Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

IBM QRadar Security Intelligence Overview

3.442 visualizaciones

Publicado el

the IBM Security Intelligence Platform, also known as QRadar®, integrates SIEM, log management, anomaly detection, vulnerability management, risk management and incident forensics into a unified, highly scalable, real-time solution that provides superior threat detection, greater ease of use, and low total cost of ownership compared with competitive products

Publicado en: Software
  • Inicia sesión para ver los comentarios

IBM QRadar Security Intelligence Overview

  1. 1. IBM QRadar Security Intelligence Overview SECURITY INTELLIGENCE AND SENSE ANALYTICS PROTECTS ASSETS FROM ADVANCED THREATS
  2. 2. 2 IBM Security Today’s challenges – drive QRadar strategy Escalating Attacks Resource Constraints • Increasingly sophisticated attack methods • Disappearing perimeters • Accelerating security breaches • Constantly changing infrastructure • Too many products from multiple vendors; costly to configure and manage • Inadequate and ineffective tools • Struggling security teams • Too much data with limited manpower and skills to manage it all • Managing and monitoring increasing compliance demands Spear Phishing Persistence Backdoors Designer Malware Increasing Complexity Resource Constraints
  3. 3. 3 IBM Security Providing actionable intelligence IBM QRadar Security Intelligence Platform AUTOMATED Driving simplicity and accelerating time-to-value INTEGRATED Unified architecture delivered in a single console INTELLIGENT Correlation, analysis and massive data reduction
  4. 4. 4 IBM Security Driving simplicity and accelerated time to value QRadar’s ease-of-use in set-up and maintenance resulted in reduced time to resolve network issues and freed-up IT staff for other projects. Private U.S. University with large online education community Immediate discovery of network assets Proactive vulnerability scans, configuration comparisons, and policy compliance checks Simplified deployment Automated configuration of log data sources and asset databases Automated updates Stay current with latest threats, vulnerabilities, and protocols Out-of-the- box rules and reports Immediate time to value with built-in intelligence IBM QRadar is nearly three times faster to implement across the enterprise than other SIEM solutions. 2014 Ponemon Institute, LLC Independent Research Report
  5. 5. 5 IBM Security Ask the right questions Security Intelligence The actionable information derived from the analysis of security-relevant data available to an organization What was the impact to the organization? What security incidents are happening right now? Are we configured to protect against advanced threats? What are the major risks and vulnerabilities? • Gain visibility over the organization’s security posture and identity security gaps • Detect deviations from the norm that indicate early warnings of APTs • Prioritize vulnerabilities to optimize remediation processes and close critical exposures before exploit • Automatically detect threats with prioritized workflow to quickly analyze impact • Gather full situational awareness through advanced security analytics • Perform forensic investigation reducing time to find root-cause; use results to drive faster remediation Exploit Remediation REACTION / REMEDIATION PHASE Post-ExploitVulnerability Pre-Exploit PREDICTION / PREVENTION PHASE
  6. 6. 6 IBM Security Ask the right questions Vulnerability Manager Risk Manager SIEM Log Manager Incident Forensics What was the impact to the organization? What security incidents are happening right now? Are we configured to protect against advanced threats? What are the major risks and vulnerabilities? • Gain visibility over the organization’s security posture and identity security gaps • Detect deviations from the norm that indicate early warnings of APTs • Prioritize vulnerabilities to optimize remediation processes and close critical exposures before exploit • Automatically detect threats with prioritized workflow to quickly analyze impact • Gather full situational awareness through advanced security analytics • Perform forensic investigation reducing time to find root-cause; use results to drive faster remediation Exploit Remediation REACTION / REMEDIATION PHASE Post-ExploitVulnerability Pre-Exploit PREDICTION / PREVENTION PHASE
  7. 7. 7 IBM Security Embedded intelligence offers automated offense identification Suspected IncidentsServers and mainframes Data activity Network and virtual activity Application activity Configuration information Security devices Users and identities Vulnerabilities and threats Global threat intelligence Automated Offense Identification • Unlimited data collection, storage and analysis • Built in data classification • Automatic asset, service and user discovery and profiling • Real-time correlation and threat intelligence • Activity baselining and anomaly detection • Detects incidents of the box Embedded Intelligence Prioritized Incidents
  8. 8. 8 IBM Security Answering questions to help prevent and remediate attacks
  9. 9. 9 IBM Security Extend clarity around incidents with in-depth forensics data Suspected Incidents Directed Forensics Investigations • Rapidly reduce time to resolution through intuitive forensic workflow • Use intuition more than technical training • Determine root cause and prevent re-occurrences Embedded Intelligence Prioritized Incidents
