IBM Qradar & resilient

IBM Qradar & resilient

• 1.
  See What MattersMost Ravi Shankar Mallah DATE : 13/04/2020 Architect – IBM Security Qradar → Resilient
• 2.
  Today, we struggleto find Stealthy Adversaries Critical Vulnerabilities Insider Threats Privacy Risks
• 3.
  44% ALERTS ARE NOT INVESTIGATED1 OurCurrent State. 54% LEGITIMATE ALERTS ARE NOT REMEDIATED 36% SAY “KEEPING UP WITH ALERTS” IS TOP CONCERN We have enough data, but not enough insights.
• 4.
  See Everything Automate Intelligence Become Proactive 3 Pillars ofEffective Threat Detection
• 5.
  Critical data Insider Threats Externalthreats Cloud risks Vulnerabilities Endpoints Network activity Data activity Users and identities Threat intelligence Configuration information Vulnerabilities and threats Application activity Cloud platforms IBM QRadar Empowers you to address your most important security challenges Complete Visibility Automated Investigations Prioritized Threats Proactive Hunting
• 6.
  6 QRadar Security Intelligence Platform DEPLOYMENT MODELS BECOME PROACTIVE AUTOMATE INTELLIGENCE SEEEVERYTHING DETECT ADVANCED THREATS DETECT INSIDER THREATS SECURE CLOUD RESROUCES PROTECT CRITICAL DATA EFFECTIVELY RESPOND TO INCIDENTS PRIORITIZE AND MANAGE RISKS PROVE COMPLIANCE IBM Security App Exchange SEAMLESS INTEGRATION AND CONTENT TO AUGMENT PLATFORM SOLVE SECURITY CHALLENGES ON PREM AS A SERVICE CLOUD HYBRID HW, SW, VM SaaS, Managed Service AWS, Azure, Google Cloud On-prem, SaaS, IaaS COLLECT DATA ACROSS THE ENTIRE ENVIRONMENT APPLY AUTOMATED ANALYTICS TO DETECT, CONNECT, PRIORITIZE AND INVESTIGATE THREATS HUNT THREATS, RESPOND FASTER AND CONTINUOUSLY IMPROVE
• 7.
  Security Intelligence platformthat enables security optimization through advanced threat detection, meet compliance and policy demands and eliminating data silos Portfolio Overview QRadar Log Manager • Turnkey log management for SMB and Enterprises • Upgradeable to enterprise SIEM QRadar SIEM • Integrated log, flow, threat, compliance mgmt • Asset profiling and flow analytics • Offense management and workflow X-Force IP Reputation Feeds Network Activity Collection & Prevention (QFlow) and Network Insights (QNI), Network analytics, behavior and anomaly detection • Layer 7 application monitoring • Real-time network packet analysis QRadar Vulnerability Manager, including Risk Management • Integrated Network Scanning & Workflow • Risk Management to prioritize vulnerabilities • Predictive threat modeling & simulation • Scalable configuration monitoring and audit • Advanced threat and impact analysis QRadar Incident Forensics & Packet Capture • Reconstruct raw network packets to original format • Determine root cause of security incidents and help prevent recurrences QRadar Product Portfolio
• 8.
  What’s New inUBA • 15x improvement to ML scalability • Custom Machine Learning model builder • Additional Out of the Box Use Cases • Browsed to Website categories Education, Religious, and Government. • Data Exfiltration by Print • Data Exfiltration by Cloud Services • Data Exfiltration by Removable Media • Data Loss Possible IBM Security / © 2019 IBM Corporation
• 9.
  73% OF CLIENTS RECOGNIZEDVALUE WITHIN ONE WEEK Designed to make your job easier 51% AVERAGE IMPROVEMENT IN THE ACCURACY OF THREAT DETECION 50% FEWER FALSE POSITIVES THAN OTHER SIEM SOLUTIONS “The security intelligence from X-Force and the out-of- the-box analytics capabilities made QRadar stand out...” 5+ POINT SOLUTIONS REPLACED BY A SINGLE QRADAR INSTANCE — CTO, Large IT Consulting Firm in Europe Independent QRadar Study by Ponemon Institute
• 10.
  IBM RESILIENT ANDINTELLIGENT ORCHESTRATION Security Orchestration & Automation Response
• 11.
  11 IBM Security IncidentResponse Challenges Persistent skill shortage – 77 percent of organizations have difficulty hiring and retaining IT security professionals Constantly growing volume and severity of attacks – 65 percent of organizations say severity is increasing Complex and growing regulatory landscape – GDPR and others Complex SOC environment – the average SOC has 75 security tools (per Symantec)
• 12.
  12 IBM Security ORCHESTRATION& AUTOMATION Threat Intelligence Platform CASE MANAGEMENT INTELLIGENT ORCHESTRATION What is IBM Resilient Intelligent Orchestration? Outsmart. Outpace. Outmaneuver Complex Cyber Attacks. • The next generation of Incident Response dramatically accelerates and sharpens response by combining case management orchestration, artificial and human intelligence and automation in a single platform. • The Resilient platform is the only on to deliver on all three pillars of Gartner’s approach to Security Operations, Automation, and Response (SOAR).
• 13.
  13 IBM Security ResilientSOAR
• 14.
  14 IBM Security IBM-Validated andSupported Applications Unlocks power of existing tools and technologies and increases security ROI and time to value. Community Applications Enables faster and smarter response through shared IR knowledge, expertise, and resources. Escalation • SIEM • Ticketing • IPS/IDS • UBA • DLP Communication and Coordination • Enterprise communications • Ticketing • Crisis management Containment, Response, Recovery • Endpoint • Ticketing • Next-generation firewall • Cloud Access Security Broker Identification and Enrichment • Endpoint • Sandbox • Threat Intelligence • CMDB Code Examples Community-built scripts and automations Developer Tools and SDKs IBM Resilient-provided resources and documentation for building Resilient apps Playbooks and Workflows Incident response tasks lists and expertise from the Resilient community Integrations Applications that leverage your existing IT and security tools for IR Best Practices Community knowledge sharing, metrics, and reports Resilient Use Case
• 15.
  15 IBM Security APP– Exchange
• 16.
  16 IBM Security BuildingSOAR Understand the Scope Process definition - SOP Involve team Plan - Pace Identifying Automation Data certainty Technical Integration Timelines Definition Readiness Documentation Re-usable Playbook Feedback – input Automation Matured SOC Data Driven Defined Objective User feedback iterative improvement The Orchestration Journey
• 17.
  ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBMCorporation 2018. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. FOLLOW US ON: THANK YOU ibm.com/security/community