SlideShare uma empresa Scribd logo

IBM Security QRadar

Transferir como PPTX, PDF
V
Virginia Fernandez

How to Sense & Act On Cyberthreats With the Most Advanced Security Analytics Platform

Dados e análise
1 de 23
© 2016 IBM Corporation Sense & Act On Cyberthreats With the Most Advanced Security Analytics Platform IBM Security QRadar
© 2016 IBM Corporation CTO Discussion SANDY BIRD IBM Fellow Chief Technology Officer IBM Security
3© 2016 IBM Corporation CISO Challenge: Devising the right security strategy Predict Business Risk Detect Insider Threats Consolidate & Protect Data Identify Threats Stay Compliant
4© 2016 IBM Corporation Upon close, Resilient Systems will advance the IBM Security strategy to help organizations succeed in an era of escalating cyber attacks Unites Security Operations and Incident Response Resilient Systems will extend IBM’s offerings to create one of the industry’s most complete solutions to prevent, detect, and respond to threats Delivers a Single Hub for Response Management Resilient Systems will allow security teams to orchestrate response processes, and resolve incidents faster, more effectively, and more intelligently Integrates Seamlessly with IBM and Third-Party Solutions Resilient Systems integrates with QRadar and other IBM and third-party solutions so organizations of various sizes can successfully resolve attacks PREVENTION DETECTION RESPONSE Help to continuously stop attacks and remediate vulnerabilities Identify the most important threats with advanced analytics and forensics Respond to incidents in integrated and organized fashion
5© 2016 IBM Corporation LegalHR CEO CISO IT Upon close, IBM Security will have the industry’s first integrated end-to-end Security Operations and Response Platform IDS NIPS AV DBs AppsDLP FW ... Security Operations and Response Platform NEW! Resilient Systems Incident Response IBM QRadar Security Intelligence Vulnerability and Patch Management Endpoint / Network Threat Detection and Forensics Entity and Insider Threat Analytics Security Operations and Incident Response Services IBM X-FORCE EXCHANGE automatically updates incident artifacts with threat intelligence IBM QRADAR SECURITY INTELLIGENCE discovers advanced threats and starts the response process IBM SECURITY SERVICES delivers operations consulting to help implement processes and response experts when something goes wrong IBM BIGFIX AND NETWORK FORENSICS enables analysts to query endpoints and analyze traffic Tomorrow’s response is intelligent and coordinated NEW! RESILIENT SYSTEMS INCIDENT RESPONSE generates a response playbook and coordinates activity IBM SECURITY APP EXCHANGE provides apps and add-ons for a rapid and decisive response
© 2016 IBM Corporation Anticipate the unknown. Sense it and act. MATTHEW CARLE Product Manager – QRadar IBM Security The Power of Security Analytics
7© 2016 IBM Corporation 2013 800+ Million records breached 2014 1+ Billion records breached 2015 Unprecedented high-value targets breached Attackers break through conventional safeguards every day $6.5M average cost of a U.S. data breachaverage time to detect APTs 256 days V2016-2-11
8© 2016 IBM Corporation Detect attacks disguised as normal activity Retailer POS systems Retailer Windows file server INTERNAL NETWORK Attacker phishes a third-party contractor1 Attacker FTP servers (external) Contractor portals Attacker uses stolen credentials to access contractor portals 2 Attacker finds and infects internal Windows file server 3a Attacker finds and infects POS systems with malware3b Malware scrapes RAM for clear text CC stripe data 4 Stolen data is exfiltrated to FTP servers 5  Advanced  Specific  Stealthy  Exploits human vulnerabilities  Targets business process weaknesses
9© 2016 IBM Corporation Sense Analytics Threat Detection One Platform, Unified Visibility The Power to Act–at Scale  Behavioral  Contextual  Temporal  Extensible  Scalable  Easily deployed  Prioritization  Collaboration of threat data  Automated response IBM Security QRadar – Success Factors
10© 2016 IBM Corporation Advanced analytics assisting in threat identification QRadar is the only Security Intelligence Platform powered by the advanced Sense Analytics engine to:  Detect abnormal behaviors across users, networks, applications and data  Discover current and historical connections, bringing hidden indicators of attack to the surface  Find and prioritize weaknesses before they’re exploited QRadar Sense Analytics™
11© 2016 IBM Corporation QRadar Sense Platform Advanced Threat Detection Insider Threat Detection Risk & Vulnerability Management Fraud Detection Incident Forensics Compliance Reporting Securing Cloud USE CASES ACTION ENGINE COLLECTION DEPLOYMENT MODELS Behavior-Based Analytics PRIORITIZED INCIDENTS Context-Based Analytics Time-Based Analytics QRadar Sense AnalyticsTM Third-Party Usage Automation WorkflowsDashboards Visualizations ON PREM AS A SERVICE CLOUD HYBRID Business Systems Cloud Infrastructure Threat Intel Applications Capability and Threat Intelligence Collaboration Platforms App Exchange X-Force Exchange
