QRadar SIEM and FireEye MPS Integration



Similar documents
QRadar SIEM and Zscaler Nanolog Streaming Service

IBM Security Intelligence Strategy

IBM SECURITY QRADAR INCIDENT FORENSICS

IBM Security IBM Corporation IBM Corporation

IBM QRadar Security Intelligence April 2013

How to Choose the Right Security Information and Event Management (SIEM) Solution

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

IBM Security QRadar SIEM Product Overview

Q1 Labs Corporate Overview

What is Security Intelligence?

Strengthen security with intelligent identity and access management

IBM QRadar as a Service

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Security strategies to stay off the Børsen front page

The webinar will begin shortly

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Log management & SIEM: QRadar Security Intelligence Platform

Boosting enterprise security with integrated log management

Extreme Networks Security Analytics G2 Vulnerability Manager

IBM Security QRadar Vulnerability Manager

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Continuous Network Monitoring

The Value of QRadar QFlow and QRadar VFlow for Security Intelligence

How To Buy Nitro Security

IBM QRadar Security Intelligence Platform appliances

QRadar Security Management Appliances

Ecom Infotech. Page 1 of 6

QRadar Security Intelligence Platform Appliances

The SIEM Evaluator s Guide

How To Manage Security On A Networked Computer System

IBM Endpoint Manager Product Introduction and Overview

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

SANS Top 20 Critical Controls for Effective Cyber Defense

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Vulnerability Management

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

IBM Security QRadar Risk Manager

IBM Security QRadar QFlow Collector appliances for security intelligence

IBM Security QRadar Risk Manager

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

What s New in Security Analytics Be the Hunter.. Not the Hunted

Extending security intelligence with big data solutions

Under the Hood of the IBM Threat Protection System

What is SIEM? Security Information and Event Management. Comes in a software format or as an appliance.

Effectively Using Security Intelligence to Detect Threats and Exceed Compliance

Leverage security intelligence for retail organizations

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

Unified Security Management and Open Threat Exchange

STEALTHWATCH MANAGEMENT CONSOLE

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

Bridging the gap between COTS tool alerting and raw data analysis

The Purview Solution Integration With Splunk

IBM Security X-Force Threat Intelligence

The Hillstone and Trend Micro Joint Solution

Security Intelligence Solutions

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

End-user Security Analytics Strengthens Protection with ArcSight

QRadar SIEM 6.3 Datasheet

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Breaking down silos of protection: An integrated approach to managing application security

Five Ways to Use Security Intelligence to Pass Your HIPAA Audit

Introducing IBM s Advanced Threat Protection Platform

IBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager!

SourceFireNext-Generation IPS

SecureVue Product Brochure

Information Technology Policy

Tivoli Security Information and Event Manager V1.0

RAVEN, Network Security and Health for the Enterprise

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

Changing the Enterprise Security Landscape

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Extreme Networks Security Analytics G2 Risk Manager

Vendor Landscape: Security Information & Event Management (SIEM)

IMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY MONITORING

Detect & Investigate Threats. OVERVIEW

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Win the race against time to stay ahead of cybercriminals

Using SIEM for Real- Time Threat Detection

RSA Security Analytics

IBM Security re-defines enterprise endpoint protection against advanced malware

Network Performance + Security Monitoring

McAfee Network Security Platform

Splunk: Using Big Data for Cybersecurity

IBM Advanced Threat Protection Solution

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

AMPLIFYING SECURITY INTELLIGENCE

Requirements When Considering a Next- Generation Firewall

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

Risk-based solutions for managing application security

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

Transcription:

QRadar SIEM and FireEye MPS Integration March 2014 1

IBM QRadar Security Intelligence Platform Providing actionable intelligence INTELLIGENT Correlation, analysis and massive data reduction AUTOMATED Driving simplicity and accelerating time-to-value IBM QRadar Security Intelligence Platform INTEGRATED Unified architecture delivered in a single console 2

Security intelligence timeline and definition What are the major risks and vulnerabilities? Are we configured to protect against advanced threats? What security incidents are happening right now? What was the impact to the organization? Vulnerability Pre-Exploit Exploit Post-Exploit Remediation PREDICTION / PREVENTION PHASE Gain visibility over the organization s security posture and identity security gaps Detect deviations from the norm that indicate early warnings of APTs Prioritize vulnerabilities to optimize remediation processes and close critical exposures before exploit REACTION / REMEDIATION PHASE Automatically detect threats with prioritized workflow to quickly analyze impact Gather full situational awareness through advanced security analytics Perform forensic investigation reducing time to find root-cause; use results to drive faster remediation Security Intelligence The actionable information derived from the analysis of security-relevant data available to an organization 3

