Boosting enterprise security with integrated log management



Similar documents
IBM Security QRadar Risk Manager

IBM Security QRadar Risk Manager

Strengthen security with intelligent identity and access management

IBM Security QRadar Vulnerability Manager

IBM QRadar Security Intelligence April 2013

IBM Security X-Force Threat Intelligence

IBM Security Intrusion Prevention Solutions

IBM QRadar Security Intelligence Platform appliances

Safeguarding the cloud with IBM Dynamic Cloud Security

Breaking down silos of protection: An integrated approach to managing application security

IBM Security QRadar SIEM Product Overview

IBM Security IBM Corporation IBM Corporation

Beyond passwords: Protect the mobile enterprise with smarter security solutions

IBM Security Privileged Identity Manager helps prevent insider threats

What is Security Intelligence?

Risk-based solutions for managing application security

Simplify security management in the cloud

Q1 Labs Corporate Overview

Leverage security intelligence for retail organizations

IBM Security Intelligence Strategy

Applying IBM Security solutions to the NIST Cybersecurity Framework

How to Choose the Right Security Information and Event Management (SIEM) Solution

Reducing the cost and complexity of endpoint management

QRadar SIEM 6.3 Datasheet

IBM Security QRadar QFlow Collector appliances for security intelligence

IBM Security re-defines enterprise endpoint protection against advanced malware

FIVE PRACTICAL STEPS

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Log management & SIEM: QRadar Security Intelligence Platform

IBM Tivoli Netcool Configuration Manager

Clavister InSight TM. Protecting Values

Security strategies to stay off the Børsen front page

IBM QRadar as a Service

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems

The webinar will begin shortly

QRadar SIEM and Zscaler Nanolog Streaming Service

IT executive guide to security intelligence

IBM SmartCloud Monitoring

Managing security risks and vulnerabilities

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

IBM SECURITY QRADAR INCIDENT FORENSICS

IBM Tivoli Netcool network management solutions for enterprise

Securing and protecting the organization s most sensitive data

How To Buy Nitro Security

QRadar SIEM and FireEye MPS Integration

Preemptive security solutions for healthcare

Extreme Networks Security Analytics G2 Risk Manager

Information Technology Policy

Win the race against time to stay ahead of cybercriminals

IBM Rational AppScan: enhancing Web application security and regulatory compliance.

IBM Tivoli Directory Integrator

Selecting the right cybercrime-prevention solution

IBM Software Cloud service delivery and management

Log Management Solution for IT Big Data

IBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

QRadar Security Intelligence Platform Appliances

Security Intelligence Solutions

BlackStratus for Managed Service Providers

IBM Unstructured Data Identification and Management

Under the Hood of the IBM Threat Protection System

Extreme Networks Security Analytics G2 Vulnerability Manager

Compliance Management, made easy

How To Manage Log Management

nfx One for Managed Service Providers

Selecting a Managed Security Services Provider: The 10 most important criteria to consider

Payment Card Industry Data Security Standard

IBM Tivoli Compliance Insight Manager

Total Protection for Compliance: Unified IT Policy Auditing

The business value of improved backup and recovery

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

Move beyond monitoring to holistic management of application performance

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

Best Practices for Building a Security Operations Center

Ecom Infotech. Page 1 of 6

IBM Tivoli Federated Identity Manager

Vulnerability Management

Securing the mobile enterprise with IBM Security solutions

Scalability in Log Management

Log Management How to Develop the Right Strategy for Business and Compliance. Log Management

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

NEC Managed Security Services

Driving workload automation across the enterprise

Actionable Security Intelligence: Preparing for the Next Threat with a Proactive Strategy

The SIEM Evaluator s Guide

PCI DSS Reporting WHITEPAPER

IBM Cognos Enterprise: Powerful and scalable business intelligence and performance management

DEMONSTRATING THE ROI FOR SIEM

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

IBM Software Four steps to a proactive big data security and privacy strategy

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

Transcription:

IBM Software Thought Leadership White Paper May 2013 Boosting enterprise security with integrated log management Reduce security risks and improve compliance across diverse IT environments

