尊敬的 微信汇率:1円 ≈ 0.046166 元 支付宝汇率:1円 ≈ 0.046257元 [退出登录]
SlideShare a Scribd company logo

IBM Qradar & resilient

Prime Infoserv
Prime Infoserv

The session theme is "Threat Management, Next Generation Security Operations Center". The session focuses how security information and event management can help enterprises to collects data from the heterogeneous landscape to have incident response plans and have automation in the entire security operations framework. The session is handled by The session will be handled by Mr.Ravi Shankar Mallah, Architect / IBM security Specialist – Resilient & i2. Ravi has over 13+ years of experience in the field of Cyber security. Over the course of his career he has been involved in building & running multiple enterprise level SOC while taking care of both perimeter and internal security of these setup. He also enjoys real life experience of various Security related technologies such as SIEM, SOAR, IPS, firewalls, Vulnerability management, Anti-APT solutions etc. In his current role at IBM he is working as an Architect and enjoys the role of specialist for Incident Response Platform (IRP) and Threat Hunting

Technology
1 of 17
See What Matters Most Ravi Shankar Mallah DATE : 13/04/2020 Architect – IBM Security Qradar → Resilient
Today, we struggle to find Stealthy Adversaries Critical Vulnerabilities Insider Threats Privacy Risks
44% ALERTS ARE NOT INVESTIGATED1 Our Current State. 54% LEGITIMATE ALERTS ARE NOT REMEDIATED 36% SAY “KEEPING UP WITH ALERTS” IS TOP CONCERN We have enough data, but not enough insights.
See Everything Automate Intelligence Become Proactive 3 Pillars of Effective Threat Detection
Critical data Insider Threats External threats Cloud risks Vulnerabilities Endpoints Network activity Data activity Users and identities Threat intelligence Configuration information Vulnerabilities and threats Application activity Cloud platforms IBM QRadar Empowers you to address your most important security challenges Complete Visibility Automated Investigations Prioritized Threats Proactive Hunting
6 QRadar Security Intelligence Platform DEPLOYMENT MODELS BECOME PROACTIVE AUTOMATE INTELLIGENCE SEE EVERYTHING DETECT ADVANCED THREATS DETECT INSIDER THREATS SECURE CLOUD RESROUCES PROTECT CRITICAL DATA EFFECTIVELY RESPOND TO INCIDENTS PRIORITIZE AND MANAGE RISKS PROVE COMPLIANCE IBM Security App Exchange SEAMLESS INTEGRATION AND CONTENT TO AUGMENT PLATFORM SOLVE SECURITY CHALLENGES ON PREM AS A SERVICE CLOUD HYBRID HW, SW, VM SaaS, Managed Service AWS, Azure, Google Cloud On-prem, SaaS, IaaS COLLECT DATA ACROSS THE ENTIRE ENVIRONMENT APPLY AUTOMATED ANALYTICS TO DETECT, CONNECT, PRIORITIZE AND INVESTIGATE THREATS HUNT THREATS, RESPOND FASTER AND CONTINUOUSLY IMPROVE
Security Intelligence platform that enables security optimization through advanced threat detection, meet compliance and policy demands and eliminating data silos Portfolio Overview QRadar Log Manager • Turnkey log management for SMB and Enterprises • Upgradeable to enterprise SIEM QRadar SIEM • Integrated log, flow, threat, compliance mgmt • Asset profiling and flow analytics • Offense management and workflow X-Force IP Reputation Feeds Network Activity Collection & Prevention (QFlow) and Network Insights (QNI), Network analytics, behavior and anomaly detection • Layer 7 application monitoring • Real-time network packet analysis QRadar Vulnerability Manager, including Risk Management • Integrated Network Scanning & Workflow • Risk Management to prioritize vulnerabilities • Predictive threat modeling & simulation • Scalable configuration monitoring and audit • Advanced threat and impact analysis QRadar Incident Forensics & Packet Capture • Reconstruct raw network packets to original format • Determine root cause of security incidents and help prevent recurrences QRadar Product Portfolio
What’s New in UBA • 15x improvement to ML scalability • Custom Machine Learning model builder • Additional Out of the Box Use Cases • Browsed to Website categories Education, Religious, and Government. • Data Exfiltration by Print • Data Exfiltration by Cloud Services • Data Exfiltration by Removable Media • Data Loss Possible IBM Security / © 2019 IBM Corporation