QRadar SIEM: Command console for Security Intelligence Provides full visibility and actionable insight to protect against advanced threats Adds network flow capture and analysis for deep application insight Employs sophisticated correlation of events, flows, assets, topologies, vulnerabilities and external data to identify & prioritize threats Contains workflow management to fully track threats and ensure resolution Uses scalable hardware, software and virtual appliance architecture to support the largest deployments 4

Embedded intelligence offers automated offense identification Extensive Data Sources Security devices Servers and mainframes Network and virtual activity Data activity Application activity Configuration information Vulnerabilities and threats Users and identities Global threat intelligence Automated Offense Identification Massive data reduction Automated data collection, asset discovery and profiling Automated, real-time, and integrated analytics Activity baselining and anomaly detection Out-of-the box rules and templates Embedded Intelligence Prioritized Incidents Suspected Incidents 5

QRadar SIEM: Benefits Reduce the risk and severity of security breaches Remediate security incidents quickly and thoroughly Ensure regulatory and internal policy compliance Reduce manual effort of security intelligence operations 6

IBM/Q1 Labs in SIEM Leadership Quadrant for Fifth Straight Year Magic Quadrant for Security Information and Event Management, Gartner, 7 May 2013 Gartner Magic Quadrant for SIEM: IBM/Q1 Labs SIEM is rated #1 for on Ability to Execute (the Y-axis) and beat McAfee/Nitro, RSA, LogRhythm, and Splunk on Completeness of Vision (the X-axis) Ability to execute is an assessment of overall viability, product service, customer experience, market responsiveness, product track record, sales execution, operations, and marketing execution. Completeness of Vision is a rating of product strategy, innovation, market understanding, geographic strategy, and other factors What Gartner is Saying about IBM/Q1 Labs: QRadar is a good fit for midsize and large enterprises that need general SIEM capabilities and also for use cases that require behavior analysis and NetFlow analysis. Behavioral analysis is recognized by Gartner as essential in the detection of advanced threats. Customer feedback indicates that the technology is relatively straightforward to deploy and maintain across a wide range of deployment scales. A distinguishing characteristic of the technology is the collection and processing of NetFlow data, deep packet inspection (DPI) and behavior analysis for all supported event sources. 7

QRadar & FireEye MPS Events coming in 8

QRadar SIEM: Product Tour - the Intelligence of Offense Management QRadar SIEM reduces millions of events and flow records to the top few threats and incidents called Offenses Through correlation with contextual data (events, flows, vulnerabilities, threat intelligence feeds) Rules engine creates an offense as a response to a sequence of events, behavior, Incident Response Teams and Security Administrators rely on Offenses to determine what they need to remediate or investigate. 9

QRadar SIEM: Product Tour - the Intelligence of Offense Management There is a dashboard widget for the Top Offenses Offense tab shows offenses currently open, with drill down to details 10

QRadar SIEM: Product Tour of Intelligent Offense Scoring QRadar judges magnitude of offenses: Credibility: A false positive or true positive? Severity: Alarm level contrasted with target vulnerability Relevance: Priority according to asset or network value Priorities can change over time based on situational awareness 11

QRadar SIEM: Product Tour of Offense Tab 12

QRadar SIEM: Offense triggers as a result of FireEye events What was the breach? Who was responsible? Was it successful? How many targets involved? How valuable are the targets to the business? Are any of them vulnerable? 13

Where is all the evidence? 14

QRadar SIEM: Use Cases QRadar SIEM excels at the most challenging use cases: Complex threat detection Malicious activity identification User activity monitoring Compliance monitoring Fraud detection and data loss prevention 15

QRadar SIEM & FireEye Use Cases 1. ID Attacker FireEye is on the inside network; it has no idea who the outside IP address is. Leveraging our data gathering ability, QRadar SIEM will provide the real IP address of the threat, lookup the system domain and name. IPS and flow information can tell if that source is active in any other ways and XForce threat feed will tell if the source is a known threat. 2. ID an attack and prevent it from propagating When FireEye finds an attempt to attack a vulnerability, QRadar and QVM/QRM can immediately see what other critical systems are vulnerable to that active attack and prioritize the immediate patching or blocking to those systems. 16

QRadar SIEM & Zscaler Use Cases 3. Web Exploit detected FireEye MPS sends QRadar events that indicate a virus has been detected followed by a browser being infected. QRadar generates and offense that indicates which other hosts in the organization have been infected by the virus and which web servers were the source of the attack. The incident response team can focus on cleaning the organization s most valued assets first and modify their policy to prevent future contact with the webserver. 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information