2 Boosting enterprise security with integrated log management Contents 2 Introduction 2 Understanding the challenges of log management 3 Aligning log management with compliance mandates 3 Measuring the strategic value of log management 4 Identifying the key requirements for log management 5 Introducing IBM Security QRadar Log Manager 6 Expanding insights with a security intelligence platform 7 Conclusion 7 For more information 7 About IBM Security solutions Introduction IT organizations of all sizes face tremendous challenges in keeping their computer networks secure and ensuring compliance with the latest security regulations. Most organizations use disparate solutions to collect, analyze, archive and store large volumes of event logs to meet the diverse requirements of internal IT security policies as well as industry standards and government regulations. A wealth of information exists in the event data generated by the hundreds of network and security devices, servers, operating systems, applications and other endpoints in the typical enterprise IT environment. Unfortunately, this information may not be utilized effectively by existing management solutions. Often, critical incidents are overlooked because the information needed to recognize the significance of the incident is spread across multiple silos of information. At the same time, many regulatory agencies mandate a formal approach to log and security management. Organizations struggling to maintain the integrity of their computing resources or having difficulty meeting compliance requirements can benefit from a comprehensive log management solution that helps remove the complexities of information security. This white paper explains an integrated approach for reducing potential security risks and facilitating compliance, and introduces how IBM Security QRadar Log Manager can help organizations stay a step ahead of the latest security threats. Understanding the challenges of log management Today s organizations have invested in a variety of log management technologies and processes. These tools can vary from home-grown scripts, to shareware software, to commercially available solutions, but they are all focused on three fundamental objectives: identifying who is accessing network resources, understanding what data the users can see, and proving that only authorized users are accessing particular types of information. Unfortunately, many security and network teams are dissatisfied with their current solutions for log management. For one thing, many legacy solutions cannot effectively support the latest devices and applications, including smartphones, tablets and the like. A major challenge for heterogeneous event management is that log formats are complex, are always changing and lack consistency from vendor to vendor. In addition, some solutions only collect data from a subset of networked systems, which results in incomplete visibility.

IBM Software 3 At the same time, many tools do not scale to support the full volume of real-time network activity, resulting in an incomplete picture of the network and security posture. Moreover, many organizations are frustrated by the lack of correlation and a unified view across the different silos of data, which can result in a sea of false positives and information overload. Clearly, the inability to support certain devices or to scale to provide a complete network perspective signals a failure to achieve the fundamental criteria for a compliant log management solution. Aligning log management with compliance mandates A comprehensive log management approach provides tremendous value to an IT organization. After all, the risks of failing an audit can be serious from significant financial penalties to potential damage to an organization s reputation. Many information security regulations and IT security best-practice frameworks recognize this value and specifically dictate some form of log collection and auditing. Log management value Log management implementation However, as organizations define their compliance objectives, many quickly realize that a log management solution alone is not sufficient to meet their requirements. For example, the Payment Card Industry Data Security Standard (PCI DSS) requires surveillance into network and application activity that cannot be achieved strictly through event logs. Regardless of which regulations an organization must adhere to, it is important to assess the usefulness of a log management solution as part of an overall information security and compliance program. Although the solution can be deployed at the departmental level, organizations can only achieve the full value of integrated log management by deploying the solution across the entire IT environment. When deploying a log management solution, the value increases when it can provide visibility across the entire IT environment. Measuring the strategic value of log management Typically, an organization s operational practices can fall into the following three categories when it comes to log management: Unmanaged, reactive environment: No formalized log management solution has been implemented. The organization may leverage some limited tools, but IT staff have to juggle multiple interfaces and often manually correlate incidents with inconsistent data which can be very timeconsuming and costly for the business. The reporting requests of management and auditors go unfulfilled, sometimes with major consequences. Organizations in this category spend much more time fighting fires than strategically planning, and they can fail to detect even obvious security breaches.

