SlideShare uma empresa Scribd logo

IBM Q-radar security intelligence roadmap

Transferir como PPTX, PDF
DATA SECURITY SOLUTIONS
DATA SECURITY SOLUTIONS

Mark Ehr, Program director IBM security, https://dssitsec.eu

Tecnologia
1 de 32
QRADAR ROADMAP IBM #QRADAR 25 October 2018 Mark Ehr, WW Program Director, IBM Security
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. Other company, product, or service names may be trademarks or service marks of others. A current list of IBM trademarks is available at “Copyright and trademark information” www.ibm.com/legal/copytrade.shtml Copyright © 2018 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS document is distributed "AS IS" without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. Any statements regarding IBM’s future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law. Legal notices and disclaimers
3 IBM Security Our Security Intelligence Strategy Cloud Customer Success Cognitive and Analytics • Security for the cloud • QRoC and Cloud First • 3rd Party Cloud Deployment • Hybrid Services • Community • Assistant • UI Refresh and Microservice • Open data • Watson Advisor • User Behavior • Model based analytics • Endpoint, Cloud, Network and User focus
4 Event Correlation and Log Management IBM QRadar Security Intelligence SIEM LAYER Incident Response Orchestration Cognitive Security Hunting User and Entity Behavior ABOVE THE SIEM New Security Operations Tools BELOW THE SIEM Security Analytics require an integrated solution set
What’s new in the past ~12 months ?
6 Eco-System, App and Integration Builder STREAMLING NEW DATA INGESTION • Supports simple and easy ingestion and interpretation of new data sources. APP DEVELOPMENT TOOL • Real time QRadar App editing and creating • Create or Edit Apps easily NEW FREE QRADAR ! • 50EPS and 5K FPM • Runs on a laptop
7 QRadar Pulse – New Dashboards • Predefined dashboards to get started before you create one of your own. • Fine-tune display with complete flexibility in dashboard layout and dashboard item refresh rates. • Enlarge and pop out dashboard items to display in a multi-screen SOC. • Create unique dashboards to track endpoint, user, cloud, department, and company- wide security and operational data. • Stay informed with single click drill-down to underlying event, network, and alert data • Import and export dashboards to share with colleagues. • Create dashboard items that use the full power of AQL. NEW
8 IBM QRadar Advisor with Watson Advisor is quick to deploy and easy to consume Delivered via IBM Security App Exchange, downloadable in minutes Security Analytics • Data correlation • Pattern identification • Anomaly detection • Prioritization • Data visualization • Workflow Watson for Cyber Security • Unstructured analysis • Natural language • Question and answer • Machine learning • Bias elimination • Tradeoff analytics Human Expertise • Common sense • Morals • Compassion • Abstraction • Dilemmas • Generalization Watson Advisor • Local mining • 2nd Stage ‘hunt’ • Route cause and impact presentation and graph visualization
9 New Administration and Operations Tools BIRDS EYE VIEW OF SYSTEM • EPS, Log source health, Expensive Rules, Properties, I/O, Memory, Notifications/Alerts, Stored Events, and much more • Deployment wide and per appliance/node view FAST INVESTIGATIONS • Immediate visibility of configuration changes, searches and other actions • Understand correlation and impact of configuration and data changes on platform activity • Audit trail of all user actions NEW
