visión 360º seguridad inteligente ibm qradar security intelligence

22
Visión 360º Seguridad Inteligente IBM QRadar Security Intelligence

Upload: ibm-espana

Post on 18-Jul-2015

321 views

Category:

Software


3 download

TRANSCRIPT

Page 1: Visión 360º Seguridad Inteligente IBM QRadar Security Intelligence

Visión 360º Seguridad InteligenteIBM QRadar Security Intelligence

Page 2: Visión 360º Seguridad Inteligente IBM QRadar Security Intelligence

© 2014 IBM Corporation

IBM Security Systems

2

IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework

Intelligence ● Integration ● ExpertiseIntelligence ● Integration ● Expertise

� Only vendor in the market with end-to-

end coverage of the security foundation

� 6K+ security engineers and consultants

� Award-winning X-Force® research

� Largest vulnerability database in the

industry

Page 3: Visión 360º Seguridad Inteligente IBM QRadar Security Intelligence

© 2014 IBM Corporation

IBM Security Systems

3

What is Security Intelligence?

Security Intelligence

--noun

A methodology of analyzing millions and billions of security, network and application records across the organization’s entire

network in order to gain insight into what is actually happening

in that digital world.

--verb

Combining internal, locally collected security intelligence, with

external intelligence feeds for the application of correlation rules

to reduce huge volumes of data into a handful of high

probability ‘offense’ records requiring immediate investigation to prevent or minimize the impact of security incidents

Delivers actionable, comprehensive insight for managing risks, combatting threats, and meeting compliance mandates.

Page 4: Visión 360º Seguridad Inteligente IBM QRadar Security Intelligence

© 2014 IBM Corporation

IBM Security Systems

4

IBM Security Intelligente QRadar

• There is no other Security Intelligence platform in the market today that combines the capabilities of SIEM, Network Activity Monitoring, Risk Management, Vulnerability Management and now Network Forensics into a single integrated platform.

•QRadar clients realize a quicker return on their investments due to the automatic detection of log event sources and network assets

•Relatively straightforward to deploy and maintain across a wide range of deployment scales.

•QRadar is a good fit for midsize and large enterprises that need general SIEM capabilities and also for use cases that require behavior analysis and NetFlow analysis.

•A distinguishing characteristic is the collection and processing of NetFlow data, deep packet inspection (DPI) and behavior analysis for all supported event sources.

Page 5: Visión 360º Seguridad Inteligente IBM QRadar Security Intelligence

© 2014 IBM Corporation

IBM Security Systems

5

Overview of use cases

Detecting threats

• Arm yourself with comprehensive security intelligence

Consolidating data silos

• Collect, correlate and report on data in one integrated solution

Detecting insider fraud

• Next-generation SIEM with identity correlation

Better predicting risks to your business

• Full life cycle of compliance and risk management for network and security infrastructures

Addressing regulation mandates

• Automated data collection and configuration audits

Page 6: Visión 360º Seguridad Inteligente IBM QRadar Security Intelligence

© 2014 IBM Corporation

IBM Security Systems

6

Solutions for the full Security Intelligence timeline

Prediction & Prevention Reaction & Remediation

Network and Host Intrusion Prevention.

Network Anomaly Detection. Packet Forensics.

Database Activity Monitoring. Data Leak Prevention.

Security Information and Event Management.

Log Management. Incident Response.

Risk Management. Vulnerability Management.

Configuration and Patch Management.

X-Force Research and Threat Intelligence.

Compliance Management.

Reporting and Scorecards.

What are the external and internal threats?

Are we configuredto protect against

these threats?

What is happening right now?

What was the impact?

