SlideShare a Scribd company logo

IBM Security QRadar SIEM - Datasheet

IBM Security
IBM Security

Boost threat protection and compliance with an integrated investigative reporting system. HIGHLIGHTS: - Integrate log management and network threat protection technologies within a common database and shared dashboard user interface - Reduce thousands of security events into a manageable list of suspected offenses - Detect and track malicious activity over extended time periods, helping to uncover advanced threats often missed by other security solutions - Detect insider fraud with advanced capabilities - Help exceed regulation mandates and support compliance

Technology
1 of 6
IBM Software Data Sheet IBM Security QRadar SIEM Boost threat protection and compliance with an integrated investigative reporting system Highlights ●● ● ● Integrate log management and network threat protection technologies within a common database and shared dash- board user interface ●● ● ● Reduce thousands of security events into a manageable list of suspected offenses ●● ● ● Detect and track malicious activity over extended time periods, helping to uncover advanced threats often missed by other security solutions ●● ● ● Detect insider fraud with advanced capabilities ●● ● ● Help exceed regulation mandates and support compliance Today’s networks are larger and more complex than ever before, and protecting them against malicious activity is a never-ending task. Organizations seeking to safeguard their intellectual property, protect their customer identities and avoid business disruptions need to do more than monitor logs and network flow data; they need to leverage advanced tools to detect these activities in a consumable manner. IBM® Security QRadar® SIEM can serve as the anchor solution within a small or large organization’s security operations center to collect, normalize and correlate available network data using years’ worth of contextual insights. The result is something called security intelligence. At the heart of this product sits a highly scalable database designed to capture real-time log event and network flow data, revealing the footprints of would-be attackers. QRadar SIEM is an enterprise solution that consolidates log source event data from thousands of devices distrib- uted across a network, storing every activity in its raw form, and then performing immediate correlation activities to distinguish the real threats from false positives. It also captures real-time Layer 4 network flow data and, more uniquely, Layer 7 application payloads, using deep packet inspection technology. An intuitive user interface shared across all QRadar family components helps IT personnel quickly identify and remediate network attacks by rank, ordering hundreds of alerts and patterns of anomalous activity into a drastically reduced number of offenses warranting further investigation.
2 Data SheetIBM Software Providing real-time visibility for threat detection and prioritization QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure, helping organizations detect and remediate threats often missed by other security solutions. These threats can include inappropriate use of applications; insider fraud; and advanced, “low and slow” threats easily lost in the “noise” of millions of events. QRadar SIEM collects information that includes: ●● ● Security events: Events from firewalls, virtual private networks, intrusion detection systems, intrusion prevention systems and more ●● ● Network events: Events from switches, routers, servers, hosts and more ●● ● Network activity context: Layer 7 application context from network and application traffic ●● ● User or asset context: Contextual data from identity and access-management products and vulnerability scanners ●● ● Operating system information: Vendor name and version number specifics for network assets ●● ● Application logs: Enterprise resource planning (ERP), workflow, application databases, management platforms and more Reducing and prioritizing alerts to focus investigations into actionable offenses Many organizations create millions—or even billions—of events per day, and distilling that data down to a short list of priority offenses can be daunting. QRadar SIEM automatically discov- ers most network log source devices and inspects network flow data to find and classify valid hosts and servers (assets) on the network—tracking the applications, protocols, services and ports they use. It collects, stores and analyzes this data and performs real-time event correlation for use in threat detection and compliance reporting and auditing. Billions of events and flows can therefore be reduced and prioritized into a handful of actionable offenses, according to their business impact. As a result, security professionals normally begin to see value from a QRadar SIEM installation in days rather than weeks, and deployments occur without a small army of expensive consultants. Automatic discovery features and out-of-the-box templates and filters mean you don’t spend months teaching the system about your environment as with more generalized IT operational tools. The architecture employs multiple models of event processor appliances, event collector appliances, flow processor appliances and a central console, all available as hardware-based, software-only or as virtual software appliances. Smaller installations can start with a single all-in-one solution and easily be upgraded to console deployments, adding event and flow processor appliances as needed.