10 Deeper Endpoint Threat Detection • Detected an Unquoted Service Binary Path with Spaces • Detected a Service Binary Path Changed followed by a User or Group Added • Unsigned Executable Loaded Into Sensitive System Process • Powershell Malicious Usage Detected with Encoded Command • Powershell Malicious Usage Detected • Powershell Script File Has Been Downloaded • Process Started from Unusual Directories • Process Loaded Executable from Temp Directory • Detected PsExec with a Different Process Name • Detected a Suspicious Svchost Process • Detected Excessive Usage of System Tools From a Single Machine • Shadow Copies Delete Detected • Detected a Possible Keylogger • Process Created a Thread Into Another Process • Process Profiler: Process Name to Hash • Process Profiler: Process Name to Parent Process • System Process Started From Unusual Directory • Abnormal Parent for a System Process • Abnormal Parent for a Process • Detected a Known Process Started With Unseen Hash
11 QRadar Network Insights Announcing NEW IBM QRadar Network Insights (QNI) • Innovative network analytics solution that will quickly and easily detect insider threats, data exfiltration and malware activity • Logs and network flow data not providing enough visibility • Records application activities, captures artifacts, and identifies assets, applications and users participating in network communications • Configurable analysis from network traffic for real time threat detection and long-term retrospective analysis • New Appliance with out-of-the-box App on the App Exchange for fast time to value and best practices NEW
12 Defending the DNS Attack Vector Identification • A new domain is observed via local DNS queries observed by QNI • DNS logs or DNS mirrored traffic New Analytics • QRadar domain analytics , including DGA detection, tunneling detection, beaconing, IP Flux, and whois information QRadar DNS-based Threat Detection Extraction (250+ days) Publish 1 10 20 30 40 50 Conventional Threat Intelligence Hours of Visibility Illuminate
13 Securing the Cloud – Cloud Visibility (Q3 2018) AWS • Ingests CloudTrail, CloudWatch, VPC Flow logs, and S3 Bucket log data from AWS • Best practice threat and risk management AZURE • Ingests Azure EventHub data • Single view of malicious behaviors and risks IBM Cloud • Detect and prevent common misconfigurations; analyze and assess security of cloud deployments
14 IBM Security QRadar Advisor with Watson - Continued Innovation • Automated and ad-hoc investigations • Malware executed indicators, blocked and allowed connections • Extended threat investigation from Watson Insights • Automated Watson Insight watchlist integration • User Behavior Analytics and Asset insights • Local threat intel
15 IBM Security QRadar UBA 3.0 STREAMLINED INCIDENT INVESTIGATIONS • Multiple user watch lists • New dashboard visuals • Session based risk views • Automated actions including mgt review SIMPLIFIED SETUP • Use Case Wizard • Streamline LDAP Additional Use Cases • Additional ML based use cases • Cloud, Source Code, Swift, EPIC UBA Dashboard with user role/title, color-coded risk scores and sortable lists for recent and overall risky users Visual timeline chart that shows normal and anomalous user events by time (month/weekday/hour/min) UBA Dashboard with multiple customizab le watchlist NEW
16 QRadar Data Store – Freeing the data Data Store • Need to store data for reporting, search, investigation, audit, compliance and/or analytics ? • Don’t need correlation, behavior analysis and offenses ? • EPS licensing too expensive ? Free the data • Collect, parse, normalize and store data • No data volume license limit per appliance or node • Unlock the value with Search, Reports, Dashboard and Apps** • Simple, fixed, low cost per appliance/node licensing Data Store IBM Security QRadar ** Excludes UBA, Cloud Discovery You are in control • Use existing deployment capacity • No additional infrastructure mandated • You define what data goes to data store • IP, CIDR, Log source, Expression • Move data to Threat Detection function (EPS license) when you need to NEW