12© 2016 IBM Corporation Prioritized incidents Consume massive amount of structured and unstructured data Incident identification • Extensive data collection, storage, and analysis • Real-time correlation and threat intelligence • Automatic asset, service and user discovery and profiling • Activity baselining and anomaly detection Embedded Intelligence QRadar Sense AnalyticsTM Servers and mainframes Data activity Network and virtual activity Application activity Configuration information Security devices Users and identities Vulnerabilities and threats Global threat intelligence EXTENSIVE DATA SOURCES
13© 2016 IBM Corporation Advanced threat detection SCENARIO 1. Host visits malicious domain, but firing an alert might be premature 2. New beaconing behavior 3. Data transfers inconsistent with behavioral baselines appear SCENARIO  Sudden change in network traffic  The appearance of a new application on host or termination of a typical service are captured as anomalies Pattern identification Anomaly detection User and entity profiling QRadar combines all three conditions to produce a single, heightened alert QRadar senses and discovers by monitoring and profiling assets and individuals
14© 2016 IBM Corporation Insider threat monitoring SCENARIO  Service rep downloads twice the normal amount of client data – Might be part of new sales analysis activity  QRadar knows that service rep was recently laid off and sees data being sent to an external site Business context Historical analytics Risk-based analytics QRadar profiles assets and individuals to help security teams better interpret network context and reduce false-positive results, while fine-tuning the detection of attacks and breaches
15© 2016 IBM Corporation Forensics investigation SCENARIO  SOC analyst investigating offense discovers employees exposed to phishing scam  Attacker has latched-on and expanded to an internal server using pattern identified by X-Force known to inject remote-access Trojan (RAT) software Real-time analytics External threat correlation Statistical analysis QRadar recovers all associated network packets with a few mouse clicks • Pinpoints where and when RAT software installed • Rich profile of malicious software including link analysis identifies “patient zero” and other infected parties • Incident response and remediation is completed with no recurrences
16© 2016 IBM Corporation Complete clarity and context QRadar easily deploys lightening fast to help users consolidate insights in a single platform:  Delivers scale collecting billions of events on-premises or in the cloud  Unifies real-time monitoring, vulnerability and risk management, forensics, and incident response  Deep and automated integration from hundreds of third-party sources One platform with global visibility
17© 2016 IBM Corporation Visualize your threat landscape
18© 2016 IBM Corporation Leverage multiple threat intelligence sources  Pull in Threat Intelligence through open STIX/TAXII format  Load threat indicators in collections into QRadar Reference sets  Use reference sets for correlation, searching, reporting  Create custom rule response to post IOCs to Collection USE CASE Bring watchlists of IP addresses from X-Force Exchange create a rule to raise the magnitude of any offense that includes the IP watchlist IBM Security Threat Intelligence
19© 2016 IBM Corporation Add collaborative defenses – App Exchange A New Platform for Security Intelligence Collaboration Single collaboration platform for rapidly delivering new apps and content for IBM Security solutions Enable rapid innovation Single platform for collaboration Access partner innovations Validated security apps Allows QRadar users and partners to deploy new use cases in an accelerated way Quickly extend QRadar functionality
20© 2016 IBM Corporation Actionable security intelligence QRadar enables security experts within and across organizations to collaboratively take action:  Intelligent incident prioritization  Collaboration of threat data and security capabilities from X-Force Exchange and App Exchange  Resilient incident response with workflow, play groups, collaboration, regulatory requirements, integrations, streamlining and automating incident response remediating threats quickly and with ease The power to act at scale
21© 2016 IBM Corporation Global Threat Intelligence Consulting Services | Managed Services Expand the value of security solutions through integration QRadar Risk Manager QRadar Incident Forensics SiteProtector Network Protection XGS Key Lifecycle Manager Guardium zSecure BigFix Trusteer Apex MobileFirst Protect (MaaS360) Trusteer Mobile Trusteer Rapport Trusteer Pinpoint IBM Security Research Identity Manager Access Manager Identity Governance and Intelligence Privileged Identity Manager DataPower Web Security Gateway AppScan Security Intelligence Cloud Cloud Security Enforcer QRadar SIEM QRadar Vulnerability Manager QRadar Log Manager
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. THANK YOU www.ibm.com/security
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. Other company, product, or service names may be trademarks or service marks of others. A current list of IBM trademarks is available at “Copyright and trademark information” www.ibm.com/legal/copytrade.shtml Copyright © 2016 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS document is distributed "AS IS" without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. Any statements regarding IBM’s future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law. Legal notices and disclaimers