73% OF CLIENTS RECOGNIZED VALUE WITHIN ONE WEEK Designed to make your job easier 51% AVERAGE IMPROVEMENT IN THE ACCURACY OF THREAT DETECION 50% FEWER FALSE POSITIVES THAN OTHER SIEM SOLUTIONS “The security intelligence from X-Force and the out-of- the-box analytics capabilities made QRadar stand out...” 5+ POINT SOLUTIONS REPLACED BY A SINGLE QRADAR INSTANCE — CTO, Large IT Consulting Firm in Europe Independent QRadar Study by Ponemon Institute
IBM RESILIENT AND INTELLIGENT ORCHESTRATION Security Orchestration & Automation Response
11 IBM Security Incident Response Challenges Persistent skill shortage – 77 percent of organizations have difficulty hiring and retaining IT security professionals Constantly growing volume and severity of attacks – 65 percent of organizations say severity is increasing Complex and growing regulatory landscape – GDPR and others Complex SOC environment – the average SOC has 75 security tools (per Symantec)
12 IBM Security ORCHESTRATION & AUTOMATION Threat Intelligence Platform CASE MANAGEMENT INTELLIGENT ORCHESTRATION What is IBM Resilient Intelligent Orchestration? Outsmart. Outpace. Outmaneuver Complex Cyber Attacks. • The next generation of Incident Response dramatically accelerates and sharpens response by combining case management orchestration, artificial and human intelligence and automation in a single platform. • The Resilient platform is the only on to deliver on all three pillars of Gartner’s approach to Security Operations, Automation, and Response (SOAR).
13 IBM Security Resilient SOAR
14 IBM Security IBM-Validated and Supported Applications Unlocks power of existing tools and technologies and increases security ROI and time to value. Community Applications Enables faster and smarter response through shared IR knowledge, expertise, and resources. Escalation • SIEM • Ticketing • IPS/IDS • UBA • DLP Communication and Coordination • Enterprise communications • Ticketing • Crisis management Containment, Response, Recovery • Endpoint • Ticketing • Next-generation firewall • Cloud Access Security Broker Identification and Enrichment • Endpoint • Sandbox • Threat Intelligence • CMDB Code Examples Community-built scripts and automations Developer Tools and SDKs IBM Resilient-provided resources and documentation for building Resilient apps Playbooks and Workflows Incident response tasks lists and expertise from the Resilient community Integrations Applications that leverage your existing IT and security tools for IR Best Practices Community knowledge sharing, metrics, and reports Resilient Use Case
15 IBM Security APP – Exchange
16 IBM Security Building SOAR Understand the Scope Process definition - SOP Involve team Plan - Pace Identifying Automation Data certainty Technical Integration Timelines Definition Readiness Documentation Re-usable Playbook Feedback – input Automation Matured SOC Data Driven Defined Objective User feedback iterative improvement The Orchestration Journey
ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBM Corporation 2018. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. FOLLOW US ON: THANK YOU ibm.com/security/community

Recommended

IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
Siem ppt
Siem pptSiem ppt
Siem ppt
kmehul
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM Architecture
Nishanth Kumar Pathi
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
Virginia Fernandez
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
k33a
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
IBM Qradar
IBM QradarIBM Qradar
IBM Qradar
Coenraad Smith
 

Recommended

IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
Siem ppt
Siem pptSiem ppt
Siem ppt
kmehul
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM Architecture
Nishanth Kumar Pathi
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
Virginia Fernandez
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
k33a
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
IBM Qradar
IBM QradarIBM Qradar
IBM Qradar
Coenraad Smith
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: Reloaded
Sounil Yu
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Sounil Yu
 
IBM QRadar BB & Rules
IBM QRadar BB & RulesIBM QRadar BB & Rules
IBM QRadar BB & Rules
Muhammad Abdel Aal
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
What is SIEM
What is SIEMWhat is SIEM
What is SIEM
Patten John
 