17 Splunk App for QRadar GET SPLUNK DATA INTO QRADAR EASILY • Easily utilize existing Splunk collection infrastructure • Forward logs from universal and heavy forwarders • All done via QRadar admin screen to allow for easy configuration • Fast and Simple to deploy and start forwarding logs − Pick your data and where you want to send it to NEW
What is coming soon ?
19 Mitre Attack coming to QRadar (Q4 FY18) • Structured approach and evaluation of use case coverage • New use case recommendation engine* • Simplified and consistent views of offenses and investigation • Higher level analytics on tactics trends and patterns
20 QRadar Assistant (2H 2018) ENSURE QRADAR DEPLOYMENT IS FULLY OPTIMIZED AND EFFECTIVE • Easily access useful info, use case, tech tips, videos, learning academy etc. • Call home IDENTIFY NEW AND UPDATED USE CASES • Analyses QRadar environment (e.g. data and apps) and recommends new and updated apps and content packs (use cases)
21 QRadar Assistant - Tuning (Q4 2018) ENSURE QRADAR IS CONFIGURED CORRECTLY • Network Hierarchy, building blocks, server discovery WIZARD TO HELP TUNING • Identify top firing rules • Analyses select rules and suggests improvements
22 QRadar Advisor 2.0 (2018 Q4) • New summary investigation insights • Mitre Attack chain analysis and Visualization • Root Cause and Confidence Scoring Mitre Attack AnalysisKey threat and risk factors Mitre custom mapping
23 QRadar Advisor 2.0 (2018 Q4) – Cross investigation Analytics Related offenses and investigations automatically detected
24 QRadar UBA – 2019 – 1H AUTOMATED INSIGHTS • Auto asset, user, app and data discovery and classification • Asset based user view • HR/Travel Integration for leavers/travelers etc. • Password vault integration DEEPER INSIGHTS • Sentiment Analysis • Leaver prediction • Training recommendations Additional Use Cases • Cloud, Source Code, Swift, EPIC UBA Dashboard with user role/title, color-coded risk scores and sortable lists for recent and overall risky users Visual timeline chart that shows normal and anomalous user events by time (month/weekday/hour/min)
25 Machine Learning App– Enabling custom ML Models configs (2H 2019) • Define your data set • Select the model • Define the features • Action and explore the results! • Utilizes the machine learning SPARK pipeline in UBA and DNS
26 Refreshed Offense and Search UI (1H 2019)
Security from the Cloud
28 QRadar on and for IaaS Platforms Deploy QRadar in Cloud 2H Available Q2 2018 Q2 2018 2H 2018 Marketplace 2H Q3 2018 Q3 2018 Q3 2018 2H 2018 App 2019 IaaS App Q3 2018 Q3 2018 2019 IaaS App 2019 IaaS App DSM Q1 2018 Available Available Q3 2018 Q4 2018 Content Packs 2H Available Q1 2018 • Azure Account Config and Access Monitoring • Office 365 Security Content 2H 2018 2H 2018 Internal Use Only
29 QRadar ‘Cloud Burst’ (1H 2019) CLOUD BASED STORAGE • QRadar to forward data to an elastic cloud S3 storage • Open data format supported by big data technologies and Splunk • Cost effective long term data store • Fast and simple to deploy • Secure • Cloud based data search • Open access to data for analytics • Reduced IT infrastructure and costs Unified Search and Investigation IBM Security QRadar On-Premise/QRoC Cloud Storage and Search 3rd Party
30 QRadar ‘App Cloud’ (1H 2018) CLOUD APP DEPLOYMENT • Simple click and deploy QRadar apps into the cloud • Simplified provisioning and scaling • Secure connection to on- prem or QRoC Cloud • Reduced IT infrastructure and costs • Hybrid migration path to cloud for on-premise user Unified view IBM Security QRadar On-Premise/QRoC Cloud based Apps
31 QRadar Roadmap Summary • Threat Detection Use Cases and Apps across all domains of security operations • Core architecture evolution to support cloud and next generation data center processes and technologies • Continued focus on 3rd party integrations and apps • Improving consumability and supportability COMPLIANCE HUMAN ERROR SKILLS GAP ADVANCED ATTACKS INNOVATION
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANYSYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