Recomendados

IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
What is SIEM
What is SIEMWhat is SIEM
What is SIEMPatten John
 
IBM Qradar
IBM QradarIBM Qradar
IBM QradarCoenraad Smith
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM ArchitectureNishanth Kumar Pathi
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadarPencilData
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 

Recomendados

IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
What is SIEM
What is SIEMWhat is SIEM
What is SIEMPatten John
 
IBM Qradar
IBM QradarIBM Qradar
IBM QradarCoenraad Smith
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM ArchitectureNishanth Kumar Pathi
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadarPencilData
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Q radar architecture deep dive
Q radar architecture deep diveQ radar architecture deep dive
Q radar architecture deep diveKamal Mouline
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhydn|u - The Open Security Community
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:Anton Chuvakin
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event ManagemenS Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
Siem ppt
Siem pptSiem ppt
Siem pptkmehul
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdfPencilData
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
 
IBM Security Intelligence
IBM Security IntelligenceIBM Security Intelligence
IBM Security IntelligenceAnna Landolfi
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
 

Mais conteúdo relacionado

Mais procurados

Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Q radar architecture deep dive
Q radar architecture deep diveQ radar architecture deep dive
Q radar architecture deep diveKamal Mouline
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
Siem ppt
Siem pptSiem ppt
Siem pptkmehul
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdfPencilData
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
 

Mais procurados (20)

Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Q radar architecture deep dive
Q radar architecture deep diveQ radar architecture deep dive
Q radar architecture deep dive
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event Managemen
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
 
Siem ppt
Siem pptSiem ppt
Siem ppt
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdf
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar Users
 

Destaque

IBM Security Intelligence
IBM Security IntelligenceIBM Security Intelligence
IBM Security IntelligenceAnna Landolfi
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Language and Meta-language for Enterprise Architecture
Language and Meta-language for Enterprise ArchitectureLanguage and Meta-language for Enterprise Architecture
Language and Meta-language for Enterprise ArchitectureIvo Velitchkov
 
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...IBM Security
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsAnton Chuvakin
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 

Destaque (7)

IBM Security Intelligence
IBM Security IntelligenceIBM Security Intelligence
IBM Security Intelligence
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Language and Meta-language for Enterprise Architecture
Language and Meta-language for Enterprise ArchitectureLanguage and Meta-language for Enterprise Architecture
Language and Meta-language for Enterprise Architecture
 
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and Lessons
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
 

Semelhante a IBM Security QRadar

Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...IBM Security
 
Failed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareFailed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareIBM Security
 
Luncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael Montecillo
Luncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael MontecilloLuncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael Montecillo
Luncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael MontecilloNorth Texas Chapter of the ISSA
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP
 
What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?IBM Security
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsIBM Security
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016Francisco González Jiménez
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - PowerpointThierry Matusiak
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...IBM Security
 
Marlabs cyber threat management
Marlabs cyber threat managementMarlabs cyber threat management
Marlabs cyber threat managementRajendra Menon
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Stefaan Van daele
 
Splunk Discovery Day Hamburg - Security Session
Splunk Discovery Day Hamburg - Security SessionSplunk Discovery Day Hamburg - Security Session
Splunk Discovery Day Hamburg - Security SessionSplunk
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersIBM Security
 
ImmuniWeb AI Platform
ImmuniWeb AI PlatformImmuniWeb AI Platform
ImmuniWeb AI PlatformImmuniWeb
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
 
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]AngelGomezRomero
 

Semelhante a IBM Security QRadar (20)

Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
 
Failed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareFailed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated Ransomware
 
Luncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael Montecillo
Luncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael MontecilloLuncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael Montecillo
Luncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael Montecillo
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
 
What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?What’s the State of Your Endpoint Security?
What’s the State of Your Endpoint Security?
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...
 
Marlabs cyber threat management
Marlabs cyber threat managementMarlabs cyber threat management
Marlabs cyber threat management
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence
 
Splunk Discovery Day Hamburg - Security Session
Splunk Discovery Day Hamburg - Security SessionSplunk Discovery Day Hamburg - Security Session
Splunk Discovery Day Hamburg - Security Session
 
Rapport X force 2014
Rapport X force 2014Rapport X force 2014
Rapport X force 2014
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
 
ImmuniWeb AI Platform
ImmuniWeb AI PlatformImmuniWeb AI Platform
ImmuniWeb AI Platform
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
 
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
 

Mais de Virginia Fernandez

=Ven a conocer la plataforma cloud de IBM!
=Ven a conocer la plataforma cloud de IBM! =Ven a conocer la plataforma cloud de IBM!
=Ven a conocer la plataforma cloud de IBM! Virginia Fernandez
 
Cloud Hibrido, Llave de la evolucion empresarial
Cloud Hibrido, Llave de la evolucion empresarialCloud Hibrido, Llave de la evolucion empresarial
Cloud Hibrido, Llave de la evolucion empresarialVirginia Fernandez
 
Computing, cognition and the future of knowing,. by IBM
Computing, cognition and the future of knowing,. by IBMComputing, cognition and the future of knowing,. by IBM
Computing, cognition and the future of knowing,. by IBMVirginia Fernandez
 
Deliveling Intellingent Transport Systems - IBM
Deliveling Intellingent Transport Systems - IBMDeliveling Intellingent Transport Systems - IBM
Deliveling Intellingent Transport Systems - IBMVirginia Fernandez
 
10 ways that cognition is shaping the future of smart buildings
10 ways that cognition is shaping the future of smart buildings10 ways that cognition is shaping the future of smart buildings
10 ways that cognition is shaping the future of smart buildingsVirginia Fernandez
 
IBM Cognos Analytics - Aumente la inteligencia de toda su empresa
IBM Cognos Analytics - Aumente la inteligencia de toda su empresaIBM Cognos Analytics - Aumente la inteligencia de toda su empresa
IBM Cognos Analytics - Aumente la inteligencia de toda su empresaVirginia Fernandez
 
IBM Security Summit 2016 - 21 de Septiembre, Madrid.
IBM Security Summit 2016 - 21 de Septiembre, Madrid.IBM Security Summit 2016 - 21 de Septiembre, Madrid.
IBM Security Summit 2016 - 21 de Septiembre, Madrid.Virginia Fernandez
 
3 New ways to Improve and Understand your Customers Experience
3 New ways to Improve and Understand your Customers Experience3 New ways to Improve and Understand your Customers Experience
3 New ways to Improve and Understand your Customers ExperienceVirginia Fernandez
 
