What is Security Intelligence?

2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the IT security and risk posture of an enterprise Security Intelligence provides actionable and comprehensive insight for managing risks and threats from protection and detection through remediation

Organizations Need an Intelligent View of Their Security Posture Manual Automated 3 Basic Organizations employ perimeter protection, which regulates access and feeds manual reporting Reactive Proactive Optimized Organizations use predictive and automated security analytics to drive toward security intelligence Proficient Security is layered into the IT fabric and business operations

Security Intelligence is Enabling Progress to Optimized Security 4 Security Intelligence Optimized Role based analytics Identity governance Privileged user controls Security Intelligence: Information and event management Advanced correlation and deep analytics External threat research Data flow analytics Data governance Secure app engineering processes Fraud detection Advanced network monitoring Forensics / data mining Secure systems Proficient User provisioning Access mgmt Strong authentication Access monitoring Data loss prevention Application firewall Source code scanning Virtualization security Asset mgmt Endpoint / network security management Basic Centralized directory Encryption Access control Application scanning Perimeter security Anti-virus People Data Applications Infrastructure

Solving Customer Challenges with Total Security Intelligence 5 Detecting threats others miss Discovered Arm yourself 500 with hosts total with security Here intelligence You Have virus, which all other security products missed Consolidating data silos 2 Collect, Billion archive logs and and events analyze per day data reduced in one integrated to 25 high priority solution offenses Detecting insider fraud Trusted Next generation insider stealing SIEM with and identity destroying correlation key data Predicting risks against your business Automating Full life cycle the of policy compliance monitoring and risk and management evaluation for process network for and config. security change infrastructures the infrastructure Exceeding regulation mandates Real-time Automated monitoring data collection of all and network configuration activity, in audits addition to PCI mandates

Solutions for the Full Compliance and Security Intelligence Timeline 6

QRadar: The Most Intelligent, Integrated, Automated Security Intelligence Platform 7

Intelligent: Context & Correlation Drive Deepest Insight 8

Integrated: Unified Platform for Scale & Ease of Use 9 Bolted Together Solution QRadar Integrated Solution Scale problems Non-integrated reporting & searching No local decisions Multi-product administration Duplicate log repositories Operational bottlenecks Highly scalable Common reporting & searching Distributed correlation Unified administration Logs stored once Total visibility

Automated: No need for additional staff 10 Auto-discovery of log sources, applications and assets Asset auto-grouping Centralized log mgmt Automated configuration audits Monitor Analyze Asset-based prioritization Auto-update of threats Auto-response Directed remediation Act Auto-tuning Auto-detect threats Thousands of pre-defined rules and role based reports Easy-to-use event filtering Advanced security analytics

QRadar Family: Built On a Common Foundation 11 Security Intelligence Solutions QRadar SIEM QRadar Log Manager QRadar QFlow QRadar VFlow QRadar Risk Manager Virtual Appliances Security Intelligence Operating System Reporting Engine Warehouse Workflow Analytics Engine Normalization Rules Engine Archival Real-Time Viewer Reporting API Forensics API LEEF AXIS Configuration NetFlow Offense Intelligent, Integrated, Automated One Console Security

12 Fully Integrated Security Intelligence Log Management Turnkey log management SME to Enterprise Upgradeable to enterprise SIEM SIEM Integrated log, threat, risk & compliance mgmt. Sophisticated event analytics Asset profiling and flow analytics Offense management and workflow Risk Management Predictive threat modeling & simulation Scalable configuration monitoring and audit Advanced threat visualization and impact analysis Network Activity & Anomaly Detection Network analytics Behavior and anomaly detection Fully integrated with SIEM Network and Application Visibility Layer 7 application monitoring Content capture Physical and virtual environments

13 Fully Integrated Security Intelligence Log Management Turnkey log management SME to Enterprise Upgradeable to enterprise SIEM One Console Security SIEM Integrated log, threat, risk & compliance mgmt. Sophisticated event analytics Asset profiling and flow analytics Offense management and workflow Risk Management Predictive threat modeling & simulation Scalable configuration monitoring and audit Advanced threat visualization and impact analysis Network Activity & Anomaly Detection Network analytics Behavior and anomaly detection Fully integrated with SIEM Network and Application Visibility Layer 7 application monitoring Content capture Physical and virtual environments Built on a Single Data Architecture

14 IBM Security: Delivering Intelligence, Integration and Expertise across a Comprehensive Framework Only vendor in the market with end-to-end coverage of the security foundation $1.8B investment in innovative technologies 6K+ security engineers and consultants Award-winning X-Force research Largest vulnerability database in the industry Intelligence Integration Expertise

Integration: Increasing Security, Collapsing Silos, and Reducing Complexity Increased Awareness and Accuracy Prevent advanced threats with real-time intelligence correlation across security domains Increase situational awareness by leveraging real-time feeds of X-Force Research and Global Threat Intelligence across IBM security products, such as QRadar SIEM and Network Security appliances Conduct complete incident investigations with unified identity, database, network and endpoint activity monitoring and log management Ease of Management Simplify risk management and decision-making with automated reporting though a unified console Enhance auditing and access capabilities by sharing Identity context across multiple IBM security products Build automated, customized application protection policies by feeding AppScan results into IBM Network Intrusion Prevention Systems Reduced Cost and Complexity Deliver faster deployment, increased value and lower TCO by working with a single strategic partner 15

Expertise: Unmatched Global Coverage & Security Awareness 16 WorldWide Managed Security Services Coverage 20,000+ devices under contract 3,700+ MSS clients worldwide 9B+ events managed per day 1,000+ security patents* 133 monitored countries (MSS) Security Operations Centers Security Research Centers Security Solution Development Centers Institute for Advanced Security Branches

Intelligence: Leading Products and Services in Every Segment 17

Thank You! Q1 Labs, Inc. 890 Winter Street, Suite 230, Waltham, MA 02451 USA 781-250-5800 email: info@q1labs.com