM Softlayer Bluemix Marketplace
IBM Softlayer Bluemix Marketplace
Simon Baker
Check Point and Accenture Webinar
Check Point and Accenture Webinar
Check Point Software Technologies
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob Rowlingson
Digital Catapult
Security Building Blocks of the IBM Cloud Computing Reference Architecture
Security Building Blocks of the IBM Cloud Computing Reference Architecture
Stefaan Van daele
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
hasimatwork
Cloudy with SaaS-Shine 18march2015
Cloudy with SaaS-Shine 18march2015
Simon Baker
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...
IBM Security
Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6
Scalar Decisions
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
ControlCase
ERP in the cloud for public sector | James Norman | March 2016
ERP in the cloud for public sector | James Norman | March 2016
Department for Communities and Local Government Local Digital Campaign
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
VMware Tanzu
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
Amazon Web Services
L105704 ibm-cloud-private-z-cairo-v1902a
L105704 ibm-cloud-private-z-cairo-v1902a
Tony Pearson
Implementing zero trust in IBM Cloud Pak for Integration
Implementing zero trust in IBM Cloud Pak for Integration
Kim Clark
Similar to IBM Qradar
(20)
Extend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPs
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
QRadar_on_Cloud_client_presentation.PPTX
QRadar_on_Cloud_client_presentation.PPTX
IBM Softlayer ile bulutta 3. Boyut Bora Taşer IBM
IBM Softlayer ile bulutta 3. Boyut Bora Taşer IBM
Interoute Intelligent Monitoring
Interoute Intelligent Monitoring
Deploying Cloud Use Cases
Deploying Cloud Use Cases
IBM Softlayer Bluemix Marketplace
IBM Softlayer Bluemix Marketplace
Check Point and Accenture Webinar
Check Point and Accenture Webinar
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob Rowlingson
Security Building Blocks of the IBM Cloud Computing Reference Architecture
Security Building Blocks of the IBM Cloud Computing Reference Architecture
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
Cloudy with SaaS-Shine 18march2015
Cloudy with SaaS-Shine 18march2015
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...
Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
ERP in the cloud for public sector | James Norman | March 2016
ERP in the cloud for public sector | James Norman | March 2016
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
L105704 ibm-cloud-private-z-cairo-v1902a
L105704 ibm-cloud-private-z-cairo-v1902a
Implementing zero trust in IBM Cloud Pak for Integration
Implementing zero trust in IBM Cloud Pak for Integration
More from Coenraad Smith
8(to)7
8(to)7
Coenraad Smith
IBM PartnerWorld
IBM PartnerWorld
Coenraad Smith
Blockchain
Blockchain
Coenraad Smith
Making blockchain ready for business
Making blockchain ready for business
Coenraad Smith
IBM & Aspera
IBM & Aspera
Coenraad Smith
IBM Cloud for-dummies
IBM Cloud for-dummies
Coenraad Smith
Butterfly
Butterfly
Coenraad Smith
IBM Gaming met Bluemix
IBM Gaming met Bluemix
Coenraad Smith
Blue mix
Blue mix
Coenraad Smith
Ibm spectrum storage protecion
Ibm spectrum storage protecion
Coenraad Smith
More from Coenraad Smith
(10)
8(to)7
8(to)7
IBM PartnerWorld
IBM PartnerWorld
Blockchain
Blockchain
Making blockchain ready for business
Making blockchain ready for business
IBM & Aspera
IBM & Aspera
IBM Cloud for-dummies
IBM Cloud for-dummies
Butterfly
Butterfly
IBM Gaming met Bluemix
IBM Gaming met Bluemix
Blue mix
Blue mix
Ibm spectrum storage protecion
Ibm spectrum storage protecion
Recently uploaded
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
LoriGlavin3
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Florian Wilhelm
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Fwdays
How to write a Business Continuity Plan
How to write a Business Continuity Plan
Databarracks
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Manik S Magar
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
RankYa
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
charlottematthew16
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
2toLead Limited
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
Pixlogix Infotech
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Lorenzo Miniero
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Hervé Boutemy
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Alan Dix
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Miki Katsuragi
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Dilum Bandara
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
gvaughan
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
comworks
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
charlottematthew16
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
Recently uploaded
(20)
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
How to write a Business Continuity Plan
How to write a Business Continuity Plan
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
IBM Qradar
1.
