ibm qradar security intelligence platform - integration, intelligence and automation
Post on 14-Sep-2014
1.816 views
DESCRIPTION
View a demonstration of the IBM QRadar Security Intelligence Platform, integrating SIEM, log management, anomaly detection, and configuration and vulnerability management into a unified, one-dashboard solution. See how the QRadar platform delivers superior visibility into an organization’s network security posture by consolidating data from a wide variety of sources to improve threat detection, provide greater ease-of-use, and deliver lower total cost of ownership. The presentation will cover core platform capabilities inside of key use case scenarios organizations face, including: - Detecting threats that might otherwise get missed - Consolidating data silos - Detecting insider fraud - Predicting and remediating risks with vulnerability management - Addressing and exceeding regulatory compliance mandates View the On-demand webinar: https://www2.gotomeeting.com/register/440402098TRANSCRIPT
© 2014 IBM Corporation
IBM QRadar Security Intelligence Platform- Integration, Intelligence & Automation
Vinay Sukumar,
IBM Security Systems Technical Product Manager
© 2014 IBM Corporation
IBM Security Systems
The IT security problem
Security Intelligence defined
QRadar Security Intelligence Platform Demo
Q&A
© 2014 IBM Corporation
IBM Security Systems
Bring your own IT
Social business
Cloud and virtualization
1 billion mobile workers
1 trillion connected
objects
Innovative technology changes everything
© 2014 IBM Corporation
IBM Security Systems
Attacks continue as perpetrators sharpen skills
4
M O
T I
V A
T I
O N
S O P H I S T I C A T I O N
National Security, Economic Espionage
Notoriety, Activism, Defamation
HacktivistsLulzsec, Anonymous
Monetary Gain
Organized crimeZeus, ZeroAccess, Blackhole Exploit Pack
Nuisance,Curiosity
Insiders, Spammers, Script-kiddiesNigerian 419 Scams, Code Red
Nation-state actors, APTsStuxnet, Aurora, APT-1
© 2014 IBM Corporation
IBM Security Systems
Three core trends affecting clients’ ability to secure environments
5
Escalating Threats Increasing Complexity Resource Constraints
• Increasingly sophisticated attack methods
• Disappearing perimeters
• Accelerating security breaches
• Constantly changing infrastructure
• Too many products from multiple vendors; costly to configure and manage
• Inadequate antivirus products
• Struggling security teams
• Too much data, not enough manpower and skills to manage it all
Spear Phishing
Persistence
Backdoors
Designer Malware
© 2014 IBM Corporation
IBM Security Systems
Security Intelligence defined
© 2014 IBM Corporation
IBM Security Systems
What is Security Intelligence?
7
Security Intelligence noun \si-ˈkyu� r-ə-tē in-ˈte-lə-jən(t)s\
1. A methodology of analyzing millions and billions of security, network and application records across the organization’s entire network in order to gain insight into what is actually happening in that digital world.
2. The process of combining internal, locally collected security data with external intelligence feeds and the application of correlation rules to reduce huge volumes of data into a handful of high probability ‘offense’ records requiring immediate investigation to prevent or minimize the impact of security incidents
Delivers actionable, comprehensive insight for managing risks, combatting threats, and meeting compliance mandates.
© 2014 IBM Corporation
IBM Security Systems
LogsEvents Alerts
Configuration information
System audit trails
Externalthreat feeds
E-mail and social activity
Network flows and anomalies
Identity context
Business process data
Malware information
Now: Intelligence
•Real-time monitoring
•Context-aware anomaly detection
•Automated correlation and analytics
Then: Collection
•Log collection
•Signature-based detection
Evolving along with changing threat landscape
© 2014 IBM Corporation
IBM Security Systems
Security IntelligenceUse Cases
QRadar Security Intelligence Platform
© 2014 IBM Corporation
IBM Security Systems
Recognized by analysts as a leader
10
Consistent Leader in Gartner Magic Quadrant for Security Information and Event Management (SIEM): 2009, 2010, 2011, 2012, 2013 with steady movement Up and to the Right•IBM/Q1 Labs is rated #1for Compliance use cases •IBM/Q1 Labs is rated #1 for on “Ability to Execute”• IBM/Q1 Labs is rated #1 for analytics and behavior profiling• IBM/Q1 Labs is rated #1 in SIEM Use Case, Product Rating, and Overall Use Case
Frost & Sullivan: 2013 Global Customer Value Leadership Award Applied Security Intelligence in SIEM/LM
Industry awards include:‒ Global Excellence in Surveillance Award from InfoSecurity Products
Guide‒ “Hot Pick” by Information Security magazine‒ AlwaysOn Global 250‒ GovernmentVAR 5-Star Award
© 2014 IBM Corporation
IBM Security Systems
Offering solutions for the full Security Intelligence timeline
VULNERABILITY REMEDIATIONEXPLOIT
Pre-Exploit Post-Exploit
Accurate and actionable information requires diverse collection of automated and intelligent tools that can share available data regardless of scale
• Gain visibility over the organization's security posture
• Detect deviations from the norm and initiate preventive procedures
• Attain awareness of vulnerabilities and assess exposures
• Discover anomalies and investigate to evaluate the risk
• Explore and analyze data to devise countermeasures for the attack
• Formulate new security best practices to adapt to emerging threats
What wasthe impact?