Siem solutions R&E
Siem solutions R&ESiem solutions R&E
Siem solutions R&E
Owais Ahmad
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
hardik soni
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
n|u - The Open Security Community
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
OWASP Delhi
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
PECB
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log Analysis
Jim Kaplan CIA CFE
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadar
PencilData
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
hashnees
 
IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint
Thierry Matusiak
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
Rizwan S
 
Take your SOC Beyond SIEM
Take your SOC Beyond SIEMTake your SOC Beyond SIEM
Take your SOC Beyond SIEM
Thomas Springer
 
QRadar-XDR-Solution.pdf
QRadar-XDR-Solution.pdfQRadar-XDR-Solution.pdf
QRadar-XDR-Solution.pdf
ssuserf5beb3
 

More Related Content

What's hot

Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: Reloaded
Sounil Yu
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Sounil Yu
 
IBM QRadar BB & Rules
IBM QRadar BB & RulesIBM QRadar BB & Rules
IBM QRadar BB & Rules
Muhammad Abdel Aal
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
What is SIEM
What is SIEMWhat is SIEM
What is SIEM
Patten John
 
Siem solutions R&E
Siem solutions R&ESiem solutions R&E
Siem solutions R&E
Owais Ahmad
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
hardik soni
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
n|u - The Open Security Community
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
OWASP Delhi
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
PECB
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log Analysis
Jim Kaplan CIA CFE
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadar
PencilData
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
hashnees
 
IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint
Thierry Matusiak
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
Rizwan S
 

What's hot (20)

Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: Reloaded
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
 
IBM QRadar BB & Rules
IBM QRadar BB & RulesIBM QRadar BB & Rules
IBM QRadar BB & Rules
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
What is SIEM
What is SIEMWhat is SIEM
What is SIEM
 
Siem solutions R&E
Siem solutions R&ESiem solutions R&E
Siem solutions R&E
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur Vats
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log Analysis
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadar
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
 

Similar to IBM Qradar & resilient

Take your SOC Beyond SIEM
Take your SOC Beyond SIEMTake your SOC Beyond SIEM
Take your SOC Beyond SIEM
Thomas Springer
 
QRadar-XDR-Solution.pdf
QRadar-XDR-Solution.pdfQRadar-XDR-Solution.pdf
QRadar-XDR-Solution.pdf
ssuserf5beb3
 
Cognitive security
Cognitive securityCognitive security
Cognitive security
Iqra khalil
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
IBM Security
 
IBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy SectorIBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy Sector
FMA Summits
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
IBM Security
 
IBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM - IAM Security and Trends
IBM - IAM Security and Trends
IBM Sverige
 
Kista watson summit final public version
Kista watson summit final public versionKista watson summit final public version
Kista watson summit final public version
IBM Sverige
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
IBM Security
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
Francisco González Jiménez
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
IBM Security
 
A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm Approaching
SPI Conference
 
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...
IBM Security
 
An Integrated, Intelligent Approach to Security
An Integrated, Intelligent Approach to SecurityAn Integrated, Intelligent Approach to Security
An Integrated, Intelligent Approach to Security
Gerard McNamee
 
IBM Security Services Overview
IBM Security Services OverviewIBM Security Services Overview
IBM Security Services Overview
Casey Lucas
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
Information Security Awareness Group
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
Cloudera, Inc.
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
IBM Security
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
Santiago Cavanna
 
Ibm q radar_blind_references
Ibm q radar_blind_referencesIbm q radar_blind_references
Ibm q radar_blind_references
Maarten Werff
 

Similar to IBM Qradar & resilient (20)

Take your SOC Beyond SIEM
Take your SOC Beyond SIEMTake your SOC Beyond SIEM
Take your SOC Beyond SIEM
 
QRadar-XDR-Solution.pdf
QRadar-XDR-Solution.pdfQRadar-XDR-Solution.pdf
QRadar-XDR-Solution.pdf
 
Cognitive security
Cognitive securityCognitive security
Cognitive security
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
IBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy SectorIBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy Sector
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
 
IBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM - IAM Security and Trends
IBM - IAM Security and Trends
 
Kista watson summit final public version
Kista watson summit final public versionKista watson summit final public version
Kista watson summit final public version
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
 
A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm Approaching
 
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...
 