Recomendados

IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
Virginia Fernandez
 
Siem ppt
Siem pptSiem ppt
Siem ppt
kmehul
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
M sharifi
 
Qradar - Reports.pdf
Qradar - Reports.pdfQradar - Reports.pdf
Qradar - Reports.pdf
PencilData
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM Architecture
Nishanth Kumar Pathi
 
What is SIEM
What is SIEMWhat is SIEM
What is SIEM
Patten John
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadar
PencilData
 

Recomendados

IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
Virginia Fernandez
 
Siem ppt
Siem pptSiem ppt
Siem ppt
kmehul
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
M sharifi
 
Qradar - Reports.pdf
Qradar - Reports.pdfQradar - Reports.pdf
Qradar - Reports.pdf
PencilData
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM Architecture
Nishanth Kumar Pathi
 
What is SIEM
What is SIEMWhat is SIEM
What is SIEM
Patten John
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadar
PencilData
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
k33a
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
OWASP Delhi
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
hardik soni
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
Erik Taavila
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
AlienVault
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
IBM Security
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
n|u - The Open Security Community
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
Sagar Joshi
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
hashnees
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
Shawn Croswell
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
Splunk
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
Rizwan S
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
Prime Infoserv
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEW
Sylvain Martinez
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
Vulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation SlidesVulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation Slides
SlideTeam
 
The Bluemix Quadruple Threat
The Bluemix Quadruple ThreatThe Bluemix Quadruple Threat
The Bluemix Quadruple Threat
Ram Vennam
 
AAI-3281 Smarter Production with WebSphere Application Server ND Intelligent ...
AAI-3281 Smarter Production with WebSphere Application Server ND Intelligent ...AAI-3281 Smarter Production with WebSphere Application Server ND Intelligent ...
AAI-3281 Smarter Production with WebSphere Application Server ND Intelligent ...
WASdev Community
 

Mais conteúdo relacionado

Mais procurados

kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
Shawn Croswell
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
Rizwan S
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
Prime Infoserv
 
Vulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation SlidesVulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation Slides
SlideTeam
 

Mais procurados (20)

Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEW
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
Vulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation SlidesVulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation Slides
 

Semelhante a IBM Q-radar security intelligence roadmap

Making People Flow in Cities Measurable and Analyzable
Making People Flow in Cities Measurable and AnalyzableMaking People Flow in Cities Measurable and Analyzable
Making People Flow in Cities Measurable and Analyzable
Weiwei Yang
 
Improving Software Delivery with Software Defined Environments (IBM Interconn...
Improving Software Delivery with Software Defined Environments (IBM Interconn...Improving Software Delivery with Software Defined Environments (IBM Interconn...
Improving Software Delivery with Software Defined Environments (IBM Interconn...
Michael Elder
 
Enterprise grade cloud services with data power virtual
Enterprise grade cloud services with data power virtualEnterprise grade cloud services with data power virtual
Enterprise grade cloud services with data power virtual
sflynn073
 
Enterprise grade cloud services with data power virtual
Enterprise grade cloud services with data power virtualEnterprise grade cloud services with data power virtual
Enterprise grade cloud services with data power virtual
sflynn073
 
SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOps
SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOpsSHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOps
SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOps
Rob Convery
 

Semelhante a IBM Q-radar security intelligence roadmap (20)

The Bluemix Quadruple Threat
The Bluemix Quadruple ThreatThe Bluemix Quadruple Threat
The Bluemix Quadruple Threat
 
AAI-3281 Smarter Production with WebSphere Application Server ND Intelligent ...
AAI-3281 Smarter Production with WebSphere Application Server ND Intelligent ...AAI-3281 Smarter Production with WebSphere Application Server ND Intelligent ...
AAI-3281 Smarter Production with WebSphere Application Server ND Intelligent ...
 
Making People Flow in Cities Measurable and Analyzable
Making People Flow in Cities Measurable and AnalyzableMaking People Flow in Cities Measurable and Analyzable
Making People Flow in Cities Measurable and Analyzable
 
Introduction To The IBM IoT Foundation
Introduction To The IBM IoT FoundationIntroduction To The IBM IoT Foundation
Introduction To The IBM IoT Foundation
 
2449 rapid prototyping of innovative io t solutions
2449 rapid prototyping of innovative io t solutions2449 rapid prototyping of innovative io t solutions
2449 rapid prototyping of innovative io t solutions
 
IBM MQ on cloud and containers
IBM MQ on cloud and containersIBM MQ on cloud and containers
IBM MQ on cloud and containers
 
TI 1641 - delivering enterprise software at the speed of cloud
TI 1641 - delivering enterprise software at the speed of cloudTI 1641 - delivering enterprise software at the speed of cloud
TI 1641 - delivering enterprise software at the speed of cloud
 
IBM Message Hub: Cloud-Native Messaging
IBM Message Hub: Cloud-Native MessagingIBM Message Hub: Cloud-Native Messaging
IBM Message Hub: Cloud-Native Messaging
 
