Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security Incident and Event Management (SIEM) - Managed and Hosted Solutions for IBM QRadar


Published on

SIEM technology has been around for years and continues to enjoy broad market adoption. Companies continue to rely on SIEM capabilities to handle proactive security monitoring, detection and response, and regulatory compliance. However, with today’s staggering volume of cyber-security threats and the number of security devices, network infrastructures and system logs, IT security staff can become quickly overwhelmed.
Gartner projects that by 2020:
-- 50% of new SIEM implementations will be delivered via SIEM as a service.
-- 60% of all advanced security analytics will be delivered from the cloud as part of SIEM-as-a-service offerings.

Published in: Technology
  • D0WNL0AD FULL ▶ ▶ ▶ ▶ ◀ ◀ ◀ ◀
    Are you sure you want to  Yes  No
    Your message goes here
  • You can now be your own boss and get yourself a very generous daily income. START FREE...▲▲▲
    Are you sure you want to  Yes  No
    Your message goes here
  • Secrets to making $$$ with paid surveys... ■■■
    Are you sure you want to  Yes  No
    Your message goes here

Security Incident and Event Management (SIEM) - Managed and Hosted Solutions for IBM QRadar

  2. 2. Forsythe is a leading enterprise IT company, providing advisory services, security, hosting and technology solutions for Fortune 1000 organizations. Forsythe helps clients optimize, modernize and innovate their IT to become agile, secure, digital businesses. Sponsored by
  4. 4. WE’VE ALL SEEN WHO’S BEEN IN THE HEADLINES… Online Properties Automotive Retail Fast Food Healthcare Manufacturing Media & Entertainment Travel Telecommunications
  5. 5. AND WE’VE ALL HEARD FROM THE EXPERTS “You can’t protect everything equally… we have to find a way to control only what matters.” Earl Perkins, VP, Gartner “Today's security climate is such that enterprises fear becoming victims of the next major cyber attack or cyber extortion." Sean Pike, VP, IDC “…many global enterprises face targeted attacks on a daily basis.” Chris Sherman, Sr. Analyst, Forrester
  6. 6. Shortage is projected to reach 1.8 million professionals by 2022 MIND THE GAP THE SECURITY TALENT GAP IS GROWING Source: 2017 Global Information Security Workforce Study (GISWS)
  8. 8. Firewall Anti-malware Servers Perimeter Proxies Intrusion detection and protection Antivirus Infrastructure devices
  9. 9. ULTIMATE GOAL IS TO MAKE THE COMPANY MORE SECURE What to do? Limited resources Limited time Limited money
  10. 10. Ask yourself: a) Finding and retaining skilled security personnel b) Filling a security capability gap c) Getting value from the tools we have d) Keeping up with day to day operations WHAT IS YOUR BIGGEST SECURITY CHALLENGE?
  12. 12. Defined, a SIEM stands for Security Information and Event Management and is software that identifies real-time possible security threats by analyzing alerts generated from network and security technologies WHAT IS A SIEM?
  13. 13. WHAT DOES A SIEM DO? 1. Various technologies are deployed in an IT environment. 2. They throw off alerts recorded in log files.. 3. That are fed into the SIEM software. 4. SIEM is configured with rules and use cases to identify possible threats. 5. SOC team proactively monitors the SIEM and investigates alerts triggered by the SIEM. 6. When threats are identified, remediation actions are taken on the technologies, and.. 7. Where investigated alerts are not deemed to be threats (“false positives”), rules and use cases are updated to suppress future alerting. SIEM 1 2 3 45 6 7
  14. 14. Reduce the number of people needed to stay on top of alerts Focus staff on threats requiring investigation and remediation Customize unique rules to eliminate ‘false positive’ alerts HOW DOES A SIEM HELP SECURITY POSTURE?
  16. 16. IBM QRadar Chris Collard September, 2017 Offering Manager - QRadar
  17. 17. 17 IBM Security Advanced Threat Detection Insider Threat Securing the Cloud Risk and Vuln Management A cognitive security operations platform for the threats of tomorrow Critical Data Protection Compliance Incident Response Fast to deploy, easy to manage, and focused on your success