Page 7: Visión 360º Seguridad Inteligente IBM QRadar Security Intelligence

© 2014 IBM Corporation

IBM Security Systems

7

IBM QRadar Security Intelligence Platform

Providing actionable intelligence

IBM QRadarSecurity Intelligence

Platform

AUTOMATEDDriving simplicity and

accelerating time-to-value

INTEGRATEDUnified architecture delivered in a single console

INTELLIGENTCorrelation, analysis and massive data reduction

Page 8: Visión 360º Seguridad Inteligente IBM QRadar Security Intelligence

© 2014 IBM Corporation

IBM Security Systems

8

Embedded intelligence offers automated offense identificationINTELLIGENT

SuspectedIncidentsServers and mainframesServers and mainframes

Data activityData activity

Network and virtual activityNetwork and virtual activity

Application activityApplication activity

Configuration informationConfiguration information

Security devicesSecurity devices

Users and identitiesUsers and identities

Vulnerabilities and threatsVulnerabilities and threats

Global threat intelligenceGlobal threat intelligence

AutomatedOffenseIdentification

• Unlimited data collection, storage and analysis

• Built in data classification

• Automatic asset, service and user discovery and profiling

• Real-time correlation and threat intelligence

• Activity baselining and anomaly detection

• Detects incidentsof the box

Embedded Intelligence

Prioritized Incidents

Page 9: Visión 360º Seguridad Inteligente IBM QRadar Security Intelligence

© 2014 IBM Corporation

IBM Security Systems

9

Integration with IBM Security zSecure

RACF CA ACF2 CA Top Secretz/OS CICS DB2

Event sources from System z . . .

Page 10: Visión 360º Seguridad Inteligente IBM QRadar Security Intelligence

© 2014 IBM Corporation

IBM Security Systems

10

What was the attack?

Who was responsible?

How many targets involved?

Was it successful?

Where do I find them?

Are any of them vulnerable?

QRadar integrates data to answer the important questions

How valuable are the targets to the business?

Where is all the evidence?

Page 11: Visión 360º Seguridad Inteligente IBM QRadar Security Intelligence

© 2014 IBM Corporation

IBM Security Systems

11

Optimized appliance and software architecture for high performance and rapid deployment

IBM QRadarSecurity Intelligence Platform

• Easy-to-deploy, scalable

model using stackable

distributed appliances

• Does not require

third-party databases

or storage

Scalable appliance architecture

• Offers automatic

failover and

disaster recovery

• Virtual deployments

well suited for cloud

environments

Shared modular infrastructure

Page 12: Visión 360º Seguridad Inteligente IBM QRadar Security Intelligence

© 2014 IBM Corporation

IBM Security Systems

12

Delivering multiple security capabilities through a purpose-built, extensible platform

