qradar siem 7.0 data sheet

Download QRadar SIEM 7.0 Data Sheet

Post on 05-Apr-2018

214 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • 8/1/2019 QRadar SIEM 7.0 Data Sheet

    1/4

    Q1Labs.co

    DATASHEET

    Total Intelligence & Visibility For Todays Security Challenges

    As the most intelligent, integrated and automated SIEM solution in the industry,

    QRadar SIEM delivers deep visibility into network, user and application activity providing

    organizations with intelligence into potential and existing threats across their entire network.

    SIEM or the Entire Organization

    Built on the highly exible QRadar Security Intelligence Platorm, QRadar SIEM provides a next-

    generation solution that can mature with an organization, scale to support a growing inrastructure

    and deliver a common user experience to many groups across the organization. With log

    management, advanced threat detection, and policy-aware compliance management all combined in

    QRadar SIEM, organizations benet with a tightly integrated solution that quickly and easily delivers

    corporate-wide security intelligence.

    Real-time Visibility or Threat, Compliance & Log Management

    Threat Detection & Prioritization

    Internet-based threats and raud continue to prolierate in todays complex networks. Compounding

    this problem is a steady rise in insider thet o valuable corporate inormation. QRadar SIEM

    consolidates siloed inormation to more eectively detect and manage complex threats. The

    inormation is normalized and correlated to quickly deliver intelligence that allows organizations to

    detect, notiy and respond to threats missed by other security solutions with isolated visibility.

    QRadar SIEM provides contextual and actionable surveillance across an entire IT inrastructure

    allowing an organization to detect and remediate threats such as: inappropriate use o applications,

    insider raud, threats that could be lost in the noise o millions o events, and more.

    QRadar SIEM collects the ollowing:

    Security Events - Events rom rewalls, VPNs, IDS/IPS, etc.

    Network Activity Context - Layer 7 application context rom network and application trac

    User/Asset Context - Contextual data rom IAM products and vulnerability scanners

    Network Events - Events rom switches, routers, servers, hosts, etc.

    Application Logs - ERP, workfow, application databases, management platorms, etc.

    QRadar SIEM helps security teams,

    IT operations, auditing and

    lines o business:

    DETECT THREATS OTHERS MISS

    EXCEED REGULATION MANDATES

    PREDICT RISKS AGAINST

    THEIR BUSINESS

    DETECT INSIDER FRAUD

    CONSOLIDATE DATA SILOS

    Providing the security intelligence needed to protect IT networks and assets rom a growing

    landscape o sophisticated threats and emerging compliance mandates.

    QRadar SIEM

  • 8/1/2019 QRadar SIEM 7.0 Data Sheet

    2/4

    Q1Labs.com

    The Key to Data Management: Reduce & Prioritize to Actionable Offenses

    With some organizations creating millions or billions o events per day, distilling that data down to priority

    oenses can be a daunting task. QRadar SIEM collects, stores and analyzes inormational data and provides real-

    time event correlation or use in threat detection and compliance reporting and auditing. Billions o events and

    ows can be reduced and prioritized down to a handul o actionable oenses according to their business impact.

    QRadar SIEM provides long-term collection, archival, search and reporting o events and application data

    making it easier or auditing and searching or advanced persistent threats or low and slow attacks.

    Managing Threats: Who, What, Where, When, How?

    Security teams need to understand: Who is attacking? What is being attacked? What is the business impact?

    Where do I investigate? QRadar SIEM tracks signicant incidents and threats and builds a history o supporting

    and relevant inormation. Inormation such as point in time, oending users or targets, attacker proles,

    vulnerability state, asset value, active threats and records o previous oenses all help provide security teams

    with the intelligence they need to act regardless o where they are.

    Application Visibility & Anomaly Detection

    QRadar SIEM supports a variety o anomaly detection capabilities to identiy changes in behavior against

    applications, hosts, servers and areas o the network. For example, o hours or excessive usage o an application

    or cloud-based service or network activity patterns which are inconsistent with historical proles.