  18. 18. 18 IBM Security Watson for Cyber Security and i2 Enterprise Insight Analysis Core cognitive capability that continuously understands, reasons, and learns the many risk variables across the entire security ecosystem Cyber analysis to hunt for attackers and predict threats IBM QRadar: Continued investment based on client needs Incident Response and Network Insights Integration with Resilient enables building and executing automated incident response plans Network Insights bridges flows and full packet capture, enhancing real-time detection Security Intelligence on Cloud and Apps Deploy as SaaS offering or combine with hybrid cloud and on-prem environments Easily extend QRadar with apps, available on curated IBM App Exchange Network Forensics Incident forensics including full packet capture, storage, indexing, searching and session reconstruction Vulnerability and Risk Management Real-time vulnerability scanning and prioritizations, combined with configuration analysis, policy monitoring, and risk assessment Log Management Identity management, complete log management, and compliance reporting SIEM Combined flows, behavioral analytics, SIM and vulnerabilities into one of the first SIEMs ClientNeeds Flow Visualization and NBAD Anomaly detection and threat resolution plus network visualization Platformevolutionbasedonclientneeds 2002 – 2005 2006 – 2007 2008 – 2009 2010 – 2013 2014 2015 2016 2017
  19. 19. 19 IBM Security Cognitive Security Starts Here IBM Security Introduces a Revolutionary Shift in Security Operations IBM CONFIDENTIAL • Employs powerful cognitive capabilities to investigate and qualify security incidents and anomalies on behalf of security analysts • Powered by Watson for Cyber Security to tap into vast amounts of security knowledge and deliver insights relevant to specific security incidents • Transforms SOC operations by addressing current challenges that include skills shortages, alert overloads, incident response delays, currency of security information and process risks • Designed to be easily consumable: delivered via IBM Security App Exchange and deployed in minutes NEW! IBM QRadar Advisor with Watson
  20. 20. 20 IBM Security Revolutionize how security analysts work Automatically uncover new security context and full scope of an incident • 2.3M+ security documents • 10B+ security data elements • 80K+ documents read per day • 250K+ investigations enhanced in just six months IBM QRadar Advisor with Watson
  21. 21. 21 IBM Security Case Study: An international energy company reduces billions of events per day to find those that should be investigated An international energy firm analyzes 2 billion events per day to find 20-25 potential offenses to investigate Business challenge  Reducing huge number of events to find the ones that need to be investigated  Automating the process of analyzing security data IBM Security Solutions (QRadar SIEM, QFlow, Risk Manager) Combined analysis of historical data with real-time alerts to gain a ‘big picture’ view and uncover patterns of unusual activity humans miss and immediately block suspected traffic Optimize threat analysis
  22. 22. Ask yourself: a) Haven’t considered b) Currently evaluating c) Deployed and running smoothly d) Deployed but unmanaged WHERE ARE YOU ON YOUR SIEM “JOURNEY”?
  24. 24. CONSUMPTION MODELS Deployed SIEM Buy a SIEM and run it Co-Managed SIEM Buy a SIEM and have an MSSP help support it As-a-Service SIEM Full Opex model for SIEM and operations, pay as you go
  25. 25. IBM QRADAR The backbone of Forsythe’s SIEMaaS Inclusive of hardware, SIEM software, hosting, and support Located in Forsythe’s Uptime Institute certified Tier III hosting facility in Chicago Priced on a per Events Per Second (“EPS”) basis FORSYTHE SIEMAAS
  26. 26. KEY SERVICE COMPONENTS Event Management Ongoing TuningTechnology Lifecycle Management Incident Management
  27. 27. WHAT TO LOOK FOR IN A MSSP PARTNERSHIP Setting Expectations A good partner will help you ask the right questions upfront to set appropriate expectations and avoid surprises. Onboarding for Success A successful activation requires upfront tuning of the environment. Make sure the partner offers this. Engineering Expertise Be clear on the level of technical expertise and if the technical team is tasked with identifying and rectifying issues proactively. Ongoing Tuning Work with a partner whose shared goal is your improved security posture and will therefore perform the required tuning. Flexibility Understand that some providers are more flexible than others. Culture and Communication For partnership to work, everyone must be dedicated to problem-solving, effective communication and a sense of teamwork.
  28. 28. Understand your security mandate1 2 3 4 5 6 7 Determine build-vs-buy consumption model Do not get caught in product comparison paralysis Evaluate staffing limitations and priorities Engage an MSSP where appropriate to add value Identify and incorporate SLAs into contracts Check references GETTING STARTED
  29. 29. AUTHORS PATRICK ZELTEN Vice President Managed Services Forsythe CHRIS COLLARD Offering Manager QRadar SaaS, Cloud & MSS IBM
  30. 30. READ RELATED ARTICLES: 5 Steps to Choosing a Managed Hosting and Managed Services Partner Hosting-and-Managed-Services-Partner 7 Steps to a Successful Partnership with a Managed Security Services Provider with-a-Managed-Security-Services-Provider 6 Questions to Help You Find the Right Managed Security Services Provider the-Right-Managed-Security-Services-Provider