4 Boosting enterprise security with integrated log management Localized order: A log management solution has been implemented, although only at a regional or departmental level. Alternatively, an organization in this category might have implemented a log management solution that provides only a limited set of features, and IT staff are forced to use manual processes and disparate tools to respond to threats across the environment. Or, as mentioned earlier, the solution may provide visibility into network and security events, but it does not provide a deep understanding of applications or user identities. Organizations in this category can gain some value from their solution, but the value is limited. Optimized operations: A comprehensive log management solution has been implemented across the enterprise, and the entire organization is receiving significant value. IT staff can run flexible searches and advanced analytics across the network and security systems, which can help them to quickly identify and resolve potential threats and compliance risks. Managers can receive actionable information to make better network and security decisions, while business leaders can easily get the reports they need to meet mandates for regulatory compliance and risk management. Identifying the key requirements for log management There are many factors to consider when selecting a log management solution, including: What is the breadth of data collection? Computing environments are made up of many disparate technologies. These typically include networking products such as switches and routers; security products such as firewalls and intrusion detection and prevention systems; operating systems; and applications including databases, network and systems management tools, and commercial and custom business applications. When evaluating log management solutions, organizations should consider the breadth of data sources supported for event collection, whether the solution can support proprietary applications and new technologies, and how it handles related events from different devices within a multi-vendor environment. Does the solution scale to my environment? Global organizations can generate billions of events per day, and the right log management solution should be able to support that volume. A scalable log management solution can distribute event collection across multiple systems, while also offering federated monitoring, reporting and administration capabilities within a central console. In addition, the solution should support concurrent querying of enterprise-wide data by several users without affecting performance. Is the data secure? Many regulatory agencies require event logs to be maintained in an unaltered state, which helps facilitate any future evidentiary use. This means that a log management solution should ensure integrity in the log records from the time they are created to the time they are destroyed. When evaluating solutions, organizations should verify that log archives can be maintained with integrity checks, including hash functions. Does the solution provide real-time event correlation? To protect data and help ensure compliance, a log management solution should offer a flexible and scalable event correlation engine to turn the flood of events generated across the network into actionable and prioritized information. Many solutions claim to offer correlation, but their capabilities can be so simplistic that they produce hundreds of alerts per day for even a small organization. These alerts, ultimately, get ignored, and the value of such correlation goes unrealized for the organization. Does the solution meet our audit requirements? Organizations that merely collect and archive event logs may not be able to meet the compliance requirements of many regulatory agencies. When evaluating log management solutions, consider whether the solution integrates with or supports detailed alerting, forensics, auditing and compliance reporting capabilities. An effective log management solution can generate detailed reports to support the diverse requirements of many in-house security policies, industry standards and governmental regulations.

IBM Software 5 Using QRadar solutions to correlate detailed database activity and security insights with other network activity, organizations can quickly research suspected security threats, such as multiple user names associated with the same IP address, and take preventive action. Introducing IBM Security QRadar Log Manager With IBM Security QRadar Log Manager, organizations can automate regulatory compliance activities and reduce security risks across a diverse IT environment. Address diverse compliance mandates With more than 2,000 out-of-the-box rules and reports, QRadar Log Manager enables organizations to meet a wide range of auditing and reporting requirements, including the PCI DSS, the Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HIPAA), the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) program, and the Gramm-Leach-Bliley Act (GLBA). Gain visibility and fast access to information Most organizations generate huge volumes of logs, and analyzing them can pose many challenges. With its customized rules engine, QRadar Log Manager can process each incoming event in real time, assign severity, credibility and relevance attributes, and then trigger an appropriate response via email notification, dashboard posting or by flagging an event for further monitoring. IT staff can run fast, flexible queries on this aggregated log data to quickly identify potential compliance risks and security threats. With pre-defined rules, reports and searches, an organization can quickly analyze log data, generate comprehensive reports and resolve security threats faster.