    The ability to detect application trafc at Layer 7 enables QRadar SIEM to provide accurate analysis and insight

    into an organizations network or policy, threat and general network activity monitoring. To urther improve

    visibility into the network, QRadar SIEM now has the ability to monitor the usage o applications like Skype and

    social media (including Twitter, LinkedIn, etc.) rom within the network. This includes insight into who is using

    what, analysis and alerts or content transmission and correlation with other network and log activity to reveal

    inappropriate data transers.

    QRadar SIEM supports a variety o out o the box anomaly and behavioral detection rules. Users can customize

    their own views through a simple to use ltering capability and apply anomaly detection to any time series data.

    Virtual Environments

    Since virtual servers are just as susceptible to security vulnerabilities as physical servers, organizations now must

    dene and implement appropriate measures to protect their applications and data that reside within the virtual

    data center. Now IT proessionals can have increased visibility into the vast amount o business application

    activity appearing across their virtual networks and better identiy these applications or security monitoring,

    application layer behavior analysis and anomaly detection. Operators can also capture application content or

    deeper security and policy orensics.

    Client-side Vulnerability Profling

    QRadar SIEM identies a networks most vulnerable assets and detects and alerts immediately when these

    systems engage in activity that potentially exposes those vulnerabilities. For example, organizations can scan

    QRadar SIEM

    One o the greatest benets weve achieved

    with QRadar so ar was our ability to quickly

    identiy which hosts were aected by the Hea

    You Have virus that attempted to inltrate our

    network, continued Moser. QRadar alerted

    us immediately when users tried to access

    websites that were housing the virus, or when

    inected hosts attempted to pass through our

    rewall when calling home.

    TY MOSER

    Network and Smart Grid Analyst for SRP

    Total Security Intelligence | An IBM Company

  • 8/1/2019 QRadar SIEM 7.0 Data Sheet

    3/4

    Q1Labs.com

    their network or unpatched applications, devices and systems, determine which ones connect to the internet

    and prioritize remediation based on the risk prole o each application.

    Advanced Forensics

    Real-time, location-based and historical searching o ow and event data or analysis and orensics greatly

    improves the ability to assess activities and incident resolution. With easy to use dashboards, time series views

    with drill down capabilities, packet level visibility o content and hundreds o predened searches and views,

    users can quickly aggregate data to summarize and identiy anomalies and top activity contributors. Federated

    searches can also be perormed across large, geographically distributed environments.

    Compliance Management

    QRadar SIEM brings the transparency, accountability and measurability critical to the success o meeting

    regulatory mandates and reporting on compliance. QRadar SIEMs unique correlation and integration o all

    surveillance eeds yields:

    More complete metrics reporting around IT risks or auditors

    Thousands o reports and rules templates to address industry compliance requirements

    Organizations can efciently respond to compliance-driven IT security requirements with QRadar SIEMs

    extensibility to include new denitions, regulations and best practices through auto-updates. In addition,

    proles o all the assets on the network can be grouped by business unction (e.g. servers that are subject to

    HIPAA compliance audits).

    QRadar provides prebuilt dashboards, reports and rules templates or the ollowing regulations and control

    rameworks: CobiT, SOX, GLBA, NERC/FERC, FISMA, PCI-DSS, HIPAA, & UK GSi/GCSx, GPG, and more.

    Highly Intuitive One Console Security

    QRadar SIEM provides a solid oundation or an organizations Security Operations Center by providing a

    centralized user interace that oers role-based access by unction and a global view to access real-time

    analysis, incident management and reporting. Deault dashboards are available by unction and users can

    create and customize their own workspaces. This drill down capability makes it easier to identiy and select a

    spike o events or network ows relative to an oense. 3,500 report templates relevant to specic roles, devices,

    compliance regulations and vertical industry are available out o the box.

    QRadar SIEM

    Our primary goal or deploying a SIEM was t

    meet compliance mandates, but we wanted

    to go above and beyond what the various

    regulations required o us, and use the

    additional inormation captured by QRadar

    to really make our network, and the services

    and applications it delivers, secure. We wan

    our customers to have aith that were keep

    their personal inormation well-protected, a

    QRadar e

Recommended

View more >