SlideShare a Scribd company logo

Health Check Framework for IBM QRadar SIEM: Product Overview

ScienceSoft
ScienceSoft

Health Check Framework for QRadar (HCF for QRadar) is ScienceSoft’s proprietary solution that facilitates SIEM monitoring and enables a deep automated analysis of QRadar deployments (including distributed environments) through 60+ performance metrics and 25 health markers. The tool helps to reveal QRadar’s functional issues and continuously fine-tune a SIEM system to ensure its conformity to a particular IT network and ensure a shellproof security of a corporate IT environment.

Software
1 of 22
www.scnsoft.com © 2017 ScienceSoft ® Health Check Framework for IBM QRadar SIEM PRODUCT OVERVIEW
www.scnsoft.com © 2017 ScienceSoft ® “SIEM products are complex and tend to become more so as vendors extend capabilities. Vendors that are able to provide effective products that users can successfully deploy, configure and manage with limited resources will be the most successful in the market.” Introduction Gartner Magic Quadrant for Security Information and Event Management, 2016 Dr. Anton Chuvakin, Research VP at Gartner “Measuring SIEM health and operations is still an emerging art.”
www.scnsoft.com © 2017 ScienceSoft ® Executive Summary Health Check Framework for QRadar SIEM (HCF) is a monitoring instrument that allows for quick fine-tuning of QRadar SIEM deployments Participates in “Ready for IBM Security Intelligence” program and IBM AppExchange; used by Fortune 500 companies, government agencies, MSP providers Provides 60+ QRadar performance metrics and 25+ health markers for on-the-fly performance assessment and configuration fine-tuning Makes administration of QRadar SIEM deployments quicker and simpler, cuts administration time, increases QRadar ROI and user satisfaction
www.scnsoft.com © 2017 ScienceSoft ® HCF for QRadar SIEM SITUATION: QRadar SIEM deployments suffer from:  inefficient EPS license capacity utilization  low log data quality and performance  security events omission  misfiring rules  heavy rules and reports SOLUTION: HCF for QRadar SIEM  includes 60+ performance metrics, 25 Health Markers  enables fast fine-tuning that increases ROI  ensures that your QRadar SIEM runs efficiently and your SOC team is available for important tasks PROBLEM: vulnerable perimeter, costly SIEM administration, low SIEM ROI
www.scnsoft.com © 2017 ScienceSoft ® Automated QRadar SIEM Monitoring HCF for QRadar analyzes QRadar performance within its environment and detects deviations HCF for QRadar generates a detailed report and notifies your security team about issues to attend to HCF for QRadar suggests further remediation steps to restore faultless operability of your SIEM system
www.scnsoft.com © 2017 ScienceSoft ® HCF Report Each report generated by HCF for QRadar contains a detailed analysis with the following performance indicators: Console summary of the system’s state (e.g. number of active log sources and assets, storage and memory available, top 10 unique offences) Log sources statistics Events and rules EPS and FPM statistics Data quality, etc.
www.scnsoft.com © 2017 ScienceSoft ® HCF Report: Console Summary Console Summary provides a dynamic view of the system performance and enables stakeholders to respond to offenses nearly in real time
www.scnsoft.com © 2017 ScienceSoft ® HCF Report: Log Sources This report section provides a holistic view of active, inactive, disabled, last added, deleted, modified log sources and protocol configuration errors
www.scnsoft.com © 2017 ScienceSoft ® HCF Report: Events and Rules Events and Rules show how fast correlation rules are executed, their response time, the number of responses per correlation rule, as well as reveal average and peak EPS from log within a specified timeframe, etc.