3 Data SheetIBM Software Answering key questions for more effective threat management Security teams need to answer key questions to fully understand the nature of their potential threats: Who is attacking? What is being attacked? What is the business impact? Where do I investigate? QRadar SIEM tracks significant incidents and threats, building a history of supporting data and relevant information. Details such as attack targets, point in time, asset value, vulnerability state, offending users’ identities, attacker profiles, active threats and records of previous offenses all help provide security teams with the intelligence they need to act. Real-time, location-based and historical searching of event and flow data for analysis and forensics can greatly improve an organization’s ability to assess activities and resolve incidents. With easy-to-use dashboards, time-series views, drill-down searching, packet-level content visibility and hundreds of predefined searches, users can quickly aggregate data to summarize and identify anomalies and top activity contributors. They can also perform federated searches across large, geographically distributed environments. Gaining application visibility and anomaly detection QRadar SIEM supports a variety of anomaly detection capabilities to identify changes in behavior affecting applica- tions, hosts, servers and areas of the network. For example, QRadar SIEM can detect off-hours or excessive usage of an application or cloud-based service, or network activity patterns that are inconsistent with historical, moving-average profiles and seasonal usage patterns. QRadar SIEM learns to recognize these daily and weekly usage profiles, helping IT personnel to quickly identify meaningful deviations. QRadar SIEM captures data across a broad range of feeds, reducing it to a manageable list of offenses using pre-existing and customer-defined rules. Security devices Servers and mainframes Network and virtual activity Data activity Application activity Configuration information Vulnerabilities and threats Users and identities Extensive data sources Deep intelligence Exceptionally accurate and actionable insight True offense Suspected incidents Correlation Activity baselining and anomaly detection • Logs/events • Flows • IP reputation • Geographic location • User activity • Database activity • Application activity • Network activity Offense identification • Credibility • Severity • Relevance
4 Data SheetIBM Software The QRadar SIEM centralized database stores log source events and network flow traffic together, helping to correlate discrete events with bidirectional network flow activity emanat- ing from the same IP source. It also can group network flow traffic and record operations occurring within a narrow time period as a single database entry to help reduce storage consumption and conserve license requirements. Its ability to detect application traffic at Layer 7 enables QRadar SIEM to provide accurate analysis and insight into an organiza- tion’s network for policy, threat and general network activity monitoring. With the addition of an IBM Security QRadar QFlow or VFlow Collector appliance, QRadar SIEM can mon- itor the use of applications such as ERP, databases, Skype, voice over IP (VoIP) and social media from within the network. This includes insight into who is using what, analysis and alerts for content transmission, and correlation with other network and log activity to reveal inappropriate data transfers and excessive usage patterns. While QRadar SIEM ships with numerous anomaly and behavioral detection rules, security teams can also create their own through a filtering capability that enables them to apply anomaly detection against time-series data. Commanding a highly intuitive, one-console security solution QRadar SIEM provides a solid foundation for an organization’s security operations center by providing a centralized user interface that offers role-based access by function and a global view to access real-time analysis, incident management and reporting. Five default dashboards are available—including security, network activity, application activity, system monitor- ing and compliance—plus users can create and customize their own workspaces. These dashboards make it easy to spot spikes in alert activity that may signal the beginnings of an attack. Clicking on a graph launches a drill-down capability that enables security teams to quickly investigate the highlighted events or network flows related to a suspected offense. Furthermore, hundreds of tem- plates relevant to specific roles, devices, compliance regulations and vertical industries are available to speed report generation. What was the attack? Who was responsible? When did all of this occur? How valuable are the targets? Was it successful? Where do I find them? How many targets involved? QRadar SIEM offers a wealth of forensic detail behind every suspected offense and an ability to tune existing rules or add new ones to reduce false positives. Extending threat protection to virtual environments ince virtual servers are just as susceptible to security vulnera- ilities as physical servers, comprehensive security intelligence olutions must also include appropriate measures to protect the pplications and data residing within the virtual data center. sing QRadar VFlow Collector appliances, IT professionals ain increased visibility into the vast amount of business S b s a U g