Become an IBM Cloud Architect in 40 Minutes
Become an IBM Cloud Architect in 40 MinutesBecome an IBM Cloud Architect in 40 Minutes
Become an IBM Cloud Architect in 40 Minutes
 
Integrate Application Security Testing into your SDLC
Integrate Application Security Testing into your SDLCIntegrate Application Security Testing into your SDLC
Integrate Application Security Testing into your SDLC
 
Improving Software Delivery with Software Defined Environments (IBM Interconn...
Improving Software Delivery with Software Defined Environments (IBM Interconn...Improving Software Delivery with Software Defined Environments (IBM Interconn...
Improving Software Delivery with Software Defined Environments (IBM Interconn...
 
Enterprise grade cloud services with data power virtual
Enterprise grade cloud services with data power virtualEnterprise grade cloud services with data power virtual
Enterprise grade cloud services with data power virtual
 
Enterprise grade cloud services with data power virtual
Enterprise grade cloud services with data power virtualEnterprise grade cloud services with data power virtual
Enterprise grade cloud services with data power virtual
 
4515 Modernize your CICS applications for Mobile and Cloud
4515 Modernize your CICS applications for Mobile and Cloud4515 Modernize your CICS applications for Mobile and Cloud
4515 Modernize your CICS applications for Mobile and Cloud
 
Integrating BigInsights and Puredata system for analytics with query federati...
Integrating BigInsights and Puredata system for analytics with query federati...Integrating BigInsights and Puredata system for analytics with query federati...
Integrating BigInsights and Puredata system for analytics with query federati...
 
Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...
 
SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOps
SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOpsSHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOps
SHARE2016: DevOps - IIB Administration for Continuous Delivery and DevOps
 
App infrastructure &_integration_keynote_final
App infrastructure &_integration_keynote_finalApp infrastructure &_integration_keynote_final
App infrastructure &_integration_keynote_final
 
Informix REST API Tutorial
Informix REST API TutorialInformix REST API Tutorial
Informix REST API Tutorial
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 

Mais de DATA SECURITY SOLUTIONS

Mais de DATA SECURITY SOLUTIONS (20)

The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
 
MLM or how to look at company users with new eyes
MLM or how to look at company users with new eyesMLM or how to look at company users with new eyes
MLM or how to look at company users with new eyes
 
The artificial reality of cyber defense
The artificial reality of cyber defenseThe artificial reality of cyber defense
The artificial reality of cyber defense
 
How to maintain business equality secured in network and cloud
How to maintain business equality secured in network and cloudHow to maintain business equality secured in network and cloud
How to maintain business equality secured in network and cloud
 
Forensic tool development with rust
Forensic tool development with rustForensic tool development with rust
Forensic tool development with rust
 
Transform your enterprise branch with secure sd-wan
Transform your enterprise branch with secure sd-wanTransform your enterprise branch with secure sd-wan
Transform your enterprise branch with secure sd-wan
 
How to discover vulnerabilities in business and mission critical systems
How to discover vulnerabilities in business and mission critical systemsHow to discover vulnerabilities in business and mission critical systems
How to discover vulnerabilities in business and mission critical systems
 
Protecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabricProtecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabric
 
Patching: answers to questions you probably were afraid to ask about oracle s...
Patching: answers to questions you probably were afraid to ask about oracle s...Patching: answers to questions you probably were afraid to ask about oracle s...
Patching: answers to questions you probably were afraid to ask about oracle s...
 
Practical approach to NIS Directive's incident management
Practical approach to NIS Directive's incident managementPractical approach to NIS Directive's incident management
Practical approach to NIS Directive's incident management
 
When network security is not enough
When network security is not enoughWhen network security is not enough
When network security is not enough
 
New security solutions for next generation of IT
New security solutions for next generation of ITNew security solutions for next generation of IT
New security solutions for next generation of IT
 
Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data
 
Network is the Firewall
Network is the FirewallNetwork is the Firewall
Network is the Firewall
 
Let's hack your mobile device. Yes we can. And many other do.
Let's hack your mobile device. Yes we can. And many other do.Let's hack your mobile device. Yes we can. And many other do.
Let's hack your mobile device. Yes we can. And many other do.
 