An Integrated, Intelligent Approach to Security
An Integrated, Intelligent Approach to SecurityAn Integrated, Intelligent Approach to Security
An Integrated, Intelligent Approach to Security
 
IBM Security Services Overview
IBM Security Services OverviewIBM Security Services Overview
IBM Security Services Overview
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
Ibm q radar_blind_references
Ibm q radar_blind_referencesIbm q radar_blind_references
Ibm q radar_blind_references
 

More from Prime Infoserv

Face Recognition under COVID19 crisis
Face Recognition under COVID19 crisisFace Recognition under COVID19 crisis
Face Recognition under COVID19 crisis
Prime Infoserv
 
Face Chk - Face Recognition
Face Chk - Face RecognitionFace Chk - Face Recognition
Face Chk - Face Recognition
Prime Infoserv
 
Data Protection and E-contracting
Data Protection and E-contractingData Protection and E-contracting
Data Protection and E-contracting
Prime Infoserv
 
Remote Workforces Secure by Barracuda
Remote Workforces Secure by BarracudaRemote Workforces Secure by Barracuda
Remote Workforces Secure by Barracuda
Prime Infoserv
 
Trend micro research covid19 threat brief summary 27 mar
Trend micro research covid19 threat brief summary 27 marTrend micro research covid19 threat brief summary 27 mar
Trend micro research covid19 threat brief summary 27 mar
Prime Infoserv
 
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend Micro
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend MicroRoadmap of Cyber-security from On-Prem to Cloud Journey - Trend Micro
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend Micro
Prime Infoserv
 
DLP solution - InDefend in WFH Situations
DLP solution - InDefend in WFH SituationsDLP solution - InDefend in WFH Situations
DLP solution - InDefend in WFH Situations
Prime Infoserv
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield X
Prime Infoserv
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
Prime Infoserv
 
Corporate Presentation - Netmagic
Corporate Presentation - NetmagicCorporate Presentation - Netmagic
Corporate Presentation - Netmagic
Prime Infoserv
 
Teamwork with Microsoft Teams
Teamwork with Microsoft TeamsTeamwork with Microsoft Teams
Teamwork with Microsoft Teams
Prime Infoserv
 
Microsoft Teams-flyer
Microsoft Teams-flyerMicrosoft Teams-flyer
Microsoft Teams-flyer
Prime Infoserv
 
Windows Virtual Desktop Customer benefits
Windows Virtual Desktop Customer benefitsWindows Virtual Desktop Customer benefits
Windows Virtual Desktop Customer benefits
Prime Infoserv
 
Email Security – Everyone is a Target
Email Security – Everyone is a TargetEmail Security – Everyone is a Target
Email Security – Everyone is a Target
Prime Infoserv
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
Prime Infoserv
 
BCM Webinar presentation
BCM Webinar presentationBCM Webinar presentation
BCM Webinar presentation
Prime Infoserv
 
FireEye Portfolio
FireEye PortfolioFireEye Portfolio
FireEye Portfolio
Prime Infoserv
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
Prime Infoserv
 
Phishing Simulation By Shield Alliance
Phishing Simulation By Shield AlliancePhishing Simulation By Shield Alliance
Phishing Simulation By Shield Alliance
Prime Infoserv
 
FireEye Solutions
FireEye SolutionsFireEye Solutions
FireEye Solutions
Prime Infoserv
 

More from Prime Infoserv (20)

Face Recognition under COVID19 crisis
Face Recognition under COVID19 crisisFace Recognition under COVID19 crisis
Face Recognition under COVID19 crisis
 
Face Chk - Face Recognition
Face Chk - Face RecognitionFace Chk - Face Recognition
Face Chk - Face Recognition
 
Data Protection and E-contracting
Data Protection and E-contractingData Protection and E-contracting
Data Protection and E-contracting
 