  10. 10. 10 IBM Security IBM Security App Exchange A Platform for Security Intelligence Collaboration Single collaboration platform for rapidly delivering new apps and content for IBM Security solutions Enable rapid innovation Single Platform for Collaboration Access Partner Innovations Certified Security Apps Allows QRadar users and partners to deploy new use cases in an accelerated way Quickly Extend QRadar Functionality
  11. 11. 11 IBM Security Enabling comprehensive extensions and 3rd party integration through the QRadar Application Framework QRadar API Components NEW New open API for rapid innovation and creation Insider Threats Internet of Things Incident Response Cybersecurity Use Cases  Market, technology, business specific  Seamlessly integrated workflow  Economic and operational benefit  More flexibility and less complexity
  12. 12. 12 IBM Security IBM zSecure IBM Security AppScan IBM Security Network Protection XGS IBM Security Access Manager IBM Security Privileged Identity Manager IBM InfoSphere Guardium IBM Security Identity Manager IBM Security Directory Server and Integrator IBM Endpoint Manager IBM Trusteer Apex IBM QRadar is the centerpiece of IBM security integration IBM QRadar Security Intelligence Platform
  13. 13. 13 IBM Security IBM QRadar supports hundreds of third-party products IBM QRadar Security Intelligence Platform
  14. 14. 14 IBM Security Flexible appliance, virtual, software and cloud architecture for high performance and rapid deployment IBM QRadar Security Intelligence Platform • Easy-to-deploy, scalable model using stackable distributed appliances • Does not require third-party databases or storage Scalable appliance architecture • Offers automatic failover and disaster recovery • Hardware, Software, Virtual deployments • Cloud, on-premise and hybrid deployment • Perpetual, Rental and SAAS options Shared modular infrastructure
  15. 15. 15 IBM Security Key Security Trends IBM Security Portfolio Advanced Threats Skills Shortage Cloud Adoption Mobile Concerns Compliance Mandates Our strategy is to provide integrated solutions to the market Consulting and Managed Services Integrated Security Technologies Security Intelligence and Operations Security Intelligence and Analytics Strategy, Risk and Compliance Cloud and Managed Services Advanced Fraud Protection Identity and Access Management Services Data and Application Security Services Cybersecurity Assessment and Response Identity and Access Management Data Security Application Security Infrastructure and Threat Protection Advanced Threat and Security Research
  16. 16. 16 IBM Security Example deployment • SIEM Replacement  Ability to view Real Time Alerts while maintaining Searching capabilities on legacy data  Addition of Network Flow visibility. Where is the IP coming from and attempting to go  Configured and Deployed in less than 45 Days  12 Million Flows , 280,000 Log Sources  40 Unique Log Source Types across the enterprise • FireEye, BlueCoat Proxy, Firewalls, Windows, Linux  Over 5 Billion events being consumed daily • Other Highlights  Within first 45 Days saw misconfigured devices  Able to quickly utilize external feeds "Reference Sets“ of known Indicators of Compromise "IOC's“  Routers pinging Chinese Address Space
  17. 17. 17 IBM Security An integrated, unified architecture in a single web-based console Log Management Security Intelligence Network Activity Monitoring Risk Management Vulnerability Management Network Forensics
  18. 18. 18 IBM Security Intelligence, integration, automation to stay ahead of the threat Identify and quickly remediate Deploy comprehensive security intelligence and incident forensics Detect insider fraud Adopt next-generation SIEM with identity correlation Address regulation mandates Automate data collection and configuration audits Consolidate data silos Collect, correlate and report on data in one integrated solution Better predict business risks Engage entire lifecycle of risk management for network and security infrastructures
  19. 19. Additional Value QRADAR
  20. 20. 20 IBM Security Security Intelligence platform that enables security optimization through advanced threat detection, meet compliance and policy demands and eliminating data silos Portfolio Overview QRadar Log Manager • Turnkey log management for SMB and Enterprises • Upgradeable to enterprise SIEM QRadar SIEM • Integrated log, flow, threat, compliance mgmt • Asset profiling and flow analytics • Offense management and workflow Network Activity Collectors (QFlow) • Network analytics, behavior and anomaly detection • Layer 7 application monitoring QRadar Risk Manager • Predictive threat modeling & simulation • Scalable configuration monitoring and audit • Advanced threat and impact analysis QRadar Vulnerability Manager • Integrated Network Scanning & Workflow • Leverage SIEM, Threat, Risk to prioritize vulnerabilities QRadar Incident Forensics • Reconstruct raw network packets to original format • Determine root cause of security incidents and help prevent recurrences QRadar Product Portfolio
  21. 21. 21 IBM Security Addressing organizations’ growing cloud security requirements Increasingcloudadoption Serviced from the cloud Manage from the cloud Utilize the cloud Collect from the Cloud  A cloud-based hybrid SI deployment managed from the cloud  Unified view of on-prem and cloud-based security data  Cloud-based SI as a Service delivering a managed and unified view of operations  On-prem security data forwarded to the cloud & synthesized with security data from cloud assets  On-premises hybrid SI deployment that optimally leverages cloud resources  Extended data retention periods and expanded analytical resources  On-premises SI extending visibility into cloud applications and infrastructure  Unified security view of on-premise and cloud operations