© 2015 IBM
Corporation IBM Security 1© 2015 IBM Corporation IBM QRadar for Service Providers Extending Market Reach Through Multi-Tenancy & SaaS May 2015 Vijay Dheap Global Product Manager QRadar
2.
© 2015 IBM
Corporation IBM Security 2 Agenda Motivations QRadar Multi-Tenancy QRadar Master Console Security Intelligence on Cloud Partnering with IBM
3.
* © 2014
IBM Corporation Motivations Making Security Intelligence Accessible
4.
© 2015 IBM
Corporation IBM Security 4 It’s A Not So Friendly Cyber World…and Many are Ill-Equipped Risks abound and cost continues to grow Limitations in even grasping an organization’s security posture constraints the ability to adapt it…
5.
© 2015 IBM
Corporation IBM Security 5 Organizations of All Sizes Plan on Raising their Basic Security IQ Growing Demand needs to be served by the Best in Class solution – QRadar and Service Providers provide not just the reach but also the expertise to onboard and support these organizations on their security intelligence journey
6.
© 2015 IBM
Corporation IBM Security 6 Service Providers Requirements to Serve this Market Demand Offer a range of security intelligence capabilities from the basic to the advanced to meet the spectrum of security needs of customers • Log Management • SIEM • Network, app, and service usage visibility • Vulnerability Management Adaptive deployment of the technology depending on the size and scale of the customer • Dedicated environments for large institutions • Shared infrastructure for small/mid-size organizations Deliver Rapid Time to Value • Quick Deployment • In-built Intelligence • Out-of-the-box integrations Minimize operational costs in IT infrastructure maintenance and management • Multi-tenancy • Cloud delivery options Streamline security operations to improve productivity of skilled security analysts on staff • Centralized dashboard
7.
© 2015 IBM
Corporation IBM Security 7 QRadar: Enabling Service Providers to Broaden the Reach of Security Intelligence Service Providers can extend Tier 1 security intelligence capabilities to small & mid-size organizations leveraging multi-tenancy Customer A Customer B Customer C Customer D Master Console Service Providers can gain centralized visibility to multiple, diverse QRadar deployments – multi- tenant, or dedicated Customer E Service Providers can either deploy QRadar in the cloud or resell IBM Security Intelligence on Cloud Offering to minimize capital expenditures and offer an operating expense model for security intelligence for their customers New New New
8.
* © 2014
IBM Corporation QRadar Multi-Tenancy
9.
© 2015 IBM
Corporation IBM Security 9 MULTI-TENANT enables secure, rapid and cost effective delivery of security intelligence services Multi-Tenant QRadar for Managed Security Service Providers Scalable appliance architecture Shared modular infrastructure New centralized views and incident management Mixed single and multi-tenanted deployment options True horizontal, snap-on scalability capabilities Extensive APIs for enterprise integration System configuration template support Cloud ready with support for 400+ out-of-the-box devices Significant new capabilities to help Service Providers being security to customers IBM Security QRadar is: AUTOMATED drives simplicity and accelerates time-to- value for service providers SCALABLE scales from smallest to largest customers with centralized management of single and multi- tenanted systems INTELLIGENT AUTOMATED INTEGRATED
10.
© 2015 IBM
Corporation IBM Security 10 Introducing the Domain Concept Domains are the building blocks for Multi-tenant QRadar Allows for segregating overlapping IPs Enables categorizing sources of security data (ex. events, flows) into different sets Facilitates monitoring and analysis of one or more subsets to attain granular visibility Domains can be defined at three levels: Domain A Domain B Collector-level Collectors (events or flows) are used to distinguish among domains Source-level Domain A Source 1 Source 2 Domain B Source 3 Properties-level Log Source 4 Domain A Property i Domain B Property ii Property iii Sources (log or flow) possibly aggregated by the same collector can be specified as belonging to different domains Specific events within a log source can be associated to various domains Increasing Priority
11.
