IBM Security QRadar Risk Manager



Similar documents
IBM Security QRadar Risk Manager

Extreme Networks Security Analytics G2 Risk Manager

IBM Security X-Force Threat Intelligence

Strengthen security with intelligent identity and access management

IBM Security QRadar Vulnerability Manager

Boosting enterprise security with integrated log management

IBM QRadar Security Intelligence Platform appliances

IBM QRadar Security Intelligence April 2013

Safeguarding the cloud with IBM Dynamic Cloud Security

IBM Security Intrusion Prevention Solutions

Simplify security management in the cloud

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Breaking down silos of protection: An integrated approach to managing application security

IBM Security Intelligence Strategy

Leverage security intelligence for retail organizations

IBM Security IBM Corporation IBM Corporation

Reducing the cost and complexity of endpoint management

Applying IBM Security solutions to the NIST Cybersecurity Framework

IBM Security Privileged Identity Manager helps prevent insider threats

Risk-based solutions for managing application security

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Managing security risks and vulnerabilities

IBM QRadar as a Service

FIVE PRACTICAL STEPS

Security Intelligence

IBM Security QRadar QFlow Collector appliances for security intelligence

IBM Security re-defines enterprise endpoint protection against advanced malware

Security strategies to stay off the Børsen front page

IBM Security Network Protection

Win the race against time to stay ahead of cybercriminals

The webinar will begin shortly

Securing the mobile enterprise with IBM Security solutions

IBM Tivoli Netcool network management solutions for enterprise

Stay ahead of insiderthreats with predictive,intelligent security

Under the Hood of the IBM Threat Protection System

IBM SECURITY QRADAR INCIDENT FORENSICS

Securing and protecting the organization s most sensitive data

What is Security Intelligence?

IT executive guide to security intelligence

Move beyond monitoring to holistic management of application performance

IBM Security Network Protection

Introducing IBM s Advanced Threat Protection Platform

IBM Unstructured Data Identification and Management

Q1 Labs Corporate Overview

SANS Top 20 Critical Controls for Effective Cyber Defense

IBM Endpoint Manager for Mobile Devices

IBM Security QRadar SIEM Product Overview

Extreme Networks Security Analytics G2 Vulnerability Manager

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

How To Create An Insight Analysis For Cyber Security

IBM SmartCloud Monitoring

Selecting the right cybercrime-prevention solution

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

Gaining the upper hand in today s cyber security battle

IBM Software Cloud service delivery and management

Empowering intelligent utility networks with visibility and control

Protecting against cyber threats and security breaches

Preemptive security solutions for healthcare

QRadar SIEM 6.3 Datasheet

Extending security intelligence with big data solutions

CORE Security and GLBA

Security Intelligence Solutions

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

Addressing Security for Hybrid Cloud

For healthcare, change is in the air and in the cloud

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

How To Buy Nitro Security

How to Choose the Right Security Information and Event Management (SIEM) Solution

IBM Advanced Threat Protection Solution

IBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

and Security in the Era of Cloud

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

IBM Internet Security Systems. The IBM Internet Security Systems approach for Health Insurance Portability and Accountability Act compliance overview

IBM Tivoli Netcool Configuration Manager

Cyber Security RFP Template

IBM Software Four steps to a proactive big data security and privacy strategy

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

IBM Rational AppScan: enhancing Web application security and regulatory compliance.

The Current State of Cyber Security

The business value of improved backup and recovery

How To Manage Security On A Networked Computer System

QRadar SIEM and Zscaler Nanolog Streaming Service

IBM Endpoint Manager for Server Automation

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

Strategies for assessing cloud security

Implement security solutions that help protect your IT systems and facilitate your On Demand Business initiatives.

IBM Software Integrated Service Management: Visibility. Control. Automation.