Remote Workforces Secure by Barracuda
Remote Workforces Secure by BarracudaRemote Workforces Secure by Barracuda
Remote Workforces Secure by Barracuda
 
Trend micro research covid19 threat brief summary 27 mar
Trend micro research covid19 threat brief summary 27 marTrend micro research covid19 threat brief summary 27 mar
Trend micro research covid19 threat brief summary 27 mar
 
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend Micro
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend MicroRoadmap of Cyber-security from On-Prem to Cloud Journey - Trend Micro
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend Micro
 
DLP solution - InDefend in WFH Situations
DLP solution - InDefend in WFH SituationsDLP solution - InDefend in WFH Situations
DLP solution - InDefend in WFH Situations
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield X
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
 
Corporate Presentation - Netmagic
Corporate Presentation - NetmagicCorporate Presentation - Netmagic
Corporate Presentation - Netmagic
 
Teamwork with Microsoft Teams
Teamwork with Microsoft TeamsTeamwork with Microsoft Teams
Teamwork with Microsoft Teams
 
Microsoft Teams-flyer
Microsoft Teams-flyerMicrosoft Teams-flyer
Microsoft Teams-flyer
 
Windows Virtual Desktop Customer benefits
Windows Virtual Desktop Customer benefitsWindows Virtual Desktop Customer benefits
Windows Virtual Desktop Customer benefits
 
Email Security – Everyone is a Target
Email Security – Everyone is a TargetEmail Security – Everyone is a Target
Email Security – Everyone is a Target
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
 
BCM Webinar presentation
BCM Webinar presentationBCM Webinar presentation
BCM Webinar presentation
 
FireEye Portfolio
FireEye PortfolioFireEye Portfolio
FireEye Portfolio
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
Phishing Simulation By Shield Alliance
Phishing Simulation By Shield AlliancePhishing Simulation By Shield Alliance
Phishing Simulation By Shield Alliance
 
FireEye Solutions
FireEye SolutionsFireEye Solutions
FireEye Solutions
 

Recently uploaded

TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...
TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...
TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...
TrustArc
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
Ortus Solutions, Corp
 
ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes New Product Features and Release Highlights: June 2024ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes
 
Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!
Tobias Schneck
 
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
manji sharman06
 
Multivendor cloud production with VSF TR-11 - there and back again
Multivendor cloud production with VSF TR-11 - there and back againMultivendor cloud production with VSF TR-11 - there and back again
Multivendor cloud production with VSF TR-11 - there and back again
Kieran Kunhya
 
Elasticity vs. State? Exploring Kafka Streams Cassandra State Store
Elasticity vs. State? Exploring Kafka Streams Cassandra State StoreElasticity vs. State? Exploring Kafka Streams Cassandra State Store
Elasticity vs. State? Exploring Kafka Streams Cassandra State Store
ScyllaDB
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Enterprise Knowledge
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
leebarnesutopia
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
UiPathCommunity
 
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
dipikamodels1
 
intra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_Enintra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_En
NTTDATA INTRAMART
 
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My IdentityCNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
Cynthia Thomas
 
Fuxnet [EN] .pdf
Fuxnet [EN] .pdfFuxnet [EN] .pdf
Fuxnet [EN] .pdf
Overkill Security
 
So You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental DowntimeSo You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental Downtime
ScyllaDB
 
CTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database MigrationCTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database Migration
ScyllaDB
 
Automation Student Developers Session 3: Introduction to UI Automation
Automation Student Developers Session 3: Introduction to UI AutomationAutomation Student Developers Session 3: Introduction to UI Automation
Automation Student Developers Session 3: Introduction to UI Automation
UiPathCommunity
 
Real-Time Persisted Events at Supercell
Real-Time Persisted Events at SupercellReal-Time Persisted Events at Supercell
Real-Time Persisted Events at Supercell
ScyllaDB
 
DynamoDB to ScyllaDB: Technical Comparison and the Path to Success
DynamoDB to ScyllaDB: Technical Comparison and the Path to SuccessDynamoDB to ScyllaDB: Technical Comparison and the Path to Success
DynamoDB to ScyllaDB: Technical Comparison and the Path to Success
ScyllaDB
 

Recently uploaded (20)

TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...
TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...
TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
 
ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes New Product Features and Release Highlights: June 2024ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes New Product Features and Release Highlights: June 2024
 
Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!
 
