Over 74% of global enterprise security professionals rate improving security monitoring as a top priority. Monitoring must be done efficiently within a security operations center (SOC) to combat increased threats and a limited supply of trained security analysts.
While the vendor landscape for security solutions is rapidly evolving, many early point solutions and first generation SIEMs are not keeping pace with the changing needs of security operations. A new class of platforms has emerged that combine advanced analytics and flexible deployment options. Join this exclusive webinar featuring Forrester Research to learn:
Characteristics of modern security platforms that have evolved from point solutions and basic SIEMs
Criteria to consider when evaluating vendors and solutions
The advantages of an integrated security platform that incorporates cognitive capabilities and augmented intelligence
29. IBM QRadar:
The story of a security analytics platform
Patrick Vandenberg
Program Director, IBM Security
@ptvandenberg
30. 30 IBM Security
COGNITIVE, CLOUD,
and COLLABORATION
Interpret, learn and process
shared security intelligence,
that is designed by and for
humans, at a speed and scale
like never before
INTELLIGENCE, INTEGRATION,
and ORCHESTRATION
Leverage analytics to collect
and make sense of massive
amounts of real-time data flow,
prioritize events, and detect
high-risk threats in real-time
The next era of security
PERIMETER
CONTROLS
Deploy static defenses
to guard or limit the flow
of data, including firewalls
antivirus software and
web gateways
31. 31 IBM Security
The need: coordinated foundational Security Operations capabilities
THREAT
INTELLIGENCE
External data feeds
on malicious
entities
THREAT
HUNTING
Searching
cyber
investigations
SECURITY
ANALYTICS
Aggregation,
automated detection,
and use cases
INCIDENT
RESPONSE
Orchestrated
security response
32. 32 IBM Security
Event Correlation
and Log Management
IBM QRadar Security Intelligence
SIEM LAYER
Incident Response
Orchestration
Cognitive Security
Threat Intelligence
Hunting
User and Entity Behavior
ABOVE THE SIEM
New Security Operations Tools
BELOW THE SIEM
IBM QRadar – An integrated ‘Above SIEM’ solution for the SOC
IBM
Security
App
Exchange
33. 33 IBM Security
Cognitive
Security
User Behavior
Analytics
Easily and
quickly deployed
solution for Insider
threats available
from the
App Exchange
delivering insights
and value in
minutes
Incident
Response
Build and
execute an
automated
incident
response
plans
App Exchange
and EcoSystem
Open collaborative
app exchange
and platform
enabling easily
deployable secure
apps on QRadar
fast tracking
security operations
rollout and delivering
real agility
QRadar
on Cloud
Flexible solution
that can deploy as
either a true SaaS
offering or combine
with hybrid cloud
environments to
improve visibility
into cloud-based
applications
Network
Forensics
Incident
forensics
and packet
captures
CyberTap
ClientNeeds
Vulnerability
and Risk
Management
Real-time
vulnerability
scanning and
threat based
prioritization
Platformevolutionbasedonclientneeds
IBM QRadar – Client inspired innovation
2013 2014 2015 2015 2016 2016 2017
Innovative
cognitive
solution to
address
SOC
workload
and skill
shortages
deployed
quickly and
easily from
the App
Exchange
34. 34 IBM Security
We have integrated Watson for Cyber Security with IBM QRadar
to accelerate Cognitive Security for our clients
Send to Watson for Security
Internal Security Events
and Incidents
External Security
Knowledge
IBM QRadar Security Intelligence Platform Watson for Cyber Security
QRadar sends Watson a
pre-analyzed security incident
Watson automatically provides
response back to Security
Analyst on probability of threat
and best practices, resulting in
substantial time savings
35. 35 IBM Security
Advanced Threat
Detection
Insider Threat
Securing the
Cloud
Risk and Vuln
Management
A cognitive security operations platform for tomorrows threats
Critical Data
Protection
Compliance
Incident
Response
Fast to deploy, easy to manage,
and focused on your success