6 Boosting enterprise security with integrated log management Rapidly search big data sets With its instant search capabilities and advanced indexing technology, QRadar Log Manager enables fast, free-text querying of security and network data, including big data sets. This can help organizations simply and quickly detect threats, obtain forensics of big data, and conduct searches more frequently for enhanced security insights. Use drill-down capabilities for fine-grained control With a highly intuitive user interface that offers role-based access and a global view into real-time analysis and reporting, QRadar Log Manager provides a straightforward foundation for security and networking teams. Pre-defined dashboards are available by function, and users can create and customize their own dashboards. This means that IT staff can easily monitor specific activities and drill down to analyze data and activity trends. As a result, organizations can identify security anomalies and possible compliance risks, and take action before any damage can occur. Integrate a wide range of devices QRadar Log Manager can help organizations manage the event logs for a wide variety of network and security devices, including routers and switches, firewalls, virtual private networks, intrusion detection and prevention systems, anti-virus applications, servers, mainframes, endpoints, databases, email and web applications, custom devices and proprietary applications. QRadar Log Manager normalizes the log data into an easy-to-understand, yet flexible taxonomy for easy searching, correlation and reporting across a diverse IT environment. Easily collect and store log data QRadar Log Manager can help collect and store massive amounts of data up to 16 terabytes per appliance. With its federated, distributed architecture, the solution can also scale to collect hundreds of thousands of events per second. QRadar Log Manager supports high levels of data compression, which can eliminate the need for external storage. It also features intelligent data policy management, allowing organizations to make more efficient use of storage by designating which information is to be kept for how long. Less important or sensitive data can be removed sooner; more important data can be retained longer. Get immediate results with fast deployment QRadar Log Manager is designed to be easy to deploy so organizations can quickly benefit from log management. Featuring an embedded log repository, integrated log collection, and extensive pre-packaged reports and rules, the solution can begin delivering value within days. Expanding insights with a security intelligence platform QRadar Log Manager provides a solid foundation for expanding visibility into security threats with a security intelligence platform. As part of IBM QRadar Security Intelligence Platform, QRadar Log Manager makes it easy to upgrade to layered security information and event management (SIEM) protection through the purchase of an additional license. QRadar Security Intelligence Platform delivers a highly integrated set of solutions that can help organizations achieve a proactive security and compliance posture using a single console, a single set of data stores and a single application codebase. Anchored by powerful SIEM capabilities, QRadar Security Intelligence Platform provides actionable, real-time security intelligence by integrating security and network-monitoring applications into a unified solution. This way, organizations can deploy IT resources based on the analysis of a comprehensive set of data sources. In addition, QRadar Security Intelligence Platform includes IBM Security QRadar QFlow Collector technology, which provides deep network monitoring and anomaly detection capabilities. As a result, organizations can get more detailed insights about potential threats based on their context. With applicationaware network monitoring, IT staff can also help prevent threats by understanding the events that occur at the application layer.

IBM Software 7 Further, QRadar Security Intelligence Platform extends its security intelligence capabilities into virtual network environments with its IBM Security QRadar VFlow Collector technology. This technology helps organizations detect threats and manage risk in support of data center consolidation and private and public cloud initiatives. The risk assessment module, IBM Security QRadar Risk Manager, helps organizations monitor vulnerabilities and firewall configurations to reduce risk and improve compliance. Based on contextual knowledge of events and network flow data, QRadar Risk Manager can help identify potential threats against highvalue assets, determine possible attack paths and prioritize remediation activities. Conclusion Organizations of all sizes are tasked with protecting the information that traverses their network. The right log management solution can help automate IT security management tasks, strengthening defenses against attacks while improving compliance. By leveraging the information in network, security and application event logs, organizations can protect and optimize the use of critical resources. When evaluating log management solutions, organizations should consider how the log data can be used to support important functions across the entire environment, including: Does the solution provide effective monitoring and threat notifications to support the day-to-day operation of the network? Does the solution help facilitate compliance reporting and auditing, as mandated by internal security policies and regulatory agencies? Does the solution meet the security, scalability and workflow needs of your IT organization? QRadar Security Intelligence Platform integrates the comprehensive log management capabilities of QRadar Log Manager with powerful monitoring, event correlation, threat notification, reporting and auditing technologies to meet the requirements of any IT security management program. For more information To learn more about IBM Security QRadar Log Manager, please contact your IBM representative or IBM Business Partner, or visit: ibm.com/software/products/us/en/qradar-log-manager About IBM Security solutions IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force research and development, provides security intelligence to help organizations holistically protect their people, infrastructures, data and applications, offering solutions for identity and access management, database security, application development, risk management, endpoint management, network security and more. These solutions enable organizations to effectively manage risk and implement integrated security for mobile, cloud, social media and other enterprise business architectures. IBM operates one of the world s broadest security research, development and delivery organizations, monitors 13 billion security events per day in more than 130 countries, and holds more than 3,000 security patents. Additionally, IBM Global Financing can help you acquire the software capabilities that your business needs in the most cost-effective and strategic way possible. We ll partner with credit-qualified clients to customize a financing solution to suit your business and development goals, enable effective cash management, and improve your total cost of ownership. Fund your critical IT investment and propel your business forward with IBM Global Financing. For more information, visit: ibm.com/financing

Copyright IBM Corporation 2013 IBM Corporation Software Group Route 100 Somers, NY 10589 Produced in the United States of America May 2013 IBM, the IBM logo, ibm.com, and X-Force are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at Copyright and trademark information at ibm.com/legal/copytrade.shtml QRadar is a registered trademark of Q1 Labs, an IBM Company. This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED AS IS WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that systems and products are immune from the malicious or illegal conduct of any party. Please Recycle WGW03024-USEN-00

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information