5 Data SheetIBM Software application activity within their virtual networks and can better identify these applications for security monitoring, application layer behavior analysis and anomaly detection. Operators can also capture application content for deeper security and policy forensics. Producing detailed data access and user activity reports to manage compliance QRadar SIEM provides the transparency, accountability and measurability critical to an organization’s success in meeting regulatory mandates and reporting on compliance. The solu- tion’s ability to correlate and integrate surveillance feeds yields more complete metrics reporting on IT risks for auditors, as well as hundreds of reports and rules templates to address industry compliance requirements. Organizations can efficiently respond to compliance-driven IT security requirements with the extensibility of QRadar SIEM to include new definitions, regulations and best practices through automatic updates. In addition, profiles of all network assets can be grouped by business function—for example, servers that are subject to Health Insurance Portability and Accountability Act (HIPAA) compliance audits. The solution’s pre-built dashboards, reports and rules templates are designed for the following regulations and control frame- works: CobiT, SOX, GLBA, NERC/FERC, FISMA, PCI DSS, HIPAA, UK GSi/GCSx, GPG and more. Adding high-availability and disaster-recovery capabilities To achieve high-availability and disaster-recovery capabilities, identical secondary systems can be paired with all members of the QRadar appliance family. From event processor appliances, to flow processor appliances, to all-in-one and console SIEM appliances, users can add robustness and protection where and when it is needed—helping to ensure continuous operations. For organizations seeking business resiliency, QRadar high- availability solutions deliver integrated automatic failover and full-disk synchronization between systems. These solutions are easily deployed through architecturally elegant plug-and-play appliances, and there is no need for additional third-party fault management products. For organizations seeking data protection and recovery, QRadar disaster-recovery solutions forward live data (e.g., flows and events) from a primary QRadar system to a secondary parallel system located at a separate facility. Profiling for vulnerabilities IBM Security QRadar Risk Manager complements QRadar SIEM by identifying a network’s most vulnerable assets. It can immediately generate alerts when these systems engage in activity that potentially exposes them. For example, organiza- tions can scan their networks for unpatched applications, devices and systems, determine which ones connect to the Internet and prioritize remediation based on the risk profile of each application. For more information please see the QRadar Risk Manager data sheet. Receiving comprehensive device support to capture network events and flows With support for more than 450 products from virtually every leading vendor deployed in enterprise networks, QRadar SIEM provides collection, analysis and correlation across a broad spectrum of systems, including networked solutions, security solutions, servers, hosts, operating systems and applications. In addition, QRadar SIEM is easily extended to support proprie- tary applications and new systems from IBM and many other vendors. Why IBM? IBM operates the world’s broadest security research, develop- ment and delivery organization. IBM solutions empower organizations to reduce their security vulnerabilities and focus more on the success of their strategic initiatives.
Please Recycle For more information To learn more about how IBM Security QRadar SIEM can solve your organization’s threat management and compliance challenges, contact your IBM representative or IBM Business Partner, or visit: ibm.com/security. About IBM Security solutions IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force® research and development, provides security intelligence to help organizations holistically protect their people, infrastructures, data and applications, offering solutions for identity and access management, database security, application development, risk management, endpoint management, network security and more. These solutions enable organizations to effectively manage risk and implement integrated security for mobile, cloud, social media and other enterprise business architectures. IBM operates one of the world’s broadest security research, development and delivery organizations, monitors 13 billion security events per day in more than 130 countries, and holds more than 3,000 security patents. Additionally, IBM Global Financing can help you acquire the software capabilities that your business needs in the most cost-effective and strategic way possible. We’ll partner with credit-qualified clients to customize a financing solution to suit your business and development goals, enable effective cash management, and improve your total cost of ownership. Fund your critical IT investment and propel your business forward with IBM Global Financing. For more information, visit: ibm.com/financing © Copyright IBM Corporation 2013 IBM Corporation Software Group Route 100 Somers, NY 10589 Produced in the United States of America January 2013 IBM, the IBM logo, ibm.com, QRadar, and X-Force are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that systems and products are immune from the malicious or illegal conduct of any party. WGD03021-USEN-00