What is happeningright now?
Are we configuredto protect against
these threats?
What are the externaland internal threats?
© 2014 IBM Corporation
IBM Security Systems
Sharing resources across common architectural model
12
Real Time and Analyst-driven Work Flow
LogManagement
NextGenSIEM
Activity Monitoring
Risk Management
Vulnerability Management
Network Forensics
Real Time and Analyst-driven Work Flow
Real Time Correlation/Automated Security Analytics
Northbound APIs
Big Data Store/Warehouse/Archival
Southbound APIs
Security Intelligence and Analytics
Real Time Structured Security Data Unstructured Operational / Security Data
© 2014 IBM Corporation
IBM Security Systems
Leveraging three foundational characteristics
13
AUTOMATION
INTEGRATION
IBM QRadarSecurity Intelligence Platform
Correlation, analysis and massive data reduction
Driving simplicity and accelerating time-to-value
Unified architecture delivered in a single console
INTELLIGENCE
© 2014 IBM Corporation
IBM Security Systems
IBM QRadar Security Intelligence Platform Demonstration
14
© 2014 IBM Corporation
IBM Security Systems
QRadar’s unique advantages
Automation of data collection, asset discovery, asset profiling and more Impact: Reduced manual effort, fast time to value, lower-cost operation
Flexibility and ease of use enabling “mere mortals” to create and edit correlation rules, reports and dashboards Impact: Maximum insight, business agility and lower cost of ownership
Real-time correlation and anomaly detection based on broadest set of contextual data Impact: More accurate threat detection, in real-time
Integrated flow analytics with Layer 7 content (application) visibility Impact: Superior situational awareness and threat identification
Scalability for largest deployments, using an embedded database and unified data architecture Impact: QRadar supports your business needs at any scale
© 2014 IBM Corporation
IBM Security Systems
Learn more about IBM QRadar Security Intelligence
16
Watch executive Steve Robinson (VP) discuss the next era for Security Intelligence :
http://ibm.co/nextera
Visit our:
Blog www.securityintelligence.com
Website : http://ibm.co/QRadar
Read our IT Executive Guide to Security Intelligence White Paper :ibm.co/11HQdfc
Download the 2013 Gartner Magic Quadrant for SIEM : http://ibm.co/GMQ
© 2014 IBM Corporation
IBM Security Systems
17
Pulse Protect2014 The Security Forum at Pulse2014February 23- 26 MGM Grand – Las Vegas, Nevada
February 23- 26 MGM Grand – Las Vegas, Nevada
Pulse Protect 2014 will feature three days and 50+ sessions on the hottest security topics including security and threat intelligence, application and data security, vulnerability management, defense against web fraud and advanced malware, identity and access management, network security and emerging topics such as cloud and mobile security.
HIGHLIGHTS Threat Research
Hear from X-Force as well as IBM’s malware and application security researchers.
CISO Lunch & Networking
Hear from IBM’s CISO and other industry leaders while networking with your peers.
Introducing Trusteer
Discover Trusteer’s unique approach to addressing web fraud and malware.
Client & IBM led sessions
Featuring leading clients such as Standard Bank, WestJet & Whirlpool.
learn more at ibm.com/security/pulse
© 2014 IBM Corporation
IBM Security Systems
Thanks, Any Questions?
18
© 2014 IBM Corporation
IBM Security Systems
ibm.com/security
© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.