IBM QRadar as a Service

Transcription

1 Government Efficiency through Innovative Reform IBM QRadar as a Service Service Definition Copyright IBM Corporation 2014

2 Table of Contents IBM Cloud Overview... 2 IBM/Sentinel PaaS... 2 QRadar... 2 Major differentiators... 3 Main Product Features... 3 Main Technical Features... 5 Use Cases... 6 Example use cases... 6 Information Assurance and Security... 6 Service Options and SLA's... 6 Pricing Structure... 7 Overview of pricing structure... 7 Free trial options... 7 Further Information... 7 IBM Corporation 17 December 2014 i

3 IBM CLOUD OVERVIEW The demands of your applications are unique, so IBM offers a variety of Cloud options on G-Cloud. Our Clouds are located in the UK and are suitable for both OFFICIAL and OFFICIAL SENSITIVE data. For applications that need a low-cost highly scalable Linux or Windows self-service platform that can be provisioned within hours, then our SoftLayer public cloud is an attractive option. Softlayer is unusual in that you can optionally enhance both performance and security by specifying bare metal servers that are dedicated to you on your own VLAN. For organisations needing additional levels of security and monitoring, IBM offers a Community Cloud for UK Public Sector clients. This builds upon the Softlayer public cloud but adds additional dedicated security and proactive monitoring to meet public sector client needs. For applications that must be kept in a Government-only Cloud then IBM/Sentinel PaaS is an alternative option. IBM recognises that moving from traditional outsourced environments to managing your own Cloud environments can be difficult, so to smooth the path we offer PaaS Services in partnership with SCC on their Sentinel Cloud. These can be used as building blocks to deliver your system - whether it be a single web server or a complex system built of 50 or more interconnected servers. IBM/SENTINEL PAAS This offering is one of a set of Platform as a Service offerings which IBM has created in collaboration with SCC. The combination of the SCC Sentinel cloud infrastructure (which has been proven to be robust and secure) with the addition of an OS and software layer which is delivered and managed by IBM, gives you a sound platform on which to build your system. IBM has put together a set of over 20 basic PaaS offerings, giving everything from a basic Web server, through to advanced components such as Analytics. The offerings include standard Open Source products, alongside robust COTS products. If the product you need isn t there, then not to worry we have a Generic Platform as a Service too you supply the license, we will build and manage the server for you. The offerings can be provided individually to complement an existing system, or can be put together to form a new system the choice is yours. QRADAR IBM QRadar Security Intelligence Platform integrates SIEM, log management, anomaly detection, vulnerability management, risk management and incident forensics into a unified solution. By using intelligence, integration and automation to provide 360-degree security insight, this solution delivers superior threat detection, greater ease of use and potentially lower total cost of ownership. Organisations today are exposed to a greater volume and variety of attacks than in the past. Advanced attackers are clever and patient, leaving just a whisper of their presence. The QRadar Security Intelligence Platform is an integrated family of products that can help detect threats that otherwise would be missed. It helps detect and defend against threats by applying sophisticated analytics to more types of data. In doing so, it helps identify high-priority incidents that might otherwise get lost in the noise. IBM Corporation 17 December

4 Offering highlights IBM QRadar Security Intelligence Platform can help solve a number of business problems including: Consolidating audit data silos into one integrated solution Identifying insider theft and fraud Managing vulnerabilities, configurations, compliance and risks Conducting forensic investigations of incidents and offenses Addressing regulatory mandates IBM QRadar gives a route to find true offences as highlighted in Figure 1. Figure 1: IBM QRadar - embedded intelligence to find true offenses Major differentiators Provides a comprehensive SIEM, log management, anomaly detection, vulnerability management, risk management and incident forensics capability. Can be deployed quickly and effectively on proven secure Cloud infrastructure MAIN PRODUCT FEATURES The QRadar Security Intelligence Platform uses intelligence, integration and automation designed to deliver security and compliance benefits that are invaluable on today s smarter planet, where instrumented, interconnected and intelligent businesses collect, process, use and store more information than ever before. This is all provided in a single all-in-one virtual appliance within a IBM Corporation 17 December

5 secure cloud. The appliance provides a web console, and collects information from across your estate, including events and network flows as required. Consolidate data silos Although a wealth of information exists in organisations; log, network flow and business process data, this information is often held in silos and ignored or underutilised. QRadar converges network, security and operations views into a unified and flexible solution. It breaks down the walls between silos by correlating logs with network flows and a multitude of other data, presenting virtually all relevant information on a single screen. This helps enable superior threat detection and a much richer view of enterprise activity. Detect insider fraud Some of the gravest threats to an organisation come from the inside, yet organisations often lack the intelligence needed to detect malicious insiders or outside parties that have compromised user accounts. By combining user and application monitoring with application-layer network visibility, organisations can better detect meaningful deviations from normal activity, helping to stop an attack before it completes. Predict and remediate risks and vulnerabilities Security, network and infrastructure teams strive to manage risk by identifying vulnerabilities and prioritizing remediation before a breach occurs. The QRadar Security Intelligence Platform integrates risk, configuration and vulnerability management with SIEM capabilities, including correlation and network flow analytics, to help provide better insight into critical vulnerabilities. As a result, organisations can remediate risks more effectively and efficiently. Conduct Forensics Analysis QRadar integrated incident forensics helps IT security teams reduce the time spent investigating security incidents, and eliminates the need for specialised training. It expands security data searches to include full packet captures and digitally stored text, voice, and image documents. It helps present clarity around what happened when, who was involved, and what data was IBM Corporation 17 December