www.scnsoft.com © 2017 ScienceSoft ® HCF Report: EPS and FPM Statistics EPS and FPM Statistics reflect the amount of events and flows processed over a certain period of time, thus alerting security specialists when the enabled licenses don’t match the real incoming amount of log data
www.scnsoft.com © 2017 ScienceSoft ® HCF Report: Data Quality Data Quality reports the quality of data received from various device types / log sources and the amount of log events that are collected but are not properly normalized and parsed by QRadar
www.scnsoft.com © 2017 ScienceSoft ® Health Markers HCF for QRadar summarizes the status of all the important QRadar metrics in the form of 25 Health Markers. In case a marker shows Failed, HCF for QRadar sends an automatic warning with the description and basic recommendations for fixing the issue
www.scnsoft.com © 2017 ScienceSoft ® Challenges Solved with HCF for QRadar Unsupported and uncategorized security events Misconfigured, unsupported or unidentified log sources Inadequate/unsatisfactory log and event data quality Improperly fine-tuned correlation rules SIEM system overload Ineffective EPS capacity utilization ! ! ! ! ! !
www.scnsoft.com © 2017 ScienceSoft ® HCF Value for Security Teams Better control of QRadar deployments Increased log data quality Improved EPS license capacity utilization Less manual routine work Host overload protection Prompt diagnostics of security attacks and threats
www.scnsoft.com © 2017 ScienceSoft ® HCF Value for Security Decision Makers Improved visibility of security events Less time, efforts, budget spent on QRadar maintenance/ tuning Improved effectiveness of security teams and SOCs Efficient planning and management of QRadar investments Higher ROI from QRadar SIEM
www.scnsoft.com © 2017 ScienceSoft ® HCF Value for IBM Business Partners Improved performance of QRadar consultants Increased customer satisfaction and reduced customer attrition New upsell and cross-sell opportunities
www.scnsoft.com © 2017 ScienceSoft ® Integration into QRadar Console To ensure a flexible setup and tuning of your HCF for QRadar, we created Health Check Framework Manager DOWNLOAD The application is validated by IBM and available for download at IBM Security App Exchange
www.scnsoft.com © 2017 ScienceSoft ® The plugin brings you information that you would need to spend hours trying to find in the complicated QRadar log files A super-useful set of reports and metrics for QRadar SIEM What Our Customers & Partners Say Dr. Anton Chuvakin, Research VP at Gartner “ Ricardo Reimao, Cybersecurity specialist at QRadar Insights “ “ “
www.scnsoft.com © 2017 ScienceSoft ® More Information on HCF for QRadar HCF for QRadar at IBM Security App Exchange Detailed description and sample reports of HCF for QRadar HCF for QRadar installation guide HCF for QRadar on QRadar Insights
www.scnsoft.com © 2017 ScienceSoft ® Success Story Customer Solution Tools & Technologies One of the largest banks in North America providing services to 15+ million clients. The company is in the top 100 on the 2016 Forbes Global 2000 list HCF for a Major North American Bank ScienceSoft implemented Health Check Framework for QRadar with the following characteristics: • 40+ hosts • 40,000+ log sources • 2,500,000+ assets • 15,000+ average EPS • 60+ QRadar users
www.scnsoft.com © 2017 ScienceSoft ® Key Facts about ScienceSoft ScienceSoft is an IBM Silver Business Partner that has been working in the Security Intelligence area since 2004 and has over 30 IBM QRadar projects behind its belt 450+ employees Customers in 30+ countries, including Fortune 500 companies 13 years in Information Security, 28 years in the IT market
www.scnsoft.com © 2017 ScienceSoft ® Contact Us SCIENCESOFT Finland Myyrmäenraitti 2 01600 Vantaa, Finland Phone: +358 92 3163070 Email: contact@scnsoft.fi Web: www.scnsoft.com SCIENCESOFT USA 5900 S. Lake Forest Dr., Suite 300 McKinney, TX 75070, USA Phone: +1 214 306 68 37 Email: contact@scnsoft.com Web: www.scnsoft.com