IBM Marketing Cloud mobile solutions
IBM Marketing Cloud mobile solutionsIBM Marketing Cloud mobile solutions
IBM Marketing Cloud mobile solutionsVirginia Fernandez
 
Ibm Cognitive Computing Insurance
Ibm Cognitive Computing InsuranceIbm Cognitive Computing Insurance
Ibm Cognitive Computing InsuranceVirginia Fernandez
 
IBM ExperienceOne for E -Commerce
IBM ExperienceOne for E -CommerceIBM ExperienceOne for E -Commerce
IBM ExperienceOne for E -CommerceVirginia Fernandez
 
What's New in Predictive Analytics IBM SPSS
What's New in Predictive Analytics IBM SPSSWhat's New in Predictive Analytics IBM SPSS
What's New in Predictive Analytics IBM SPSSVirginia Fernandez
 
What Watson Explorer is and How it works
What Watson Explorer is and How it worksWhat Watson Explorer is and How it works
What Watson Explorer is and How it worksVirginia Fernandez
 
IBM Customer Engagement Solution - Retail industry
IBM Customer Engagement Solution - Retail industryIBM Customer Engagement Solution - Retail industry
IBM Customer Engagement Solution - Retail industryVirginia Fernandez
 

Mais de Virginia Fernandez (20)

=Ven a conocer la plataforma cloud de IBM!
=Ven a conocer la plataforma cloud de IBM! =Ven a conocer la plataforma cloud de IBM!
=Ven a conocer la plataforma cloud de IBM!
 
Cloud Hibrido, Llave de la evolucion empresarial
Cloud Hibrido, Llave de la evolucion empresarialCloud Hibrido, Llave de la evolucion empresarial
Cloud Hibrido, Llave de la evolucion empresarial
 
IBM: The Value of Training
IBM: The Value of TrainingIBM: The Value of Training
IBM: The Value of Training
 
Computing, cognition and the future of knowing,. by IBM
Computing, cognition and the future of knowing,. by IBMComputing, cognition and the future of knowing,. by IBM
Computing, cognition and the future of knowing,. by IBM
 
Deliveling Intellingent Transport Systems - IBM
Deliveling Intellingent Transport Systems - IBMDeliveling Intellingent Transport Systems - IBM
Deliveling Intellingent Transport Systems - IBM
 
10 ways that cognition is shaping the future of smart buildings
10 ways that cognition is shaping the future of smart buildings10 ways that cognition is shaping the future of smart buildings
10 ways that cognition is shaping the future of smart buildings
 
IBM Cognos Analytics - Aumente la inteligencia de toda su empresa
IBM Cognos Analytics - Aumente la inteligencia de toda su empresaIBM Cognos Analytics - Aumente la inteligencia de toda su empresa
IBM Cognos Analytics - Aumente la inteligencia de toda su empresa
 
IBM Security Summit 2016 - 21 de Septiembre, Madrid.
IBM Security Summit 2016 - 21 de Septiembre, Madrid.IBM Security Summit 2016 - 21 de Septiembre, Madrid.
IBM Security Summit 2016 - 21 de Septiembre, Madrid.
 
IBM Containers- Bluemix
IBM Containers- BluemixIBM Containers- Bluemix
IBM Containers- Bluemix
 
3 New ways to Improve and Understand your Customers Experience
3 New ways to Improve and Understand your Customers Experience3 New ways to Improve and Understand your Customers Experience
3 New ways to Improve and Understand your Customers Experience
 
IBM Marketing Cloud mobile solutions
IBM Marketing Cloud mobile solutionsIBM Marketing Cloud mobile solutions
IBM Marketing Cloud mobile solutions
 
IBM DevOps Solution - Bluemix
IBM DevOps Solution - BluemixIBM DevOps Solution - Bluemix
IBM DevOps Solution - Bluemix
 
Ibm Cognitive Computing Insurance
Ibm Cognitive Computing InsuranceIbm Cognitive Computing Insurance
Ibm Cognitive Computing Insurance
 