Transcription:

IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Collect network security device configuration data to assess vulnerabilities and facilitate analysis and reporting Discover configuration errors and help remove ineffective rules to improve firewall performance Depict network topology views and help visualize current and alternative network traffic patterns Identify active attack paths and high-risk assets to help reduce risk and prioritize remediation activities Support policy compliance for network traffic, topology and vulnerability exposures Improve forensics to determine offense root cause Log management and security information and event management (SIEM) have become trusted solutions for network and security operators, enabling them to quickly detect and isolate security incidents and meet specific compliance requirements, as well as a growing number of regulatory mandates. And while the information provided by SIEM is critical for network and compliance security management efforts, it primarily detects exploits as they occur, rather than prioritizing what actions can be taken to prevent them from happening in the first place. IBM Security QRadar Risk Manager is an integral component of a complete security intelligence solution that serves to proactively help security professionals get and stay ahead of advanced threats. The ability to correlate security device activity with IBM Security QRadar SIEM event and flow analysis yields valuable insights revealing, for example, which firewall rules are firing, which are not, and those which could be removed to improve firewall performance and security. Adding correlation of known asset vulnerabilities and device configurations for routers, switches and intrusion detection and prevention systems completes the risk perspective, leading to improved operational efficiencies and simplified compliance reporting. QRadar Risk Manager automates risk management functions in missioncritical areas, helping security professionals safeguard their organizations against an ever-growing spectrum of attacks, vulnerabilities and compliance mandates. On today s smarter planet, organizations require better visibility into their security policies, postures and practices than ever before, because instrumented, interconnected and intelligent businesses collect and use more information.

The QRadar Risk Manager topology viewer enables users to view network devices and relationships, including subnets and links. Automated risk management for greater control over risk Government regulations, industry guidelines and corporate policies all define which specific network traffic and firewall policies an organization must deploy, monitor, audit and enforce. At a high level, the security objectives are normally pretty clear. These plans exist to achieve the desired security state, but the devil is as usual in the details. Many network attacks succeed simply due to inconsistent network and security configuration practices, highlighting the need for automated network configuration monitoring and alerts for policy breaches. Using traditional log management and SIEM solutions, where data typically exists in separate silos, organizations often lack the ability to easily assess when a network configuration allows traffic that is out of policy. QRadar Risk Manager offers an integrated approach to greatly improve organizations abilities to assess information security risk through a single console shared with QRadar SIEM. QRadar Risk Manager leverages the broadest range of risk indicators, including network and security configuration data, network activity data, network and security events, and vulnerability scan results. It also provides other key capabilities that include: Network security configuration Detailed configuration audit: Helps improve consistency of firewall rules, including detection of shadowed rules and other configuration errors Security-focused network topology model: Enables automated monitoring of configuration rules Configuration change comparison and auditing: Alerts users to risky or out-of-compliance configurations 2

Network activity monitoring Advanced monitoring and analysis of network activity: Quickly flags out-of-policy traffic Fast and efficient search of network activity: Greatly reduces forensics efforts Intuitive visualization tool: Provides interactive analysis of current and historical network activity Network security event and configuration correlation Analyses of firewall accept and deny events: Assesses rule effectiveness Scheduled or on-demand collection of device configuration data: Ensures timely, historical record of configuration Advanced asset database correlation: Leverages information from a wide variety of network and security events and configuration sources, improving accuracy of results Vulnerability scan results Correlation of known vulnerabilities with network topology: Helps deliver a prioritized list of vulnerabilities to better assess which systems are most vulnerable to attack and should be remediated first Advanced threat modeling, simulation and visualization: Provides before, during and after assessment of network risks Vulnerabilities represent the various types of weaknesses that can be exploited by a threat. While an analysis of information system vulnerabilities reveals a variety of potential causes, many vulnerabilities can be traced to software flaws and misconfigurations of information system components. 1 Policy monitoring to improve compliance QRadar Risk Manager features an automated policy engine that simplifies the assessment of a wide spectrum of information security and compliance policies. With an intuitive questionbased interface, the policy engine integrates previously separate indicators of risk through regular monitoring of network assets for defined conditions. For example, the solution enables the correlation of communications that have occurred with possible communications based on firewall and router rules, and actual firewall rule device tests. A snapshot of the QRadar Risk Manager configuration monitor shows access list information, rule usage data and shadowed rules. 3

The Policy Monitor feature allows active evaluation of multiple security policies. QRadar Risk Manager provides out-of-thebox policy templates to assist with identifying risk across regulatory mandates and information security best practices. These templates are easily extended to align with an organization s internal information security policies, and as exceptions are discovered, QRadar Risk Manager can send email, display notifications, generate a syslog event or create an offense within QRadar SIEM. In addition, compliance reports include both policy exceptions and successes. Device configuration management to detect changes and profile future risks QRadar Risk Manager provides automated collection, monitoring and auditing of device configurations across an organization s switches, routers, firewalls and intrusion detection system (IDS)/intrusion prevention system (IPS) devices. Through an ability to normalize cross-vendor device configuration data, QRadar Risk Manager provides detailed comparisons across security devices including firewall rules and policies to quickly identify when network traffic is inconsistent with a regulation, corporate mandate or industry best practice. QRadar Risk Manager maintains a history of configuration changes and enables users to audit this history across a multivendor network. This powerful capability allows users to compare normalized or raw device configurations, over time, from a single device or from different devices through a single user interface. The collection of device configuration data is also instrumental in building an enterprise-wide representation of a network s topology. Topology mapping can help an organization understand allowed and denied activity across the entire network, resulting in improved consistency of device configuration. Modeling and simulation of attacks to prioritize remediation efforts With modeling and simulation, QRadar Risk Manager helps organizations identify and prioritize their most significant risk areas. Simulation can help organizations quickly understand the risk impact of proposed changes to a network s configuration before the changes are implemented. For example, vulnerability results reported from any leading vulnerability scanning solution can be combined with network topology maps to provide a prioritized list of the most vulnerable systems by determining which are at the highest risk of exploit. This prioritized list identifies vulnerable assets at highest risk due to active network attack paths, resulting in improved operational efficiency and reduced security risk. QRadar Risk Manager also offers threat modeling capabilities to simulate the potential spread of an exploit across the network by performing multi-step correlations of at-risk systems with network topology data. 4

searches, including the ability to search on connections between hosts and networks using specific protocols and applications, as well as analyzing traffic to and from specific countries or geographical regions. Security intelligence to minimize risk QRadar Risk Manager provides organizations with a comprehensive network security solution that not only enables them to access forensics during and after an attack, but also enables them to proactively detect, prioritize and remediate areas of high risk before they can be exploited. The QRadar Risk Manager attack simulation screen shows the potential spread of an exploit across the network. Advanced tools to investigate network topologies, traffic and forensics QRadar Risk Manager offers two network visualization security tools that provide unique, risk-focused, graphical representations of the network. The end result of both of these visualizations offers network and security teams a revolutionary investigative capacity by providing vulnerability information before, during and after an exploit. The first visualization tool, called the Topology Viewer, delivers detailed views into the network configuration from a routing and firewall configuration perspective. This insight comes from a unique combination of data sources, including device configuration, network activity data and security events. The second visualization tool, called the Connection Monitor, quickly and efficiently analyzes historical network activity by automatically summarizing all network event and flow data on an hourly basis. Connection Monitor enables advanced traffic The powerful security analytics, simulation and visualization of QRadar Risk Manager provide a unique opportunity for organizations to move away from day-to-day security firefighting and to adopt a proactive, risk-based methodology that greatly strengthens network and security offenses while minimizing exploit risk. Log management and SIEM are necessary for a good network defense. By adding QRadar Risk Manager, organizations gain additional security intelligence enabling them to go on the offensive against those who wish to harm their networks. Why IBM? IBM operates the world s broadest security research, development and delivery organization. This comprises 10 security operations centers, nine IBM Research centers, 11 software security development labs and an Institute for Advanced Security with chapters in the United States, Europe and Asia Pacific. IBM solutions empower organizations to reduce their security vulnerabilities and focus more on the success of their strategic initiatives. These products build on the threat intelligence expertise of the IBM X-Force research and development team to provide a preemptive approach to security. As a trusted partner in security, IBM delivers the solutions to keep the entire enterprise infrastructure, including the cloud, protected from the latest security risks. 5

For more information To learn more about IBM Security QRadar Risk Manager, contact your IBM representative or IBM Business Partner, or visit: ibm.com/security Additionally, IBM Global Financing can help you acquire the software capabilities that your business needs in the most cost-effective and strategic way possible. We ll partner with credit-qualified clients to customize a financing solution to suit your business and development goals, enable effective cash management, and improve your total cost of ownership. Fund your critical IT investment and propel your business forward with IBM Global Financing. For more information, visit: ibm.com/financing Copyright IBM Corporation 2013 IBM Corporation Software Group Route 100 Somers, NY 10589 Produced in the United States of America January 2013 IBM, the IBM logo, ibm.com, QRadar, and X-Force are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at Copyright and trademark information at ibm.com/legal/copytrade.shtml This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED AS IS WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that systems and products are immune from the malicious or illegal conduct of any party. 1 NIST Special Publication 800-128: Guide for Security-Focused Configuration Management of Information Systems Please Recycle WGD03024-USEN-00

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information