Recommended

E-learning Software
E-learning SoftwareE-learning Software
E-learning SoftwareScienceSoft
 
Business Intelligence for Retail - ScienceSoft
Business Intelligence for Retail - ScienceSoftBusiness Intelligence for Retail - ScienceSoft
Business Intelligence for Retail - ScienceSoftScienceSoft
 
Technologies for Higher Sales: Our Line-up of IT Solutions
Technologies for Higher Sales: Our Line-up of IT SolutionsTechnologies for Higher Sales: Our Line-up of IT Solutions
Technologies for Higher Sales: Our Line-up of IT SolutionsScienceSoft
 
Services and Solutions for Banks
Services and Solutions for BanksServices and Solutions for Banks
Services and Solutions for BanksSergei Rabotai
 
IT Solutions for Retail
IT Solutions for RetailIT Solutions for Retail
IT Solutions for RetailScienceSoft
 
8 Tips for an Awesome Powerpoint Presentation
8 Tips for an Awesome Powerpoint Presentation8 Tips for an Awesome Powerpoint Presentation
8 Tips for an Awesome Powerpoint PresentationSlides | Presentation Design Agency
 
Enterprise Application Development
Enterprise Application DevelopmentEnterprise Application Development
Enterprise Application DevelopmentScienceSoft
 
Telecom Self-care Portals
Telecom Self-care PortalsTelecom Self-care Portals
Telecom Self-care PortalsScienceSoft
 

Recommended

E-learning Software
E-learning SoftwareE-learning Software
E-learning SoftwareScienceSoft
 
Business Intelligence for Retail - ScienceSoft
Business Intelligence for Retail - ScienceSoftBusiness Intelligence for Retail - ScienceSoft
Business Intelligence for Retail - ScienceSoftScienceSoft
 
Technologies for Higher Sales: Our Line-up of IT Solutions
Technologies for Higher Sales: Our Line-up of IT SolutionsTechnologies for Higher Sales: Our Line-up of IT Solutions
Technologies for Higher Sales: Our Line-up of IT SolutionsScienceSoft
 
Services and Solutions for Banks
Services and Solutions for BanksServices and Solutions for Banks
Services and Solutions for BanksSergei Rabotai
 
IT Solutions for Retail
IT Solutions for RetailIT Solutions for Retail
IT Solutions for RetailScienceSoft
 
8 Tips for an Awesome Powerpoint Presentation
8 Tips for an Awesome Powerpoint Presentation8 Tips for an Awesome Powerpoint Presentation
8 Tips for an Awesome Powerpoint PresentationSlides | Presentation Design Agency
 
Enterprise Application Development
Enterprise Application DevelopmentEnterprise Application Development
Enterprise Application DevelopmentScienceSoft
 
Telecom Self-care Portals
Telecom Self-care PortalsTelecom Self-care Portals
Telecom Self-care PortalsScienceSoft
 
IT Solutions for Banking and Financial Services
IT Solutions for Banking and Financial ServicesIT Solutions for Banking and Financial Services
IT Solutions for Banking and Financial ServicesScienceSoft
 
Knowledge Management Solutions for Businesses
Knowledge Management Solutions for BusinessesKnowledge Management Solutions for Businesses
Knowledge Management Solutions for BusinessesScienceSoft
 
SharePoint Solutions to Build Environment for Effective Collaboration
SharePoint Solutions to Build Environment for Effective CollaborationSharePoint Solutions to Build Environment for Effective Collaboration
SharePoint Solutions to Build Environment for Effective CollaborationScienceSoft
 
Loyalty Program Management System for Retail
Loyalty Program Management System for RetailLoyalty Program Management System for Retail
Loyalty Program Management System for RetailScienceSoft
 
Software Testing Services
Software Testing ServicesSoftware Testing Services
Software Testing ServicesScienceSoft
 
Assortment optimization based on consumer clustering and behavior modelling
Assortment optimization based on consumer clustering and behavior modellingAssortment optimization based on consumer clustering and behavior modelling
Assortment optimization based on consumer clustering and behavior modellingScienceSoft
 
Automated Testing Services
Automated Testing ServicesAutomated Testing Services
Automated Testing ServicesScienceSoft
 
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAGAI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAGAlluxio, Inc.
 
Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...
Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...
Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...Abortion Clinic
 
10 Essential Software Testing Tools You Need to Know About.pdf
10 Essential Software Testing Tools You Need to Know About.pdf10 Essential Software Testing Tools You Need to Know About.pdf
10 Essential Software Testing Tools You Need to Know About.pdfkalichargn70th171
 
5 Reasons Driving Warehouse Management Systems Demand
5 Reasons Driving Warehouse Management Systems Demand5 Reasons Driving Warehouse Management Systems Demand
5 Reasons Driving Warehouse Management Systems DemandCanary7-Warehouse Management System
 
iGaming Platform & Lottery Solutions by Skilrock
iGaming Platform & Lottery Solutions by SkilrockiGaming Platform & Lottery Solutions by Skilrock
iGaming Platform & Lottery Solutions by SkilrockSkilrock Technologies
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
 
A Guideline to Zendesk to Re:amaze Data Migration
A Guideline to Zendesk to Re:amaze Data MigrationA Guideline to Zendesk to Re:amaze Data Migration
A Guideline to Zendesk to Re:amaze Data MigrationHelp Desk Migration
 
Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024Soroosh Khodami
 
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1KnowledgeSeed
 
JustNaik Solution Deck (stage bus sector)
JustNaik Solution Deck (stage bus sector)JustNaik Solution Deck (stage bus sector)
JustNaik Solution Deck (stage bus sector)Max Lee
 