6 accessed or transferred in a security incident. As a result, it helps remediate a network breach and can help prevent it from succeeding again. Address regulatory compliance mandates Many organisations wrestle with passing compliance audits while having to perform data collection, monitoring and reporting with increasingly limited resources. To automate and simplify compliance tasks, QRadar provides collection, correlation and reporting on compliance-related activity, backed by numerous out-of-the-box report templates. Leveraging easier-to-use security analytics The QRadar Security Intelligence Platform provides a unified architecture for storing, correlating, querying and reporting on log, flow, vulnerability, and malevolent user and asset data. It combines sophisticated analytics with out-of-the-box rules, reports and dashboards. While it is powerful and scalable enough for major government agencies, it is also intuitive and flexible enough for small and midsize organisations. Users benefit from potentially faster time to value, lower cost of ownership, greater agility, and enhanced protection against security and compliance risks. Intelligence By analysing more types of data and using more analytics techniques, QRadar can often detect threats missed by other solutions and help provide network visibility that others cannot. Integration With a common application platform, database and user interface, this platform delivers massive log management scale without compromising the real-time intelligence of SIEM and network behaviour analytics. It provides a common solution for all searching, correlation, anomaly detection and reporting functions. A single, intuitive user interface provides seamless access to all log management, flow analysis, incident management, configuration management, risk and vulnerability management, incident forensics, dashboard and reporting functions. Automation The QRadar Security Intelligence Platform is simple to deploy and manage, offering extensive outof-the-box integration modules and security intelligence content. By automating many asset discovery, data normalization and tuning functions, while providing out-of-the box rules and reports, the solution is designed to reduce the complexity that often cripples other products. Why IBM? IBM operates the world s broadest security research, development and delivery organization. This comprises 10 security operations centres, nine IBM Research centres, 11 software security development labs and an Institute for Advanced Security with chapters in the United States, Europe and Asia Pacific. IBM solutions empower organizations to reduce their security vulnerabilities and focus more on the success of their strategic initiatives. These products build on the threat intelligence expertise of the IBM X-Force research and development team to provide a pre-emptive approach to security. As a trusted partner in security, IBM delivers the solutions to keep the entire enterprise infrastructure, including the cloud, protected from the latest security risks. MAIN TECHNICAL FEATURES This offering includes the following: IBM Corporation 17 December

7 QRadar capability layered on top of the SCC Sentinel cloud you purchase a Silver server from SCC, alongside this offering. All of the flexibility of the SCC Sentinel Cloud, with the additional benefits of the QRadar software and IBM Systems Management Pay as you go model Flexible environments Built upon industry standard components and services. USE CASES Example use cases Home Office Challenge: A Home Office programme had a requirement for an SIEM capability to be deployed within an existing system. Solution: A QRadar capability was deployed to collect Audit event records from all servers and environments, enabling GPG13 compliant reporting to be implemented Benefits: A rapid and cost effective deployment of a GPG13 compliant capability INFORMATION ASSURANCE AND SECURITY This offering is suitable for assets classified as OFFICIAL or OFFICIAL-SENSITIVE under Government Security Classifications. All datacentres are highly resilient Tier3+, UK based. IBM staff which work on the system are Security Cleared and based in the UK. SERVICE OPTIONS AND SLA'S This offering includes; Proactive monitoring of the platform from 8am-6pm Mon-Fri and 9am-5pm Sat/Sun and UK Bank Holidays Initial response to system alerts e.g. restart of failed process or node using procedures provided by the client Escalation of any issues which are not resolved to the individual or organisation nominated by the client. This offering provides a single non-clustered virtual All-in-one QRadar server. This can be subsequently configured using the standard features provided within the product. This offering is designed to provide a QRadar platform which comes deployed on a secure cloud. An established and experienced team will build and monitor your server and will provide an initial response to an alert, along with a mechanism to get the client team involved should the issue be more complex. IBM Corporation 17 December

8 Additional services can be provided over and above the basic offering. PRICING STRUCTURE Overview of pricing structure This offering layers on top of SCC s Silver Sentinel Cloud IaaS servers. They require the GPG13 option to also be purchased. Build price - one off per server (up to 100 Events Per Second and 15,000 Flows) - 8, Uplift for additional 100 Events per Second up to 500 Events Per Second - 1, Uplift for 500 to 1,000 Events Per Second - 7, Uplift for 1,000 to 2,500 Events Per Second - 15, Uplift for 2,500 to 5,000 Events Per Second - 23, Uplift for 15,000 to 25,000 Flows - 1, Uplift for 25,000 to 50,000 Flows - 8, Uplift for 50,000 to 100,000 Flows - 11, Uplift for 100,000 to 200,000 Flows - 27, Price per server per month (up to 100 Events Per Second, and 15,000 Flows) Uplift per month for additional 100 Events per Second up to 500 Events Per Second Uplift per month for 500 to 1,000 Events Per Second Uplift per month for 1,000 to 2,500 Events Per Second Uplift per month for 2,500 to 5,000 Events Per Second Uplift per month for 15,000 to 25,000 Flows Uplift per month for 25,000 to 50,000 Flows Uplift per month for 50,000 to 100,000 Flows Uplift per month for 100,000 to 200,000 Flows Any additional services will be priced based on the IBM GCloud Rate Card. Free trial options Not available. FURTHER INFORMATION Further details on IBM QRadar can be found here: IBM Corporation 17 December

9 IBM United Kingdom Limited PO Box 41 Western Road North Harbour Portsmouth Hampshire PO6 3AU Date: 17 December 2014 Version: 1.0 IBM Corporation 17 December