Recommended

IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
 
IBM Security Intelligence
IBM Security IntelligenceIBM Security Intelligence
IBM Security IntelligenceAnna Landolfi
 
IBM Qradar
IBM QradarIBM Qradar
IBM QradarCoenraad Smith
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Language and Meta-language for Enterprise Architecture
Language and Meta-language for Enterprise ArchitectureLanguage and Meta-language for Enterprise Architecture
Language and Meta-language for Enterprise ArchitectureIvo Velitchkov
 

Recommended

IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
 
IBM Security Intelligence
IBM Security IntelligenceIBM Security Intelligence
IBM Security IntelligenceAnna Landolfi
 
IBM Qradar
IBM QradarIBM Qradar
IBM QradarCoenraad Smith
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Language and Meta-language for Enterprise Architecture
Language and Meta-language for Enterprise ArchitectureLanguage and Meta-language for Enterprise Architecture
Language and Meta-language for Enterprise ArchitectureIvo Velitchkov
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA IBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...IBM Security
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

More Related Content

More from IBM Security

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...IBM Security
 

More from IBM Security (20)

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
 

Recently uploaded

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 

Recently uploaded (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 

IBM Security QRadar SIEM - Datasheet

  • 1. IBM Software Data Sheet IBM Security QRadar SIEM Boost threat protection and compliance with an integrated investigative reporting system Highlights ●● ● ● Integrate log management and network threat protection technologies within a common database and shared dash- board user interface ●● ● ● Reduce thousands of security events into a manageable list of suspected offenses ●● ● ● Detect and track malicious activity over extended time periods, helping to uncover advanced threats often missed by other security solutions ●● ● ● Detect insider fraud with advanced capabilities ●● ● ● Help exceed regulation mandates and support compliance Today’s networks are larger and more complex than ever before, and protecting them against malicious activity is a never-ending task. Organizations seeking to safeguard their intellectual property, protect their customer identities and avoid business disruptions need to do more than monitor logs and network flow data; they need to leverage advanced tools to detect these activities in a consumable manner. IBM® Security QRadar® SIEM can serve as the anchor solution within a small or large organization’s security operations center to collect, normalize and correlate available network data using years’ worth of contextual insights. The result is something called security intelligence. At the heart of this product sits a highly scalable database designed to capture real-time log event and network flow data, revealing the footprints of would-be attackers. QRadar SIEM is an enterprise solution that consolidates log source event data from thousands of devices distrib- uted across a network, storing every activity in its raw form, and then performing immediate correlation activities to distinguish the real threats from false positives. It also captures real-time Layer 4 network flow data and, more uniquely, Layer 7 application payloads, using deep packet inspection technology. An intuitive user interface shared across all QRadar family components helps IT personnel quickly identify and remediate network attacks by rank, ordering hundreds of alerts and patterns of anomalous activity into a drastically reduced number of offenses warranting further investigation.
  • 2. 2 Data SheetIBM Software Providing real-time visibility for threat detection and prioritization QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure, helping organizations detect and remediate threats often missed by other security solutions. These threats can include inappropriate use of applications; insider fraud; and advanced, “low and slow” threats easily lost in the “noise” of millions of events. QRadar SIEM collects information that includes: ●● ● Security events: Events from firewalls, virtual private networks, intrusion detection systems, intrusion prevention systems and more ●● ● Network events: Events from switches, routers, servers, hosts and more ●● ● Network activity context: Layer 7 application context from network and application traffic ●● ● User or asset context: Contextual data from identity and access-management products and vulnerability scanners ●● ● Operating system information: Vendor name and version number specifics for network assets ●● ● Application logs: Enterprise resource planning (ERP), workflow, application databases, management platforms and more Reducing and prioritizing alerts to focus investigations into actionable offenses Many organizations create millions—or even billions—of events per day, and distilling that data down to a short list of priority offenses can be daunting. QRadar SIEM automatically discov- ers most network log source devices and inspects network flow data to find and classify valid hosts and servers (assets) on the network—tracking the applications, protocols, services and ports they use. It collects, stores and analyzes this data and performs real-time event correlation for use in threat detection and compliance reporting and auditing. Billions of events and flows can therefore be reduced and prioritized into a handful of actionable offenses, according to their business impact. As a result, security professionals normally begin to see value from a QRadar SIEM installation in days rather than weeks, and deployments occur without a small army of expensive consultants. Automatic discovery features and out-of-the-box templates and filters mean you don’t spend months teaching the system about your environment as with more generalized IT operational tools. The architecture employs multiple models of event processor appliances, event collector appliances, flow processor appliances and a central console, all available as hardware-based, software-only or as virtual software appliances. Smaller installations can start with a single all-in-one solution and easily be upgraded to console deployments, adding event and flow processor appliances as needed.