Secure enterprise mobility
Secure enterprise mobilitySecure enterprise mobility
Secure enterprise mobility
 
North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...
 
IoT Technologies for Context-Aware Security
IoT Technologies for Context-Aware SecurityIoT Technologies for Context-Aware Security
IoT Technologies for Context-Aware Security
 
Cyber crime as a startup
Cyber crime as a startupCyber crime as a startup
Cyber crime as a startup
 
Services evolution in cybercrime economics
Services evolution in cybercrime economicsServices evolution in cybercrime economics
Services evolution in cybercrime economics
 

Último

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Último (20)

MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

IBM Q-radar security intelligence roadmap

  • 1. QRADAR ROADMAP IBM #QRADAR 25 October 2018 Mark Ehr, WW Program Director, IBM Security
  • 2. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. Other company, product, or service names may be trademarks or service marks of others. A current list of IBM trademarks is available at “Copyright and trademark information” www.ibm.com/legal/copytrade.shtml Copyright © 2018 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS document is distributed "AS IS" without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. Any statements regarding IBM’s future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law. Legal notices and disclaimers
  • 3. 3 IBM Security Our Security Intelligence Strategy Cloud Customer Success Cognitive and Analytics • Security for the cloud • QRoC and Cloud First • 3rd Party Cloud Deployment • Hybrid Services • Community • Assistant • UI Refresh and Microservice • Open data • Watson Advisor • User Behavior • Model based analytics • Endpoint, Cloud, Network and User focus
  • 4. 4 Event Correlation and Log Management IBM QRadar Security Intelligence SIEM LAYER Incident Response Orchestration Cognitive Security Hunting User and Entity Behavior ABOVE THE SIEM New Security Operations Tools BELOW THE SIEM Security Analytics require an integrated solution set
  • 5. What’s new in the past ~12 months ?
  • 6. 6 Eco-System, App and Integration Builder STREAMLING NEW DATA INGESTION • Supports simple and easy ingestion and interpretation of new data sources. APP DEVELOPMENT TOOL • Real time QRadar App editing and creating • Create or Edit Apps easily NEW FREE QRADAR ! • 50EPS and 5K FPM • Runs on a laptop
  • 7. 7 QRadar Pulse – New Dashboards • Predefined dashboards to get started before you create one of your own. • Fine-tune display with complete flexibility in dashboard layout and dashboard item refresh rates. • Enlarge and pop out dashboard items to display in a multi-screen SOC. • Create unique dashboards to track endpoint, user, cloud, department, and company- wide security and operational data. • Stay informed with single click drill-down to underlying event, network, and alert data • Import and export dashboards to share with colleagues. • Create dashboard items that use the full power of AQL. NEW
  • 8. 8 IBM QRadar Advisor with Watson Advisor is quick to deploy and easy to consume Delivered via IBM Security App Exchange, downloadable in minutes Security Analytics • Data correlation • Pattern identification • Anomaly detection • Prioritization • Data visualization • Workflow Watson for Cyber Security • Unstructured analysis • Natural language • Question and answer • Machine learning • Bias elimination • Tradeoff analytics Human Expertise • Common sense • Morals • Compassion • Abstraction • Dilemmas • Generalization Watson Advisor • Local mining • 2nd Stage ‘hunt’ • Route cause and impact presentation and graph visualization
  • 9. 9 New Administration and Operations Tools BIRDS EYE VIEW OF SYSTEM • EPS, Log source health, Expensive Rules, Properties, I/O, Memory, Notifications/Alerts, Stored Events, and much more • Deployment wide and per appliance/node view FAST INVESTIGATIONS • Immediate visibility of configuration changes, searches and other actions • Understand correlation and impact of configuration and data changes on platform activity • Audit trail of all user actions NEW