© 2015 IBM
Corporation IBM Security 11 Automatic Detection & The Default Domain In cases where there is no dedicated event collector to a domain log sources that are automatically detected with no previous domain assignment are allocated to the default domain such that the the Service Provider admin or global admin can make the domain assignment (if any) Prevents data leakage and enforces data separation across domains Domain A Domain B Collector-level Source-level Domain A Source 1 Source 2 Domain B Source 3 Properties-level Log Source 4 Domain A Property i Domain B Property ii Property iii When a dedicated event collectors is assigned to a unique domain, new log sources that are automatically detected are automatically assigned to that domain
12.
© 2015 IBM
Corporation IBM Security 12 Domain Data Available in QRadar
13.
© 2015 IBM
Corporation IBM Security 13 Domain Support in Rules Custom rules engine is now domain-aware, automatically isolating correlations from different domains. New domain test allows for cross domain correlations is desired or necessary
14.
© 2015 IBM
Corporation IBM Security 14 Domain Aware Retention Policies Define domain-based retention policies Enabled address domain specific data retention policy definition
15.
© 2015 IBM
Corporation IBM Security 15 Security Profile Domain Support Security Profile can be restricted to one or more domains Security Profile will restrict access to flows, events, assets, and offenses based on domain
16.
© 2015 IBM
Corporation IBM Security 16 Offense Domain Support Domain information carried all the way through offense
17.
© 2015 IBM
Corporation IBM Security 17 Asset Model Domain Support Each asset is assigned to a domain Assets can have overlapping IP addresses
18.
© 2015 IBM
Corporation IBM Security 18 Controlled Access to Domains New User Security Profiles can be instantiated to control access to domain data: Enables defining user access rights to one or more domains Allows for delegation of responsibilities across domains Facilitates defining domain specific visibility Domain A Domain B DomainA Security Profile DomainB Security Profile Once Domains are defined, the next step is to control user privileges to those domains Process in the QRadar Admin Console: 1. Define Security Profiles for the Domains 2. Associate users from those domains to the appropriate security profiles
19.
© 2015 IBM
Corporation IBM Security 19 Vulnerability Management on a Domain-Level QRadar Vulnerability Manager now allows scanners to be domain-aware enabling asset profiles to be denoted with domain categorization when scan results are exported. Domain is defined per scanner for dynamic scanning Domain is a selectable criteria when filtering results Credentials controlled through the user’s security profile relating to the domain specified Saved searches for scan results will return assets that also match domain visibility of the user Note a key value proposition of QRadar Vulnerability Manager is that scanners can be enabled on the deployed QRadar infrastructure without incurring additional infrastructure overhead.
20.
© 2015 IBM
Corporation IBM Security 20 Summarizing QRadar Multi-Tenancy Capabilities for Service Providers Support multiple customers in a single QRadar deployment Service Provider responsible for system administration of all customer domains Each customer only has visibility to their security data – logs, flows, offenses etc. Guarantees that customer’s security data is not correlated with security data from other customers Service Provider responsible for running vulnerability scans but customers can gain visibility to scan reports associated with their domains
21.
* © 2014
IBM Corporation QRadar Master Console
22.
© 2015 IBM
Corporation IBM Security 22 Master Console: A Single View Across Multiple QRadar Deployments Centralized health view and system monitoring Additional Planned Capabilities: • Centralized offense view and management • Content Management o Log Source Management o Rules o Reports o Saved Searches o Dashboards •User Accounts •Federated Search •Seat Management Network A Network B Network C Network D Network E Multi-tenant QRadar deployment IBM Security Intelligence on Cloud
23.