  • 3. 3 Data SheetIBM Software Answering key questions for more effective threat management Security teams need to answer key questions to fully understand the nature of their potential threats: Who is attacking? What is being attacked? What is the business impact? Where do I investigate? QRadar SIEM tracks significant incidents and threats, building a history of supporting data and relevant information. Details such as attack targets, point in time, asset value, vulnerability state, offending users’ identities, attacker profiles, active threats and records of previous offenses all help provide security teams with the intelligence they need to act. Real-time, location-based and historical searching of event and flow data for analysis and forensics can greatly improve an organization’s ability to assess activities and resolve incidents. With easy-to-use dashboards, time-series views, drill-down searching, packet-level content visibility and hundreds of predefined searches, users can quickly aggregate data to summarize and identify anomalies and top activity contributors. They can also perform federated searches across large, geographically distributed environments. Gaining application visibility and anomaly detection QRadar SIEM supports a variety of anomaly detection capabilities to identify changes in behavior affecting applica- tions, hosts, servers and areas of the network. For example, QRadar SIEM can detect off-hours or excessive usage of an application or cloud-based service, or network activity patterns that are inconsistent with historical, moving-average profiles and seasonal usage patterns. QRadar SIEM learns to recognize these daily and weekly usage profiles, helping IT personnel to quickly identify meaningful deviations. QRadar SIEM captures data across a broad range of feeds, reducing it to a manageable list of offenses using pre-existing and customer-defined rules. Security devices Servers and mainframes Network and virtual activity Data activity Application activity Configuration information Vulnerabilities and threats Users and identities Extensive data sources Deep intelligence Exceptionally accurate and actionable insight True offense Suspected incidents Correlation Activity baselining and anomaly detection • Logs/events • Flows • IP reputation • Geographic location • User activity • Database activity • Application activity • Network activity Offense identification • Credibility • Severity • Relevance
  • 4. 4 Data SheetIBM Software The QRadar SIEM centralized database stores log source events and network flow traffic together, helping to correlate discrete events with bidirectional network flow activity emanat- ing from the same IP source. It also can group network flow traffic and record operations occurring within a narrow time period as a single database entry to help reduce storage consumption and conserve license requirements. Its ability to detect application traffic at Layer 7 enables QRadar SIEM to provide accurate analysis and insight into an organiza- tion’s network for policy, threat and general network activity monitoring. With the addition of an IBM Security QRadar QFlow or VFlow Collector appliance, QRadar SIEM can mon- itor the use of applications such as ERP, databases, Skype, voice over IP (VoIP) and social media from within the network. This includes insight into who is using what, analysis and alerts for content transmission, and correlation with other network and log activity to reveal inappropriate data transfers and excessive usage patterns. While QRadar SIEM ships with numerous anomaly and behavioral detection rules, security teams can also create their own through a filtering capability that enables them to apply anomaly detection against time-series data. Commanding a highly intuitive, one-console security solution QRadar SIEM provides a solid foundation for an organization’s security operations center by providing a centralized user interface that offers role-based access by function and a global view to access real-time analysis, incident management and reporting. Five default dashboards are available—including security, network activity, application activity, system monitor- ing and compliance—plus users can create and customize their own workspaces. These dashboards make it easy to spot spikes in alert activity that may signal the beginnings of an attack. Clicking on a graph launches a drill-down capability that enables security teams to quickly investigate the highlighted events or network flows related to a suspected offense. Furthermore, hundreds of tem- plates relevant to specific roles, devices, compliance regulations and vertical industries are available to speed report generation. What was the attack? Who was responsible? When did all of this occur? How valuable are the targets? Was it successful? Where do I find them? How many targets involved? QRadar SIEM offers a wealth of forensic detail behind every suspected offense and an ability to tune existing rules or add new ones to reduce false positives. Extending threat protection to virtual environments ince virtual servers are just as susceptible to security vulnera- ilities as physical servers, comprehensive security intelligence olutions must also include appropriate measures to protect the pplications and data residing within the virtual data center. sing QRadar VFlow Collector appliances, IT professionals ain increased visibility into the vast amount of business S b s a U g