IBM Watson-How it works
IBM Watson-How it worksIBM Watson-How it works
IBM Watson-How it works
 
IBM ExperienceOne for E -Commerce
IBM ExperienceOne for E -CommerceIBM ExperienceOne for E -Commerce
IBM ExperienceOne for E -Commerce
 
IBM Cloud Innovation Day
IBM Cloud Innovation DayIBM Cloud Innovation Day
IBM Cloud Innovation Day
 
What's New in Predictive Analytics IBM SPSS
What's New in Predictive Analytics IBM SPSSWhat's New in Predictive Analytics IBM SPSS
What's New in Predictive Analytics IBM SPSS
 
What Watson Explorer is and How it works
What Watson Explorer is and How it worksWhat Watson Explorer is and How it works
What Watson Explorer is and How it works
 
IBM Customer Engagement Solution - Retail industry
IBM Customer Engagement Solution - Retail industryIBM Customer Engagement Solution - Retail industry
IBM Customer Engagement Solution - Retail industry
 
How does IBM Bluemix work?
How does IBM Bluemix work?How does IBM Bluemix work?
How does IBM Bluemix work?
 

Último

Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...amitlee9823
 
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdfAccredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdfadriantubila
 
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceBDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceDelhi Call girls
 
Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023ymrp368
 
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779Delhi Call girls
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionfulawalesam
 
Smarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxSmarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxolyaivanovalion
 
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...amitlee9823
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightDelhi Call girls
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...amitlee9823
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Delhi Call girls
 
Introduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxIntroduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxfirstjob4
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxolyaivanovalion
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...amitlee9823
 
Zuja dropshipping via API with DroFx.pptx
Zuja dropshipping via API with DroFx.pptxZuja dropshipping via API with DroFx.pptx
Zuja dropshipping via API with DroFx.pptxolyaivanovalion
 
Edukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxEdukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxolyaivanovalion
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz1
 
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...shivangimorya083
 

Último (20)

Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
 
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdfAccredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
 
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceBDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
 
Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023
 
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interaction
 
Smarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxSmarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptx
 
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
 
Introduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxIntroduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptx
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFx
 
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts ServiceCall Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
 
Zuja dropshipping via API with DroFx.pptx
Zuja dropshipping via API with DroFx.pptxZuja dropshipping via API with DroFx.pptx
Zuja dropshipping via API with DroFx.pptx
 
Edukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxEdukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFx
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signals
 