© 2015 IBM
Corporation IBM Security 23 Facilitating Access to Underlying QRadar Deployments Pass-through APIs Master ConsoleAPIs QRadarAPIsQRadarAPIs Customer A Customer B Analyst An Analyst can employ the Master Console Pass-through APIs to programmatically invoke the QRadar APIs of deployments to which she has access to. This can be used to build custom applications desired by the service provider Click-through Log-in Customer A Customer B An Analyst can log-in to a specific deployment of QRadar which they are to manage from the Master console to get additional details they may need as part of the investigative process
24.
© 2015 IBM
Corporation IBM Security 24 Deploying Master Console Every customer who purchases QRadar is entitled to Master Console – no additional cost to the customer Master Console is a software package included in the QRadar ISO – updates provided via fix central The customer is responsible for installing this software on their own hardware, VM or cloud instance - the recommended specifications are equivalent to the QRadar 3105 hardware appliance specifications Using the QRadar ISO the customer should install the Master Console using the 8500 activation key.
25.
* © 2014
IBM Corporation IBM Security Intelligence on Cloud
26.
© 2015 IBM
Corporation IBM Security 26 Extending QRadar Security Intelligence Platform to the Cloud FLEXIBLE a full suite of upgradeable security analytics offerings and service levels to choose from COST EFFECTIVE acquire and deploy quickly with no CapEx to purchase PEACE OF MIND trusted IBM security service professionals available to provide guidance and meet your security requirements Threat Indicators Cloud-based offering of the #1 Security Intelligence solution Protects against threats and reduces compliance risk Leverages real-time threat intelligence from X-Force Collects data from both on-premise and cloud resources Accelerate your ability to identify and stop cyber threats with Extensive data sources Security devices Servers and mainframes Network and virtual activity Data activity Application activity Configuration information Vulnerabilities and threats Users and identities
27.
© 2015 IBM
Corporation27 IBM Security Systems IBM Security Intelligence on Cloud Service Highlights • Security Intelligence as a Service • X-Force Exchange integration • Physically segregated client data • Real time & historical correlation of assets, events, and vulnerabilities • Advanced threat detection • Configurable SOC and management dashboards • Supports integrations of 450+ security & IT solutions • Seamless integration with IBMGlobal SOC for additional Security Services Secure robust channel Software Gateways Professionally deployed and managed solution enabling organizations to focus on monitoring security intelligence operations Security Intelligence
28.
* © 2014
IBM Corporation Partnering with IBM
29.
© 2015 IBM
Corporation IBM Security 29 Go-To-Market Options Application Specific Licensing (ASL) Appliances or Software (including virtual appliances) Support either perpetual license or monthly payments • Zero upfront costs – pay only for EPS or Flows consumed by customers every month or quarterly • Earn discounts – as business pipeline scales earn discounted pricing or specify commitments to get discounted price up front Removes restriction on how EPS and Flows are allocated across two or more customers Current, standard processes remain in place to establish an ASL agreement Resell Appliances, Software (including virtual appliances), or SaaS (IBM Security Intelligence on Cloud) Collaborate with IBM to design and develop your marketing material Realize in-built margin and complement with value added services Current, standard processes remain in place to establish a Reseller agreement
30.
© 2015 IBM
Corporation IBM Security 30 IBM Value Proposition for Service Providers Best in Class Security Intelligence Solution that is not only scalable but also flexible to meet the needs of a Service Provider • Dedicated Environment or Multi-Tenant • On Premise or Cloud Delivered • Horizontally Scalable • Full Spectrum of Security Intelligence capabilities Rapid Time to Value Simplified Deployment options Out-of-the-box security content and integrations Platform upon which high-value services can be offered cost- effectively & in a streamlined fashion Tailored security building blocks Single Pane of Glass for Security monitoring & management Choice of Go-to-Market options to suit various business models • Minimize up-front costs • Maximize margins • Maintain customer relationships
31.
© 2015 IBM
Corporation IBM Security 31 www.ibm.com/security © Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY
Download now