ibm qradar security intelligence platform - integration, intelligence and automation

© 2014 IBM Corporation

IBM QRadar Security Intelligence Platform- Integration, Intelligence & Automation

Vinay Sukumar,

IBM Security Systems Technical Product Manager


IBM Security Systems

The IT security problem

Security Intelligence defined

QRadar Security Intelligence Platform Demo

Q&A



Bring your own IT

Social business

Cloud and virtualization

1 billion mobile workers

1 trillion connected

objects

Innovative technology changes everything



Attacks continue as perpetrators sharpen skills

4

M O

T I

V A

T I

O N

S O P H I S T I C A T I O N

National Security, Economic Espionage

Notoriety, Activism, Defamation

HacktivistsLulzsec, Anonymous

Monetary Gain

Organized crimeZeus, ZeroAccess, Blackhole Exploit Pack

Nuisance,Curiosity

Insiders, Spammers, Script-kiddiesNigerian 419 Scams, Code Red

Nation-state actors, APTsStuxnet, Aurora, APT-1



Three core trends affecting clients’ ability to secure environments

5

Escalating Threats Increasing Complexity Resource Constraints

• Increasingly sophisticated attack methods

• Disappearing perimeters

• Accelerating security breaches

• Constantly changing infrastructure

• Too many products from multiple vendors; costly to configure and manage

• Inadequate antivirus products

• Struggling security teams

• Too much data, not enough manpower and skills to manage it all

Spear Phishing

Persistence

Backdoors

Designer Malware



Security Intelligence defined



What is Security Intelligence?

7

Security Intelligence noun \si-ˈkyu� r-ə-tē in-ˈte-lə-jən(t)s\

1. A methodology of analyzing millions and billions of security, network and application records across the organization’s entire network in order to gain insight into what is actually happening in that digital world.

2. The process of combining internal, locally collected security data with external intelligence feeds and the application of correlation rules to reduce huge volumes of data into a handful of high probability ‘offense’ records requiring immediate investigation to prevent or minimize the impact of security incidents

Delivers actionable, comprehensive insight for managing risks, combatting threats, and meeting compliance mandates.



LogsEvents Alerts

Configuration information

System audit trails

Externalthreat feeds

E-mail and social activity

Network flows and anomalies

Identity context

Business process data

Malware information

Now: Intelligence

•Real-time monitoring

•Context-aware anomaly detection

•Automated correlation and analytics

Then: Collection

•Log collection

•Signature-based detection

Evolving along with changing threat landscape



Security IntelligenceUse Cases

QRadar Security Intelligence Platform



Recognized by analysts as a leader

10

Consistent Leader in Gartner Magic Quadrant for Security Information and Event Management (SIEM): 2009, 2010, 2011, 2012, 2013 with steady movement Up and to the Right•IBM/Q1 Labs is rated #1for Compliance use cases •IBM/Q1 Labs is rated #1 for on “Ability to Execute”• IBM/Q1 Labs is rated #1 for analytics and behavior profiling• IBM/Q1 Labs is rated #1 in SIEM Use Case, Product Rating, and Overall Use Case

Frost & Sullivan: 2013 Global Customer Value Leadership Award Applied Security Intelligence in SIEM/LM

Industry awards include:‒ Global Excellence in Surveillance Award from InfoSecurity Products

Guide‒ “Hot Pick” by Information Security magazine‒ AlwaysOn Global 250‒ GovernmentVAR 5-Star Award



Offering solutions for the full Security Intelligence timeline

VULNERABILITY REMEDIATIONEXPLOIT

Pre-Exploit Post-Exploit

Accurate and actionable information requires diverse collection of automated and intelligent tools that can share available data regardless of scale

• Gain visibility over the organization's security posture

• Detect deviations from the norm and initiate preventive procedures

• Attain awareness of vulnerabilities and assess exposures

• Discover anomalies and investigate to evaluate the risk

• Explore and analyze data to devise countermeasures for the attack

• Formulate new security best practices to adapt to emerging threats

What wasthe impact?

What is happeningright now?

Are we configuredto protect against

these threats?

What are the externaland internal threats?



Sharing resources across common architectural model

12

Real Time and Analyst-driven Work Flow

LogManagement

NextGenSIEM

Activity Monitoring

Risk Management

Vulnerability Management

Network Forensics

Real Time and Analyst-driven Work Flow

Real Time Correlation/Automated Security Analytics

Northbound APIs

Big Data Store/Warehouse/Archival

Southbound APIs

Security Intelligence and Analytics

Real Time Structured Security Data Unstructured Operational / Security Data



Leveraging three foundational characteristics

13

AUTOMATION

INTEGRATION

IBM QRadarSecurity Intelligence Platform

Correlation, analysis and massive data reduction

Driving simplicity and accelerating time-to-value

Unified architecture delivered in a single console

INTELLIGENCE



IBM QRadar Security Intelligence Platform Demonstration

14



QRadar’s unique advantages

Automation of data collection, asset discovery, asset profiling and more Impact: Reduced manual effort, fast time to value, lower-cost operation

Flexibility and ease of use enabling “mere mortals” to create and edit correlation rules, reports and dashboards Impact: Maximum insight, business agility and lower cost of ownership

Real-time correlation and anomaly detection based on broadest set of contextual data Impact: More accurate threat detection, in real-time

Integrated flow analytics with Layer 7 content (application) visibility Impact: Superior situational awareness and threat identification

Scalability for largest deployments, using an embedded database and unified data architecture Impact: QRadar supports your business needs at any scale



Learn more about IBM QRadar Security Intelligence

16

Watch executive Steve Robinson (VP) discuss the next era for Security Intelligence :

http://ibm.co/nextera

Visit our:

Blog www.securityintelligence.com

Website : http://ibm.co/QRadar

Read our IT Executive Guide to Security Intelligence White Paper :ibm.co/11HQdfc

Download the 2013 Gartner Magic Quadrant for SIEM : http://ibm.co/GMQ



17

Pulse Protect2014 The Security Forum at Pulse2014February 23- 26 MGM Grand – Las Vegas, Nevada

February 23- 26 MGM Grand – Las Vegas, Nevada

Pulse Protect 2014 will feature three days and 50+ sessions on the hottest security topics including security and threat intelligence, application and data security, vulnerability management, defense against web fraud and advanced malware, identity and access management, network security and emerging topics such as cloud and mobile security.

HIGHLIGHTS Threat Research

Hear from X-Force as well as IBM’s malware and application security researchers.

CISO Lunch & Networking

Hear from IBM’s CISO and other industry leaders while networking with your peers.

Introducing Trusteer

Discover Trusteer’s unique approach to addressing web fraud and malware.

Client & IBM led sessions

Featuring leading clients such as Standard Bank, WestJet & Whirlpool.

learn more at ibm.com/security/pulse



Thanks, Any Questions?

18



ibm.com/security

© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

ibm qradar security intelligence platform - integration, intelligence and automation

Technology