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
 
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 

IBM Security QRadar

  • 1. © 2016 IBM Corporation Sense & Act On Cyberthreats With the Most Advanced Security Analytics Platform IBM Security QRadar
  • 2. © 2016 IBM Corporation CTO Discussion SANDY BIRD IBM Fellow Chief Technology Officer IBM Security
  • 3. 3© 2016 IBM Corporation CISO Challenge: Devising the right security strategy Predict Business Risk Detect Insider Threats Consolidate & Protect Data Identify Threats Stay Compliant
  • 4. 4© 2016 IBM Corporation Upon close, Resilient Systems will advance the IBM Security strategy to help organizations succeed in an era of escalating cyber attacks Unites Security Operations and Incident Response Resilient Systems will extend IBM’s offerings to create one of the industry’s most complete solutions to prevent, detect, and respond to threats Delivers a Single Hub for Response Management Resilient Systems will allow security teams to orchestrate response processes, and resolve incidents faster, more effectively, and more intelligently Integrates Seamlessly with IBM and Third-Party Solutions Resilient Systems integrates with QRadar and other IBM and third-party solutions so organizations of various sizes can successfully resolve attacks PREVENTION DETECTION RESPONSE Help to continuously stop attacks and remediate vulnerabilities Identify the most important threats with advanced analytics and forensics Respond to incidents in integrated and organized fashion
  • 5. 5© 2016 IBM Corporation LegalHR CEO CISO IT Upon close, IBM Security will have the industry’s first integrated end-to-end Security Operations and Response Platform IDS NIPS AV DBs AppsDLP FW ... Security Operations and Response Platform NEW! Resilient Systems Incident Response IBM QRadar Security Intelligence Vulnerability and Patch Management Endpoint / Network Threat Detection and Forensics Entity and Insider Threat Analytics Security Operations and Incident Response Services IBM X-FORCE EXCHANGE automatically updates incident artifacts with threat intelligence IBM QRADAR SECURITY INTELLIGENCE discovers advanced threats and starts the response process IBM SECURITY SERVICES delivers operations consulting to help implement processes and response experts when something goes wrong IBM BIGFIX AND NETWORK FORENSICS enables analysts to query endpoints and analyze traffic Tomorrow’s response is intelligent and coordinated NEW! RESILIENT SYSTEMS INCIDENT RESPONSE generates a response playbook and coordinates activity IBM SECURITY APP EXCHANGE provides apps and add-ons for a rapid and decisive response
  • 6. © 2016 IBM Corporation Anticipate the unknown. Sense it and act. MATTHEW CARLE Product Manager – QRadar IBM Security The Power of Security Analytics
  • 7. 7© 2016 IBM Corporation 2013 800+ Million records breached 2014 1+ Billion records breached 2015 Unprecedented high-value targets breached Attackers break through conventional safeguards every day $6.5M average cost of a U.S. data breachaverage time to detect APTs 256 days V2016-2-11
  • 8. 8© 2016 IBM Corporation Detect attacks disguised as normal activity Retailer POS systems Retailer Windows file server INTERNAL NETWORK Attacker phishes a third-party contractor1 Attacker FTP servers (external) Contractor portals Attacker uses stolen credentials to access contractor portals 2 Attacker finds and infects internal Windows file server 3a Attacker finds and infects POS systems with malware3b Malware scrapes RAM for clear text CC stripe data 4 Stolen data is exfiltrated to FTP servers 5  Advanced  Specific  Stealthy  Exploits human vulnerabilities  Targets business process weaknesses
  • 9. 9© 2016 IBM Corporation Sense Analytics Threat Detection One Platform, Unified Visibility The Power to Act–at Scale  Behavioral  Contextual  Temporal  Extensible  Scalable  Easily deployed  Prioritization  Collaboration of threat data  Automated response IBM Security QRadar – Success Factors
  • 10. 10© 2016 IBM Corporation Advanced analytics assisting in threat identification QRadar is the only Security Intelligence Platform powered by the advanced Sense Analytics engine to:  Detect abnormal behaviors across users, networks, applications and data  Discover current and historical connections, bringing hidden indicators of attack to the surface  Find and prioritize weaknesses before they’re exploited QRadar Sense Analytics™
  • 11. 11© 2016 IBM Corporation QRadar Sense Platform Advanced Threat Detection Insider Threat Detection Risk & Vulnerability Management Fraud Detection Incident Forensics Compliance Reporting Securing Cloud USE CASES ACTION ENGINE COLLECTION DEPLOYMENT MODELS Behavior-Based Analytics PRIORITIZED INCIDENTS Context-Based Analytics Time-Based Analytics QRadar Sense AnalyticsTM Third-Party Usage Automation WorkflowsDashboards Visualizations ON PREM AS A SERVICE CLOUD HYBRID Business Systems Cloud Infrastructure Threat Intel Applications Capability and Threat Intelligence Collaboration Platforms App Exchange X-Force Exchange
  • 12. 12© 2016 IBM Corporation Prioritized incidents Consume massive amount of structured and unstructured data Incident identification • Extensive data collection, storage, and analysis • Real-time correlation and threat intelligence • Automatic asset, service and user discovery and profiling • Activity baselining and anomaly detection Embedded Intelligence QRadar Sense AnalyticsTM Servers and mainframes Data activity Network and virtual activity Application activity Configuration information Security devices Users and identities Vulnerabilities and threats Global threat intelligence EXTENSIVE DATA SOURCES
  • 13. 13© 2016 IBM Corporation Advanced threat detection SCENARIO 1. Host visits malicious domain, but firing an alert might be premature 2. New beaconing behavior 3. Data transfers inconsistent with behavioral baselines appear SCENARIO  Sudden change in network traffic  The appearance of a new application on host or termination of a typical service are captured as anomalies Pattern identification Anomaly detection User and entity profiling QRadar combines all three conditions to produce a single, heightened alert QRadar senses and discovers by monitoring and profiling assets and individuals
  • 14. 14© 2016 IBM Corporation Insider threat monitoring SCENARIO  Service rep downloads twice the normal amount of client data – Might be part of new sales analysis activity  QRadar knows that service rep was recently laid off and sees data being sent to an external site Business context Historical analytics Risk-based analytics QRadar profiles assets and individuals to help security teams better interpret network context and reduce false-positive results, while fine-tuning the detection of attacks and breaches
  • 15. 15© 2016 IBM Corporation Forensics investigation SCENARIO  SOC analyst investigating offense discovers employees exposed to phishing scam  Attacker has latched-on and expanded to an internal server using pattern identified by X-Force known to inject remote-access Trojan (RAT) software Real-time analytics External threat correlation Statistical analysis QRadar recovers all associated network packets with a few mouse clicks • Pinpoints where and when RAT software installed • Rich profile of malicious software including link analysis identifies “patient zero” and other infected parties • Incident response and remediation is completed with no recurrences
  • 16. 16© 2016 IBM Corporation Complete clarity and context QRadar easily deploys lightening fast to help users consolidate insights in a single platform:  Delivers scale collecting billions of events on-premises or in the cloud  Unifies real-time monitoring, vulnerability and risk management, forensics, and incident response  Deep and automated integration from hundreds of third-party sources One platform with global visibility
  • 17. 17© 2016 IBM Corporation Visualize your threat landscape
  • 18. 18© 2016 IBM Corporation Leverage multiple threat intelligence sources  Pull in Threat Intelligence through open STIX/TAXII format  Load threat indicators in collections into QRadar Reference sets  Use reference sets for correlation, searching, reporting  Create custom rule response to post IOCs to Collection USE CASE Bring watchlists of IP addresses from X-Force Exchange create a rule to raise the magnitude of any offense that includes the IP watchlist IBM Security Threat Intelligence
  • 19. 19© 2016 IBM Corporation Add collaborative defenses – App Exchange A New Platform for Security Intelligence Collaboration Single collaboration platform for rapidly delivering new apps and content for IBM Security solutions Enable rapid innovation Single platform for collaboration Access partner innovations Validated security apps Allows QRadar users and partners to deploy new use cases in an accelerated way Quickly extend QRadar functionality
  • 20. 20© 2016 IBM Corporation Actionable security intelligence QRadar enables security experts within and across organizations to collaboratively take action:  Intelligent incident prioritization  Collaboration of threat data and security capabilities from X-Force Exchange and App Exchange  Resilient incident response with workflow, play groups, collaboration, regulatory requirements, integrations, streamlining and automating incident response remediating threats quickly and with ease The power to act at scale
  • 21. 21© 2016 IBM Corporation Global Threat Intelligence Consulting Services | Managed Services Expand the value of security solutions through integration QRadar Risk Manager QRadar Incident Forensics SiteProtector Network Protection XGS Key Lifecycle Manager Guardium zSecure BigFix Trusteer Apex MobileFirst Protect (MaaS360) Trusteer Mobile Trusteer Rapport Trusteer Pinpoint IBM Security Research Identity Manager Access Manager Identity Governance and Intelligence Privileged Identity Manager DataPower Web Security Gateway AppScan Security Intelligence Cloud Cloud Security Enforcer QRadar SIEM QRadar Vulnerability Manager QRadar Log Manager
  • 22. © Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. THANK YOU www.ibm.com/security
  • 23. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. Other company, product, or service names may be trademarks or service marks of others. A current list of IBM trademarks is available at “Copyright and trademark information” www.ibm.com/legal/copytrade.shtml Copyright © 2016 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS document is distributed "AS IS" without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. Any statements regarding IBM’s future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law. Legal notices and disclaimers