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
 
Multivendor cloud production with VSF TR-11 - there and back again
Multivendor cloud production with VSF TR-11 - there and back againMultivendor cloud production with VSF TR-11 - there and back again
Multivendor cloud production with VSF TR-11 - there and back again
 
Elasticity vs. State? Exploring Kafka Streams Cassandra State Store
Elasticity vs. State? Exploring Kafka Streams Cassandra State StoreElasticity vs. State? Exploring Kafka Streams Cassandra State Store
Elasticity vs. State? Exploring Kafka Streams Cassandra State Store
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
 
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
 
intra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_Enintra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_En
 
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My IdentityCNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My Identity
 
Fuxnet [EN] .pdf
Fuxnet [EN] .pdfFuxnet [EN] .pdf
Fuxnet [EN] .pdf
 
So You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental DowntimeSo You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental Downtime
 
CTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database MigrationCTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database Migration
 
Automation Student Developers Session 3: Introduction to UI Automation
Automation Student Developers Session 3: Introduction to UI AutomationAutomation Student Developers Session 3: Introduction to UI Automation
Automation Student Developers Session 3: Introduction to UI Automation
 
Real-Time Persisted Events at Supercell
Real-Time Persisted Events at SupercellReal-Time Persisted Events at Supercell
Real-Time Persisted Events at Supercell
 
DynamoDB to ScyllaDB: Technical Comparison and the Path to Success
DynamoDB to ScyllaDB: Technical Comparison and the Path to SuccessDynamoDB to ScyllaDB: Technical Comparison and the Path to Success
DynamoDB to ScyllaDB: Technical Comparison and the Path to Success
 

