IBM QRadar Security Intelligence April 2013
11
0
0
Full text
(2) IBM Security Systems. Today’s Challenges. 2. © 2013 IBM Corporation.
(3) IBM Security Systems. Organizations Need an Intelligent View into Their Security Posture. 3. © 2013 IBM Corporation.
(4) IBM Security Systems. What is Security Intelligence?. Security Intelligence --noun 1.the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the IT security and risk posture of an enterprise. Security Intelligence provides actionable and comprehensive insight for managing risks and threats from protection and detection through remediation 4. © 2013 IBM Corporation.
(5) IBM Security Systems. Helping Organizations Progress in Their Security Maturity People. Role based analytics. Optimized. Identity governance Privileged user controls. User provisioning. Proficient. Basic. 5. Access mgmt Strong authentication. Centralized directory. Data. Data flow analytics Data governance. Applications. Secure app engineering processes Fraud detection. Access monitoring. Application firewall. Data loss prevention. Source code scanning. Encryption. Application scanning. Access control. Infrastructure. Advanced network monitoring Forensics / data mining Securing systems. Virtualization security Asset mgmt Endpoint / network security management. Perimeter security Anti-virus. Security Intelligence Advanced threat detection Network anomaly detection Predictive risk management. Real-time event correlation Network forensics. Log management Compliance reporting. © 2013 IBM Corporation.
(6) IBM Security Systems. Solving Customer Challenges. 6. © 2013 IBM Corporation.
(7) IBM Security Systems. Context and Correlation Drive Deepest Insight. Security Devices Servers & Mainframes. True Offense. Event Correlation. Network & Virtual Activity Data Activity. • Logs • Flows. • IP Reputation • Geo Location. Activity Baselining & Anomaly Detection. Application Activity. • • • •. Configuration Info Vulnerability & Threat. User Activity Database Activity Application Activity Network Activity. 7. • Credibility • Severity • Relevance. Suspected Incidents. Users & Identities. Extensive Data Sources. Offense Identification. +. Deep Intelligence. =. Exceptionally Accurate and Actionable Insight. © 2013 IBM Corporation.
(8) IBM Security Systems. Security Intelligence Product Offerings Product. Description. QRadar Log Manager. QRadar Log Manager collects, archives, analyzes and reports on events across a distributed network. It helps address regulatory and policy compliance, while reducing manual compliance and reporting activities.. QRadar SIEM. QRadar SIEM provides extensive visibility and actionable insight to help protect networks and IT assets from a wide range of advanced threats. It helps detect and remediate breaches faster, address compliance, and improve the efficiency of security operations.. QRadar QFlow QRadar VFlow. QRadar QFlow complements QRadar SIEM by providing deep content visibility. It gathers Layer 7 flow data via deep packet inspection, enabling advanced threat detection through analysis of packet content. QRadar VFlow provides content visibility into virtual network traffic, delivering comparable functionality to QRadar QFlow but for virtual environments.. QRadar Risk Manager. QRadar Risk Manager identifies and reduces security risks through device configuration monitoring, vulnerability prioritization, and threat simulation and visualization. It can help prevent many security breaches while improving operational efficiency and compliance.. 8. © 2013 IBM Corporation.
(9) IBM Security Systems. QRadar: Applying Intelligence, Integration, Automation • • •. • • •. 9. Bridges silos Highly scalable Flexible & adaptable. Proactive threat management Identifies critical anomalies Rapid, extensive impact analysis. • • •. Easy deployment Rapid time to value Operational efficiency. © 2013 IBM Corporation.
(10) IBM Security Systems. ibm.com/security. © Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will 2013 IBM Corporation 10 necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT © WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY..
(11) IBM Security Systems. Fully Integrated Security Intelligence Log Management. SIEM. Network Activity & Anomaly Detection. Network and Application Visibility. Configuration & Vulnerability Management. 11. • Turn-key log management and reporting • SME to Enterprise • Upgradeable to enterprise SIEM. • Log, flow, vulnerability & identity correlation • Sophisticated asset profiling • Offense management and workflow. • Network analytics • Behavioral anomaly detection • Fully integrated in SIEM. • Layer 7 application monitoring • Content capture for deep insight & forensics • Physical and virtual environments. • Network security configuration monitoring • Vulnerability prioritization • Predictive threat modeling & simulation. © 2013 IBM Corporation.
(12)
Related documents