  • 10. 10 Deeper Endpoint Threat Detection • Detected an Unquoted Service Binary Path with Spaces • Detected a Service Binary Path Changed followed by a User or Group Added • Unsigned Executable Loaded Into Sensitive System Process • Powershell Malicious Usage Detected with Encoded Command • Powershell Malicious Usage Detected • Powershell Script File Has Been Downloaded • Process Started from Unusual Directories • Process Loaded Executable from Temp Directory • Detected PsExec with a Different Process Name • Detected a Suspicious Svchost Process • Detected Excessive Usage of System Tools From a Single Machine • Shadow Copies Delete Detected • Detected a Possible Keylogger • Process Created a Thread Into Another Process • Process Profiler: Process Name to Hash • Process Profiler: Process Name to Parent Process • System Process Started From Unusual Directory • Abnormal Parent for a System Process • Abnormal Parent for a Process • Detected a Known Process Started With Unseen Hash
  • 11. 11 QRadar Network Insights Announcing NEW IBM QRadar Network Insights (QNI) • Innovative network analytics solution that will quickly and easily detect insider threats, data exfiltration and malware activity • Logs and network flow data not providing enough visibility • Records application activities, captures artifacts, and identifies assets, applications and users participating in network communications • Configurable analysis from network traffic for real time threat detection and long-term retrospective analysis • New Appliance with out-of-the-box App on the App Exchange for fast time to value and best practices NEW
  • 12. 12 Defending the DNS Attack Vector Identification • A new domain is observed via local DNS queries observed by QNI • DNS logs or DNS mirrored traffic New Analytics • QRadar domain analytics , including DGA detection, tunneling detection, beaconing, IP Flux, and whois information QRadar DNS-based Threat Detection Extraction (250+ days) Publish 1 10 20 30 40 50 Conventional Threat Intelligence Hours of Visibility Illuminate
  • 13. 13 Securing the Cloud – Cloud Visibility (Q3 2018) AWS • Ingests CloudTrail, CloudWatch, VPC Flow logs, and S3 Bucket log data from AWS • Best practice threat and risk management AZURE • Ingests Azure EventHub data • Single view of malicious behaviors and risks IBM Cloud • Detect and prevent common misconfigurations; analyze and assess security of cloud deployments
  • 14. 14 IBM Security QRadar Advisor with Watson - Continued Innovation • Automated and ad-hoc investigations • Malware executed indicators, blocked and allowed connections • Extended threat investigation from Watson Insights • Automated Watson Insight watchlist integration • User Behavior Analytics and Asset insights • Local threat intel
  • 15. 15 IBM Security QRadar UBA 3.0 STREAMLINED INCIDENT INVESTIGATIONS • Multiple user watch lists • New dashboard visuals • Session based risk views • Automated actions including mgt review SIMPLIFIED SETUP • Use Case Wizard • Streamline LDAP Additional Use Cases • Additional ML based use cases • Cloud, Source Code, Swift, EPIC UBA Dashboard with user role/title, color-coded risk scores and sortable lists for recent and overall risky users Visual timeline chart that shows normal and anomalous user events by time (month/weekday/hour/min) UBA Dashboard with multiple customizab le watchlist NEW
  • 16. 16 QRadar Data Store – Freeing the data Data Store • Need to store data for reporting, search, investigation, audit, compliance and/or analytics ? • Don’t need correlation, behavior analysis and offenses ? • EPS licensing too expensive ? Free the data • Collect, parse, normalize and store data • No data volume license limit per appliance or node • Unlock the value with Search, Reports, Dashboard and Apps** • Simple, fixed, low cost per appliance/node licensing Data Store IBM Security QRadar ** Excludes UBA, Cloud Discovery You are in control • Use existing deployment capacity • No additional infrastructure mandated • You define what data goes to data store • IP, CIDR, Log source, Expression • Move data to Threat Detection function (EPS license) when you need to NEW