  22. 22. 22 IBM Security  Network traffic doesn’t lie. Attackers can stop logging and erase their tracks, but can’t cut off the network (flow data) • Deep packet inspection for Layer 7 flow data • Pivoting, drill-down and data mining on flow sources for advanced detection and forensics  Helps detect anomalies that might otherwise get missed  Enables visibility into attacker communications QRadar QFlow - Differentiated by network flow analytics
  23. 23. 23 IBM Security QRadar QFlow fully supports five key use cases • Detection of zero-day threats through traffic profiling Detection of malware and virus/worm activity through behavior profiling and anomaly detection across all network traffic (applications, hosts, protocols, areas of the network) • Compliance with policy and regulatory mandates via deep analysis of application data and protocols Alerting on out-of-policy behavior and traffic, such as traffic being sent to untrustworthy geographical regions or unsecure protocols • Social media monitoring Anomaly detection and DPI-based content capture that identify and alert on social media-related threats and risks • Advanced incident analysis via correlation of flow data with log data Accurate prioritization of incident data and reduction of false positives by correlating security events with actual network traffic • Continuous profiling of assets Collection and monitoring of continuous information feed from hosts, assets and services, allowing QRadar SIEM to automatically identify and classify new assets and discover what ports and services they are running
  24. 24. 24 IBM Security Log Manager SIEM Network Activity Monitor Risk Manager QRadar QVM Questions remain: • Has that been patched? • Has it been exploited? • Is it likely to be exploited ? • Does my firewall block it? • Does my IPS block it? • Does it matter? Existing VMs  Reduces data load – Bringing rich context to Vulnerability Management  Improves visibility – Intelligent, event-driven scanning, asset discovery, asset profiling and more  Breaks down silos – Leveraging all QRadar integrations and data – Unified vulnerability view across all products Introducing QRadar Vulnerability Manager Vulnerability Manager
  25. 25. 25 IBM Security  Contains an embedded, well proven, scalable, analyst recognised, PCI certified scanner  Detects 70,000+ vulnerabilities  Tracks National Vulnerability Database (CVE)  Present in all QRadar log and flow collectors and processors  Integrated external scanner  Complete vulnerability view supporting 3rd party vulnerability system data feeds  Supports exception and remediation processes of VM with seamlessly integrated reporting and dash boarding Complete Vulnerability Context and Visibility Integrated vulnerability scanner Network discovery and asset information IBM Security Context AppScan Guardium Endpoint (BigFix) Network IPS X-Force 3rd Party vulnerability solutions e.g. Qualys Rapid7 Nessus nCircle McAfee QRadar Vulnerability – Integrated Vulnerability Management
  26. 26. 26 IBM Security QRadar Risk Manager – Context driven risk prioritization  Fully integrated Security Intelligence, and Risk Management solution  Most comprehensive risk assessment covering network usage, configuration data, vulnerability posture, and current threat environment  Powerful, simple to use visualization of network usage and attack paths enhancing risk and incident response  Reduced total cost of ownership through product consolidation QRadar Risk Manager enhances Security Intelligence by adding network topology visualization and path analysis, network device optimization and configuration monitoring, and improved compliance monitoring/reporting to QRadar SIEM
  27. 27. 27 IBM Security In 2012, 38% of targets were attacked again once the original incident was remediated. QRadar Incident Forensics – Responding quickly to incidents Attackers spend an estimated 243 days on a victim’s network before being discovered Has our organization been compromised? When was our security breached? How to avoid becoming a repeat victim? What resources and assets are at risk? What type of attack is it? How do we identify the attack?
  28. 28. 28 IBM Security Our Security Intelligence platform delivers powerful capabilities IT Security Operations Teams Tells you exactly when an incident occurred Delivers intelligence to guide forensics investigations Merges powerful forensics capability with simplicity Next generation network forensics: know what happened, fast Introducing QRadar Incident Forensics: Leveraging the strengths of QRadar to optimize the process of investigating and gathering evidence on advanced attacks and data breaches • Visually construct threat actor relationships • Builds detailed user and application profiles across multiple IDs • Full packet capture for complete session reconstruction • Unified view of all flow, user, event, and forensic information • Retrace activity in chronological order • Integrated with QRadar to discover true offenses and prioritize forensics investigations • Enables search-driven data exploration to return detailed, multi-level results in seconds
  29. 29. © Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions FOLLOW US ON: THANK YOU

×