  • 5. 5 Data SheetIBM Software application activity within their virtual networks and can better identify these applications for security monitoring, application layer behavior analysis and anomaly detection. Operators can also capture application content for deeper security and policy forensics. Producing detailed data access and user activity reports to manage compliance QRadar SIEM provides the transparency, accountability and measurability critical to an organization’s success in meeting regulatory mandates and reporting on compliance. The solu- tion’s ability to correlate and integrate surveillance feeds yields more complete metrics reporting on IT risks for auditors, as well as hundreds of reports and rules templates to address industry compliance requirements. Organizations can efficiently respond to compliance-driven IT security requirements with the extensibility of QRadar SIEM to include new definitions, regulations and best practices through automatic updates. In addition, profiles of all network assets can be grouped by business function—for example, servers that are subject to Health Insurance Portability and Accountability Act (HIPAA) compliance audits. The solution’s pre-built dashboards, reports and rules templates are designed for the following regulations and control frame- works: CobiT, SOX, GLBA, NERC/FERC, FISMA, PCI DSS, HIPAA, UK GSi/GCSx, GPG and more. Adding high-availability and disaster-recovery capabilities To achieve high-availability and disaster-recovery capabilities, identical secondary systems can be paired with all members of the QRadar appliance family. From event processor appliances, to flow processor appliances, to all-in-one and console SIEM appliances, users can add robustness and protection where and when it is needed—helping to ensure continuous operations. For organizations seeking business resiliency, QRadar high- availability solutions deliver integrated automatic failover and full-disk synchronization between systems. These solutions are easily deployed through architecturally elegant plug-and-play appliances, and there is no need for additional third-party fault management products. For organizations seeking data protection and recovery, QRadar disaster-recovery solutions forward live data (e.g., flows and events) from a primary QRadar system to a secondary parallel system located at a separate facility. Profiling for vulnerabilities IBM Security QRadar Risk Manager complements QRadar SIEM by identifying a network’s most vulnerable assets. It can immediately generate alerts when these systems engage in activity that potentially exposes them. For example, organiza- tions can scan their networks for unpatched applications, devices and systems, determine which ones connect to the Internet and prioritize remediation based on the risk profile of each application. For more information please see the QRadar Risk Manager data sheet. Receiving comprehensive device support to capture network events and flows With support for more than 450 products from virtually every leading vendor deployed in enterprise networks, QRadar SIEM provides collection, analysis and correlation across a broad spectrum of systems, including networked solutions, security solutions, servers, hosts, operating systems and applications. In addition, QRadar SIEM is easily extended to support proprie- tary applications and new systems from IBM and many other vendors. Why IBM? IBM operates the world’s broadest security research, develop- ment and delivery organization. IBM solutions empower organizations to reduce their security vulnerabilities and focus more on the success of their strategic initiatives.
  • 6. Please Recycle For more information To learn more about how IBM Security QRadar SIEM can solve your organization’s threat management and compliance challenges, contact your IBM representative or IBM Business Partner, or visit: ibm.com/security. About IBM Security solutions IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force® research and development, provides security intelligence to help organizations holistically protect their people, infrastructures, data and applications, offering solutions for identity and access management, database security, application development, risk management, endpoint management, network security and more. These solutions enable organizations to effectively manage risk and implement integrated security for mobile, cloud, social media and other enterprise business architectures. IBM operates one of the world’s broadest security research, development and delivery organizations, monitors 13 billion security events per day in more than 130 countries, and holds more than 3,000 security patents. Additionally, IBM Global Financing can help you acquire the software capabilities that your business needs in the most cost-effective and strategic way possible. We’ll partner with credit-qualified clients to customize a financing solution to suit your business and development goals, enable effective cash management, and improve your total cost of ownership. Fund your critical IT investment and propel your business forward with IBM Global Financing. For more information, visit: ibm.com/financing © Copyright IBM Corporation 2013 IBM Corporation Software Group Route 100 Somers, NY 10589 Produced in the United States of America January 2013 IBM, the IBM logo, ibm.com, QRadar, and X-Force are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that systems and products are immune from the malicious or illegal conduct of any party. WGD03021-USEN-00