Southbound APIs

Northbound APIs

IBM QRadar Security Intelligence Platform

Real Time Structured Security Data Unstructured Operational / Security Data

LEEF AXIS Configuration NetFlow Offense

Security Intelligence

Operating System

Reporting Engine Workflow Rules Engine Real-Time Viewer

Analytics Engine

Warehouse Archival

Normalization

LogManagement

Security Intelligence

Network Activity

Monitoring

RiskManagement

Vulnerability Management

Network Forensics

Future

AUTOMATED

Page 13: Visión 360º Seguridad Inteligente IBM QRadar Security Intelligence

© 2014 IBM Corporation

IBM Security Systems

13

Automated:No need for additional staff

Analyze

Act

Monitor

Auto-discovery of log sources, applications and assets

Asset auto-grouping

Centralized log mgmt

Automated configuration audits

Auto-tuning

Auto-detect threats

Thousands of pre-defined rules and role based reports

Easy-to-use event filtering

Advanced security analytics

Asset-based prioritization

Auto-update of threats

Auto-response

Directed remediation

Page 14: Visión 360º Seguridad Inteligente IBM QRadar Security Intelligence

© 2014 IBM Corporation

IBM Security Systems

14

Deployed upon scalable appliance/software/virtual architecture

Network and Application

Visibility

• Layer 7 application monitoring

• Content capture for deep insight & forensics

• Physical and virtual environments

• Log, flow, vulnerability & identity correlation

• Sophisticated asset profiling

• Offense management and workflow

SIEM

• Turn-key log management and reporting

• SME to Enterprise

• Upgradeable to enterprise SIEM

Log Management

Scalability• Event Processors for remote site

• High Availability & Disaster Recovery

• Data Node to increase storage & performance

• Network security configuration monitoring

• Vulnerability scanning & prioritization

• Predictive threat modeling & simulation

Risk & Vulnerability Management

Network Forensics

• Reconstructs network sessions from PCAPs

• Data pivoting and visualization tools

• Accelerated clarity around who, what, whenIncident Forensics

Page 15: Visión 360º Seguridad Inteligente IBM QRadar Security Intelligence

© 2014 IBM Corporation

IBM Security Systems

15

An integrated, unified architecture in a single web-based console

LogManagement

Security Intelligence

Network Activity

Monitoring

RiskManagement

Vulnerability Management

Network Forensics

INTEGRATED

Page 16: Visión 360º Seguridad Inteligente IBM QRadar Security Intelligence

© 2014 IBM Corporation16

Architecture

Page 17: Visión 360º Seguridad Inteligente IBM QRadar Security Intelligence

© 2014 IBM Corporation

IBM Security Systems

17

QRadar Console

QRadar Web Console

18xx

Combo Processor

16xx

Event Processor

17xx

Flow Processor

16xx

Event Processor

QFlow Collector

Layer 7

Scanning

QRadar Vulnerability Manager

Complete Vulnerability Context and Visibility

QRadar Risk Manager -network topology visualization and path

analysis and configuration monitoring,

15XXEvent Collector

14XXData Node

QRadar Forensics and PCAP Capture

QRadar AIO

Page 18: Visión 360º Seguridad Inteligente IBM QRadar Security Intelligence

© 2014 IBM Corporation18

Integrations

Page 19: Visión 360º Seguridad Inteligente IBM QRadar Security Intelligence

© 2014 IBM Corporation

IBM Security Systems

19

Expand the value of security solutions through integration

Integrated intelligenceCorrelate and analyze siloed information from hundreds of sources to automatically detect and respond to threats

Integrated protectionEnhance security with security solutions that interact across domains to provide cohesive, easy to manage protection

Integrated researchIncorporate the latest information on vulnerabilities, exploits and malware into intelligent security solutions across domains

Page 20: Visión 360º Seguridad Inteligente IBM QRadar Security Intelligence

© 2014 IBM Corporation

IBM Security Systems

20

Endpoint Management

vulnerabilities enrich QRadar’s vulnerability database

AppScan Enterprise

AppScan vulnerability results feed QRadar SIEM for improved

asset risk assessment

Tivoli Endpoint Manager

Guardium Identity and Access Management

IBM Security Network, Host, and User Segment Protection

Critical protocol analysis;

Blocking of policy violations;

Flow data sent for activity monitoring

Identity context for all security domains w/ QRadar as the dashboard

Database assets, rule logic and database activity information

Correlate new threats based on X-Force IP reputation feeds

Hundreds of 3rd party information sources

SiteProtector

QRadar integrated with numerous IBM Security Solutions

Page 21: Visión 360º Seguridad Inteligente IBM QRadar Security Intelligence

© 2014 IBM Corporation

IBM Security Systems

21

QRadar’s unique advantages

� Scalability for largest deployments, using an embedded database and unified data architecture

� Impact: QRadar supports your business needs at any scale

� Real-time correlation and anomaly detection based on broadest set of contextual data

� Impact: More accurate threat detection, in real-time

� Intelligent automation of data collection, asset discovery, asset profiling, vulnerability scanning and more

� Impact: Reduced manual effort, fast time to value, lower-cost operation

� Integrated flow analytics with Layer 7 content (application) visibility

� Impact: Superior situational awareness and threat identification

� Flexibility and ease of use enabling “mere mortals” to create and edit correlation rules, reports and dashboards

� Impact: Maximum insight, business agility and lower cost of ownership

Page 22: Visión 360º Seguridad Inteligente IBM QRadar Security Intelligence

© 2013 IBM Corporation

IBM Security Systems

22

www.ibm.com/security

© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes

only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use

of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any

warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement

governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in

all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole

discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any

way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United

States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response

to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated

or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure

and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to

be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,

products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE

MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.