IBM Qradar & resilient

  • 1. See What Matters Most Ravi Shankar Mallah DATE : 13/04/2020 Architect – IBM Security Qradar → Resilient
  • 2. Today, we struggle to find Stealthy Adversaries Critical Vulnerabilities Insider Threats Privacy Risks
  • 3. 44% ALERTS ARE NOT INVESTIGATED1 Our Current State. 54% LEGITIMATE ALERTS ARE NOT REMEDIATED 36% SAY “KEEPING UP WITH ALERTS” IS TOP CONCERN We have enough data, but not enough insights.
  • 5. Critical data Insider Threats External threats Cloud risks Vulnerabilities Endpoints Network activity Data activity Users and identities Threat intelligence Configuration information Vulnerabilities and threats Application activity Cloud platforms IBM QRadar Empowers you to address your most important security challenges Complete Visibility Automated Investigations Prioritized Threats Proactive Hunting
  • 6. 6 QRadar Security Intelligence Platform DEPLOYMENT MODELS BECOME PROACTIVE AUTOMATE INTELLIGENCE SEE EVERYTHING DETECT ADVANCED THREATS DETECT INSIDER THREATS SECURE CLOUD RESROUCES PROTECT CRITICAL DATA EFFECTIVELY RESPOND TO INCIDENTS PRIORITIZE AND MANAGE RISKS PROVE COMPLIANCE IBM Security App Exchange SEAMLESS INTEGRATION AND CONTENT TO AUGMENT PLATFORM SOLVE SECURITY CHALLENGES ON PREM AS A SERVICE CLOUD HYBRID HW, SW, VM SaaS, Managed Service AWS, Azure, Google Cloud On-prem, SaaS, IaaS COLLECT DATA ACROSS THE ENTIRE ENVIRONMENT APPLY AUTOMATED ANALYTICS TO DETECT, CONNECT, PRIORITIZE AND INVESTIGATE THREATS HUNT THREATS, RESPOND FASTER AND CONTINUOUSLY IMPROVE
  • 7. Security Intelligence platform that enables security optimization through advanced threat detection, meet compliance and policy demands and eliminating data silos Portfolio Overview QRadar Log Manager • Turnkey log management for SMB and Enterprises • Upgradeable to enterprise SIEM QRadar SIEM • Integrated log, flow, threat, compliance mgmt • Asset profiling and flow analytics • Offense management and workflow X-Force IP Reputation Feeds Network Activity Collection & Prevention (QFlow) and Network Insights (QNI), Network analytics, behavior and anomaly detection • Layer 7 application monitoring • Real-time network packet analysis QRadar Vulnerability Manager, including Risk Management • Integrated Network Scanning & Workflow • Risk Management to prioritize vulnerabilities • Predictive threat modeling & simulation • Scalable configuration monitoring and audit • Advanced threat and impact analysis QRadar Incident Forensics & Packet Capture • Reconstruct raw network packets to original format • Determine root cause of security incidents and help prevent recurrences QRadar Product Portfolio
  • 8. What’s New in UBA • 15x improvement to ML scalability • Custom Machine Learning model builder • Additional Out of the Box Use Cases • Browsed to Website categories Education, Religious, and Government. • Data Exfiltration by Print • Data Exfiltration by Cloud Services • Data Exfiltration by Removable Media • Data Loss Possible IBM Security / © 2019 IBM Corporation
  • 9. 73% OF CLIENTS RECOGNIZED VALUE WITHIN ONE WEEK Designed to make your job easier 51% AVERAGE IMPROVEMENT IN THE ACCURACY OF THREAT DETECION 50% FEWER FALSE POSITIVES THAN OTHER SIEM SOLUTIONS “The security intelligence from X-Force and the out-of- the-box analytics capabilities made QRadar stand out...” 5+ POINT SOLUTIONS REPLACED BY A SINGLE QRADAR INSTANCE — CTO, Large IT Consulting Firm in Europe Independent QRadar Study by Ponemon Institute
  • 10. IBM RESILIENT AND INTELLIGENT ORCHESTRATION Security Orchestration & Automation Response
  • 11. 11 IBM Security Incident Response Challenges Persistent skill shortage – 77 percent of organizations have difficulty hiring and retaining IT security professionals Constantly growing volume and severity of attacks – 65 percent of organizations say severity is increasing Complex and growing regulatory landscape – GDPR and others Complex SOC environment – the average SOC has 75 security tools (per Symantec)
  • 12. 12 IBM Security ORCHESTRATION & AUTOMATION Threat Intelligence Platform CASE MANAGEMENT INTELLIGENT ORCHESTRATION What is IBM Resilient Intelligent Orchestration? Outsmart. Outpace. Outmaneuver Complex Cyber Attacks. • The next generation of Incident Response dramatically accelerates and sharpens response by combining case management orchestration, artificial and human intelligence and automation in a single platform. • The Resilient platform is the only on to deliver on all three pillars of Gartner’s approach to Security Operations, Automation, and Response (SOAR).
  • 14. 14 IBM Security IBM-Validated and Supported Applications Unlocks power of existing tools and technologies and increases security ROI and time to value. Community Applications Enables faster and smarter response through shared IR knowledge, expertise, and resources. Escalation • SIEM • Ticketing • IPS/IDS • UBA • DLP Communication and Coordination • Enterprise communications • Ticketing • Crisis management Containment, Response, Recovery • Endpoint • Ticketing • Next-generation firewall • Cloud Access Security Broker Identification and Enrichment • Endpoint • Sandbox • Threat Intelligence • CMDB Code Examples Community-built scripts and automations Developer Tools and SDKs IBM Resilient-provided resources and documentation for building Resilient apps Playbooks and Workflows Incident response tasks lists and expertise from the Resilient community Integrations Applications that leverage your existing IT and security tools for IR Best Practices Community knowledge sharing, metrics, and reports Resilient Use Case
  • 15. 15 IBM Security APP – Exchange
  • 16. 16 IBM Security Building SOAR Understand the Scope Process definition - SOP Involve team Plan - Pace Identifying Automation Data certainty Technical Integration Timelines Definition Readiness Documentation Re-usable Playbook Feedback – input Automation Matured SOC Data Driven Defined Objective User feedback iterative improvement The Orchestration Journey
  • 17. ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBM Corporation 2018. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. FOLLOW US ON: THANK YOU ibm.com/security/community
  翻译: