Ecom Infotech Page 1 of 6
Page 2 of 6 IBM Q Radar SIEM Intelligence 1. Security Intelligence and Compliance Analytics Organizations are exposed to a greater volume and variety of threats and compliance risks than ever. IBM security intelligence solutions harness the security-relevant information across your organization, applying advanced intelligence to help you detect threats faster, prioritize risks more effectively and automate compliance activities. IBM QRadar Security Intelligence Platform applies real-time correlation and anomaly detection across a distributed and scalable repository of security information. Big data analytics enable more accurate security monitoring and better visibility, yet are packaged enough to be used by small organizations as well as large enterprises. Through superior ease of use, flexibility and pre-packaged capabilities, IBM solutions help you achieve value faster and evolve your deployment as business changes. Clients in a variety of industries use IBM QRadar Security Intelligence Platform to: Detect advanced threats Address regulatory compliance mandates Detect insider threats and fraud Predict risks against the business Consolidate data silos Security intelligence solutions offer SIEM (security information and event management), log management, configuration and vulnerability management, and behavioral analysis and anomaly detection capabilities - all delivered through an integrated and flexible platform. Learn more about how small and midsize businesses, large enterprises, non-profit organizations and government agencies improve their security posture, automate compliance and reduce their total cost of ownership with IBM
Page 3 of 6 Each organization needs a plan that meets its unique requirements, which relates to the organization s mission, size, structure, and functions. 2. Incident Response Plans Organizations should have a formal, focused, and coordinated approach to responding to incidents, including an incident response plan that provides the roadmap for implementing the incident response capability. Each organization needs a plan that meets its unique requirements, which relates to the organization s mission, size, structure, and functions. The plan should lay out the necessary resources and management support. Some examples of incidents to be monitored are: Web server log entries that show the usage of a vulnerability scanner An email administrator sees a large number of bounced emails with suspicious content A system administrator sees a filename with unusual characters A network intrusion detection sensor alerts when a buffer overflow attempt occurs against a database server Antivirus software alerts when it detects that a host is infected with malware. An application logs multiple failed login attempts from an unfamiliar remote system A host records an auditing configuration change in its log A network administrator notices an unusual deviation from typical network traffic flows 2.1 Creating a Baseline To define and Incident it is important to know what is the current baseline of normal activity and what constitutes an incident. For example if a normal traffic between 2 servers is 3 Mbps and the threshold is 10% any increase of normal traffic over 3.5 Mbps should be triggered as an Incident to be further analysed. Hence organizations will need to create a baseline and threshold of values of all important network traffic between important segments, applications, and other important infrastructure devices needed to monitor.
Page 4 of 6 3. Typical Scope of Services offered When you choose ECOM as a Partner for your IBM Q Radar SIEM Solution, depending on the size of your project you may also be eligible for a Free consulting engagement for implementing your Incident Response Plan customized as per your environment. Some of the services that can include are: Establishing an incident response capability based on NIST framework Creating an incident response policy and plan Developing procedures for performing incident handling and reporting Setting guidelines for communicating with outside parties regarding incidents Selecting a team structure and staffing model Guidance on establishing relationships and lines of communication between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies) Coverage of what services the incident response team should provide Training the incident response team. SIEM Implementation
Page 5 of 6 4. Key Steps in Incident Management Engagement Plan DO Check Act Understanding the client entity and environment Define scope, expectations and project roles Readiness Assessment if required Understanding and verifying documentation of existing internal controls Perform Walkthrough Evaluate Monitor & Analyse Samples for effectiveness Evaluate additional info Request clarifications Assess Risks Request additional info Review/ discussions with the client management Kick off meeting with Stakeholders Preliminary interviews / questionnaires conducted to gain understanding of requirements Client information request list prepared and distributed Analysis of client prepared information performed and client feedback provided Project timeline (including estimates of client hours) / plan created Update Plan based on client discussions Conduct Interviews Issue draft documentation Request Samples Incorporate Management comments and Issue final documentation Create Baselines Create Project documentation Implementing SIEM solution Ongoing support Answer questions to Management 5. Why ECOM? Preparing for an Incident Management engagement is a matter of clear thinking and smart planning. Working with a consulting company such as ECOM helps you dig into areas such as risk intelligence, configuration and change management processes and how activities are monitored and managed. ECOM helps you to stay compliant with your existing compliance engagements such as PCI DSS, ISO 27001, NIST 800-53, HIPAA/ HITECH, Cloud security programs to make your life easy at the same time provide you with the much needed assurance.
Page 6 of 6 ECOM provides end to end process for Incident Management Engagements for Business IT as well as Industrial Controls environment such as SCADA/ DCS. With data moving into to the Cloud and increased use of BIG DATA, Cloud Security and Privacy concerns are on the rise. ECOM can conduct integrated information & cyber security engagements. With more stringent regulations and enforcement, cyber security issues are more in focus for organizations. Some of the advantages of working with ECOM are: A B C D E End to end process for defining and creating an Incident Response Plan Project management methodology consistently applied to each engagement Efficient service delivery with minimal disruption to operations IBM Business Partner for Q Radar SIEM and other Security Solutions 12 plus years of Information Security & Cyber Security experience Reduced time to complete assignments Expereince Security Professionals to execute projects Prompt services with engagements completed in record time Ongoing support. We are with you whenever you need us Our services are competitively priced than BIG names To discuss your specific requirement please email info@ecominfotech.biz Disclaimer: The content contained in this document is only for information and should not be construed as an advice or an opinion. The rules are subject to change and for the latest information please visit the official websites. In no way Ecom Infotech is responsible for the information contained in this document as a result of its/her/his use or reliance on the information.