  • 17. 17 Splunk App for QRadar GET SPLUNK DATA INTO QRADAR EASILY • Easily utilize existing Splunk collection infrastructure • Forward logs from universal and heavy forwarders • All done via QRadar admin screen to allow for easy configuration • Fast and Simple to deploy and start forwarding logs − Pick your data and where you want to send it to NEW
  • 18. What is coming soon ?
  • 19. 19 Mitre Attack coming to QRadar (Q4 FY18) • Structured approach and evaluation of use case coverage • New use case recommendation engine* • Simplified and consistent views of offenses and investigation • Higher level analytics on tactics trends and patterns
  • 20. 20 QRadar Assistant (2H 2018) ENSURE QRADAR DEPLOYMENT IS FULLY OPTIMIZED AND EFFECTIVE • Easily access useful info, use case, tech tips, videos, learning academy etc. • Call home IDENTIFY NEW AND UPDATED USE CASES • Analyses QRadar environment (e.g. data and apps) and recommends new and updated apps and content packs (use cases)
  • 21. 21 QRadar Assistant - Tuning (Q4 2018) ENSURE QRADAR IS CONFIGURED CORRECTLY • Network Hierarchy, building blocks, server discovery WIZARD TO HELP TUNING • Identify top firing rules • Analyses select rules and suggests improvements
  • 22. 22 QRadar Advisor 2.0 (2018 Q4) • New summary investigation insights • Mitre Attack chain analysis and Visualization • Root Cause and Confidence Scoring Mitre Attack AnalysisKey threat and risk factors Mitre custom mapping
  • 23. 23 QRadar Advisor 2.0 (2018 Q4) – Cross investigation Analytics Related offenses and investigations automatically detected
  • 24. 24 QRadar UBA – 2019 – 1H AUTOMATED INSIGHTS • Auto asset, user, app and data discovery and classification • Asset based user view • HR/Travel Integration for leavers/travelers etc. • Password vault integration DEEPER INSIGHTS • Sentiment Analysis • Leaver prediction • Training recommendations Additional Use Cases • Cloud, Source Code, Swift, EPIC UBA Dashboard with user role/title, color-coded risk scores and sortable lists for recent and overall risky users Visual timeline chart that shows normal and anomalous user events by time (month/weekday/hour/min)
  • 25. 25 Machine Learning App– Enabling custom ML Models configs (2H 2019) • Define your data set • Select the model • Define the features • Action and explore the results! • Utilizes the machine learning SPARK pipeline in UBA and DNS
  • 26. 26 Refreshed Offense and Search UI (1H 2019)
  • 28. 28 QRadar on and for IaaS Platforms Deploy QRadar in Cloud 2H Available Q2 2018 Q2 2018 2H 2018 Marketplace 2H Q3 2018 Q3 2018 Q3 2018 2H 2018 App 2019 IaaS App Q3 2018 Q3 2018 2019 IaaS App 2019 IaaS App DSM Q1 2018 Available Available Q3 2018 Q4 2018 Content Packs 2H Available Q1 2018 • Azure Account Config and Access Monitoring • Office 365 Security Content 2H 2018 2H 2018 Internal Use Only
  • 29. 29 QRadar ‘Cloud Burst’ (1H 2019) CLOUD BASED STORAGE • QRadar to forward data to an elastic cloud S3 storage • Open data format supported by big data technologies and Splunk • Cost effective long term data store • Fast and simple to deploy • Secure • Cloud based data search • Open access to data for analytics • Reduced IT infrastructure and costs Unified Search and Investigation IBM Security QRadar On-Premise/QRoC Cloud Storage and Search 3rd Party
  • 30. 30 QRadar ‘App Cloud’ (1H 2018) CLOUD APP DEPLOYMENT • Simple click and deploy QRadar apps into the cloud • Simplified provisioning and scaling • Secure connection to on- prem or QRoC Cloud • Reduced IT infrastructure and costs • Hybrid migration path to cloud for on-premise user Unified view IBM Security QRadar On-Premise/QRoC Cloud based Apps
  • 31. 31 QRadar Roadmap Summary • Threat Detection Use Cases and Apps across all domains of security operations • Core architecture evolution to support cloud and next generation data center processes and technologies • Continued focus on 3rd party integrations and apps • Improving consumability and supportability COMPLIANCE HUMAN ERROR SKILLS GAP ADVANCED ATTACKS INNOVATION
  • 32. © Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANYSYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.