1. Security Intelligence and
Compliance Analytics
Organizations are exposed to a greater volume and variety of threats and compliance risks than ever. IBM security intelligence solutions harness the security-relevant information across your organization, applying advanced intelligence to help you detect threats faster, prioritize risks more effectively and automate compliance activities.
IBM QRadar Security Intelligence Platform applies real-time correlation and anomaly detection across a distributed and scalable repository of security information. Big data analytics enable more accurate security monitoring and better visibility, yet are packaged enough to be used by small organizations as well as large enterprises. Through superior ease of use, flexibility and pre-packaged capabilities, IBM solutions help you achieve value faster and evolve your deployment as business changes.
Clients in a variety of industries use IBM QRadar Security Intelligence Platform to:
Detect advanced threats
Address regulatory compliance mandates
Detect insider threats and fraud
Predict risks against the business
Consolidate data silos
Security intelligence solutions offer SIEM (security information and event management), log management, configuration and vulnerability management, and behavioral analysis and anomaly detection capabilities - all delivered through an integrated and flexible platform. Learn more about how small and midsize businesses, large enterprises, non-profit organizations and government agencies improve their security posture, automate compliance and reduce their total cost of ownership with IBM
2. Incident Response Plans
Organizations should have a formal, focused, and coordinated approach to responding to incidents, including an incident response plan that provides the roadmap for implementing the incident response capability. Each organization needs a plan that meets its unique
requirements, which relates to the organization’s mission, size, structure, and functions. The plan should lay out the necessary resources and management support. Some
examples of incidents to be monitored are:
2.1 Creating a Baseline
To define and Incident it is important to know what is the current baseline of normal activity and what constitutes an incident. For example if a normal traffic
between 2 servers is 3 Mbps and the threshold is 10% any increase of normal traffic over 3.5 Mbps should be triggered as an Incident to be further analysed. Hence organizations will need to create a baseline and threshold of values of all important network traffic between important segments, applications, and other important infrastructure devices needed to monitor.
Each organization needs a plan that meets its unique
requirements, which relates to the organization’s
mission, size, structure, and functions.
Web server log entries that show the usage of a vulnerability scanner
An email administrator sees a large number of bounced emails with suspicious content
A system administrator sees a filename with unusual characters
A network intrusion detection sensor alerts when a buffer overflow attempt occurs against a
database server
Antivirus software alerts when it detects that a host is infected with malware.
An application logs multiple failed login attempts from an unfamiliar remote system
A host records an auditing configuration change in its log
3. Typical Scope of Services offered
Establishing an incident response capability based on NIST framework
Creating an incident response policy and plan
Developing procedures for performing incident handling and reporting
Setting guidelines for communicating with outside parties regarding incidents
Selecting a team structure and staffing model
Guidance on establishing relationships and lines of communication between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies)
Coverage of what services the incident response team should provide
Training the incident response team.
SIEM Implementation
When you choose ECOM as a Partner for your IBM Q Radar SIEM Solution,
depending on the size of your project you may also be eligible for a
Free
consulting
engagement for implementing your Incident Response Plan
4. Key Steps in Incident Management Engagement
Plan
DO
Check
Act
Understanding the client entity and environment
Understanding and verifying documentation of existing internal controls
Evaluate Evaluate additional info
Define scope, expectations and project roles
Perform Walkthrough Monitor & Analyse Samples for effectiveness
Request clarifications
Readiness Assessment if required
Assess Risks Request additional info Review/ discussions with the client management
Kick off meeting with Stakeholders
Conduct Interviews Issue draft documentation Preliminary interviews /
questionnaires conducted to gain understanding of requirements
Request Samples Incorporate Management comments and Issue final documentation
Client information request list prepared and
distributed
Create Baselines Ongoing support
Analysis of client‐prepared information performed and client feedback provided
Create Project documentation
Answer questions to Management Project timeline (including
estimates of client hours) / plan created
Implementing SIEM solution
Update Plan based on client discussions
