qradar siem 7.0 data sheet
Post on 05-Apr-2018
Embed Size (px)
8/1/2019 QRadar SIEM 7.0 Data Sheet
Total Intelligence & Visibility For Todays Security Challenges
As the most intelligent, integrated and automated SIEM solution in the industry,
QRadar SIEM delivers deep visibility into network, user and application activity providing
organizations with intelligence into potential and existing threats across their entire network.
SIEM or the Entire Organization
Built on the highly exible QRadar Security Intelligence Platorm, QRadar SIEM provides a next-
generation solution that can mature with an organization, scale to support a growing inrastructure
and deliver a common user experience to many groups across the organization. With log
management, advanced threat detection, and policy-aware compliance management all combined in
QRadar SIEM, organizations benet with a tightly integrated solution that quickly and easily delivers
corporate-wide security intelligence.
Real-time Visibility or Threat, Compliance & Log Management
Threat Detection & Prioritization
Internet-based threats and raud continue to prolierate in todays complex networks. Compounding
this problem is a steady rise in insider thet o valuable corporate inormation. QRadar SIEM
consolidates siloed inormation to more eectively detect and manage complex threats. The
inormation is normalized and correlated to quickly deliver intelligence that allows organizations to
detect, notiy and respond to threats missed by other security solutions with isolated visibility.
QRadar SIEM provides contextual and actionable surveillance across an entire IT inrastructure
allowing an organization to detect and remediate threats such as: inappropriate use o applications,
insider raud, threats that could be lost in the noise o millions o events, and more.
QRadar SIEM collects the ollowing:
Security Events - Events rom rewalls, VPNs, IDS/IPS, etc.
Network Activity Context - Layer 7 application context rom network and application trac
User/Asset Context - Contextual data rom IAM products and vulnerability scanners
Network Events - Events rom switches, routers, servers, hosts, etc.
Application Logs - ERP, workfow, application databases, management platorms, etc.
QRadar SIEM helps security teams,
IT operations, auditing and
lines o business:
DETECT THREATS OTHERS MISS
EXCEED REGULATION MANDATES
PREDICT RISKS AGAINST
DETECT INSIDER FRAUD
CONSOLIDATE DATA SILOS
Providing the security intelligence needed to protect IT networks and assets rom a growing
landscape o sophisticated threats and emerging compliance mandates.
8/1/2019 QRadar SIEM 7.0 Data Sheet
The Key to Data Management: Reduce & Prioritize to Actionable Offenses
With some organizations creating millions or billions o events per day, distilling that data down to priority
oenses can be a daunting task. QRadar SIEM collects, stores and analyzes inormational data and provides real-
time event correlation or use in threat detection and compliance reporting and auditing. Billions o events and
ows can be reduced and prioritized down to a handul o actionable oenses according to their business impact.
QRadar SIEM provides long-term collection, archival, search and reporting o events and application data
making it easier or auditing and searching or advanced persistent threats or low and slow attacks.
Managing Threats: Who, What, Where, When, How?
Security teams need to understand: Who is attacking? What is being attacked? What is the business impact?
Where do I investigate? QRadar SIEM tracks signicant incidents and threats and builds a history o supporting
and relevant inormation. Inormation such as point in time, oending users or targets, attacker proles,
vulnerability state, asset value, active threats and records o previous oenses all help provide security teams
with the intelligence they need to act regardless o where they are.
Application Visibility & Anomaly Detection
QRadar SIEM supports a variety o anomaly detection capabilities to identiy changes in behavior against
applications, hosts, servers and areas o the network. For example, o hours or excessive usage o an application
or cloud-based service or network activity patterns which are inconsistent with historical proles.
The ability to detect application trafc at Layer 7 enables QRadar SIEM to provide accurate analysis and insight
into an organizations network or policy, threat and general network activity monitoring. To urther improve
visibility into the network, QRadar SIEM now has the ability to monitor the usage o applications like Skype and
social media (including Twitter, LinkedIn, etc.) rom within the network. This includes insight into who is using
what, analysis and alerts or content transmission and correlation with other network and log activity to reveal
inappropriate data transers.
QRadar SIEM supports a variety o out o the box anomaly and behavioral detection rules. Users can customize
their own views through a simple to use ltering capability and apply anomaly detection to any time series data.
Since virtual servers are just as susceptible to security vulnerabilities as physical servers, organizations now must
dene and implement appropriate measures to protect their applications and data that reside within the virtual
data center. Now IT proessionals can have increased visibility into the vast amount o business application
activity appearing across their virtual networks and better identiy these applications or security monitoring,
application layer behavior analysis and anomaly detection. Operators can also capture application content or
deeper security and policy orensics.
Client-side Vulnerability Profling
QRadar SIEM identies a networks most vulnerable assets and detects and alerts immediately when these
systems engage in activity that potentially exposes those vulnerabilities. For example, organizations can scan
One o the greatest benets weve achieved
with QRadar so ar was our ability to quickly
identiy which hosts were aected by the Hea
You Have virus that attempted to inltrate our
network, continued Moser. QRadar alerted
us immediately when users tried to access
websites that were housing the virus, or when
inected hosts attempted to pass through our
rewall when calling home.
Network and Smart Grid Analyst for SRP
Total Security Intelligence | An IBM Company
8/1/2019 QRadar SIEM 7.0 Data Sheet
their network or unpatched applications, devices and systems, determine which ones connect to the internet
and prioritize remediation based on the risk prole o each application.
Real-time, location-based and historical searching o ow and event data or analysis and orensics greatly
improves the ability to assess activities and incident resolution. With easy to use dashboards, time series views
with drill down capabilities, packet level visibility o content and hundreds o predened searches and views,
users can quickly aggregate data to summarize and identiy anomalies and top activity contributors. Federated
searches can also be perormed across large, geographically distributed environments.
QRadar SIEM brings the transparency, accountability and measurability critical to the success o meeting
regulatory mandates and reporting on compliance. QRadar SIEMs unique correlation and integration o all
surveillance eeds yields:
More complete metrics reporting around IT risks or auditors
Thousands o reports and rules templates to address industry compliance requirements
Organizations can efciently respond to compliance-driven IT security requirements with QRadar SIEMs
extensibility to include new denitions, regulations and best practices through auto-updates. In addition,
proles o all the assets on the network can be grouped by business unction (e.g. servers that are subject to
HIPAA compliance audits).
QRadar provides prebuilt dashboards, reports and rules templates or the ollowing regulations and control
rameworks: CobiT, SOX, GLBA, NERC/FERC, FISMA, PCI-DSS, HIPAA, & UK GSi/GCSx, GPG, and more.
Highly Intuitive One Console Security
QRadar SIEM provides a solid oundation or an organizations Security Operations Center by providing a
centralized user interace that oers role-based access by unction and a global view to access real-time
analysis, incident management and reporting. Deault dashboards are available by unction and users can
create and customize their own workspaces. This drill down capability makes it easier to identiy and select a
spike o events or network ows relative to an oense. 3,500 report templates relevant to specic roles, devices,
compliance regulations and vertical industry are available out o the box.
Our primary goal or deploying a SIEM was t
meet compliance mandates, but we wanted
to go above and beyond what the various
regulations required o us, and use the
additional inormation captured by QRadar
to really make our network, and the services
and applications it delivers, secure. We wan
our customers to have aith that were keep
their personal inormation well-protected, a