CompTIA Security+ (Study Notes) for cs.pdf
CompTIA Security+ (Study Notes) for cs.pdfCompTIA Security+ (Study Notes) for cs.pdf
CompTIA Security+ (Study Notes) for cs.pdfFurqanuddin10
 
Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesKrzysztofKkol1
 
De mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FMEDe mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FMEJelle | Nordend
 
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdfA Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdfkalichargn70th171
 
StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi
StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with StrimziStrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi
StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzisteffenkarlsson2
 

More Related Content

More from ScienceSoft

IT Solutions for Banking and Financial Services
IT Solutions for Banking and Financial ServicesIT Solutions for Banking and Financial Services
IT Solutions for Banking and Financial ServicesScienceSoft
 
Knowledge Management Solutions for Businesses
Knowledge Management Solutions for BusinessesKnowledge Management Solutions for Businesses
Knowledge Management Solutions for BusinessesScienceSoft
 
SharePoint Solutions to Build Environment for Effective Collaboration
SharePoint Solutions to Build Environment for Effective CollaborationSharePoint Solutions to Build Environment for Effective Collaboration
SharePoint Solutions to Build Environment for Effective CollaborationScienceSoft
 
Loyalty Program Management System for Retail
Loyalty Program Management System for RetailLoyalty Program Management System for Retail
Loyalty Program Management System for RetailScienceSoft
 
Software Testing Services
Software Testing ServicesSoftware Testing Services
Software Testing ServicesScienceSoft
 
Assortment optimization based on consumer clustering and behavior modelling
Assortment optimization based on consumer clustering and behavior modellingAssortment optimization based on consumer clustering and behavior modelling
Assortment optimization based on consumer clustering and behavior modellingScienceSoft
 
Automated Testing Services
Automated Testing ServicesAutomated Testing Services
Automated Testing ServicesScienceSoft
 

More from ScienceSoft (7)

IT Solutions for Banking and Financial Services
IT Solutions for Banking and Financial ServicesIT Solutions for Banking and Financial Services
IT Solutions for Banking and Financial Services
 
Knowledge Management Solutions for Businesses
Knowledge Management Solutions for BusinessesKnowledge Management Solutions for Businesses
Knowledge Management Solutions for Businesses
 
SharePoint Solutions to Build Environment for Effective Collaboration
SharePoint Solutions to Build Environment for Effective CollaborationSharePoint Solutions to Build Environment for Effective Collaboration
SharePoint Solutions to Build Environment for Effective Collaboration
 
Loyalty Program Management System for Retail
Loyalty Program Management System for RetailLoyalty Program Management System for Retail
Loyalty Program Management System for Retail
 
Software Testing Services
Software Testing ServicesSoftware Testing Services
Software Testing Services
 
Assortment optimization based on consumer clustering and behavior modelling
Assortment optimization based on consumer clustering and behavior modellingAssortment optimization based on consumer clustering and behavior modelling
Assortment optimization based on consumer clustering and behavior modelling
 
Automated Testing Services
Automated Testing ServicesAutomated Testing Services
Automated Testing Services
 

Recently uploaded

AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAGAI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAGAlluxio, Inc.
 
Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...
Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...
Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...Abortion Clinic
 
10 Essential Software Testing Tools You Need to Know About.pdf
10 Essential Software Testing Tools You Need to Know About.pdf10 Essential Software Testing Tools You Need to Know About.pdf
10 Essential Software Testing Tools You Need to Know About.pdfkalichargn70th171
 
iGaming Platform & Lottery Solutions by Skilrock
iGaming Platform & Lottery Solutions by SkilrockiGaming Platform & Lottery Solutions by Skilrock
iGaming Platform & Lottery Solutions by SkilrockSkilrock Technologies
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
 
A Guideline to Zendesk to Re:amaze Data Migration
A Guideline to Zendesk to Re:amaze Data MigrationA Guideline to Zendesk to Re:amaze Data Migration
A Guideline to Zendesk to Re:amaze Data MigrationHelp Desk Migration
 
Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024Soroosh Khodami
 
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1KnowledgeSeed
 
JustNaik Solution Deck (stage bus sector)
JustNaik Solution Deck (stage bus sector)JustNaik Solution Deck (stage bus sector)
JustNaik Solution Deck (stage bus sector)Max Lee
 
CompTIA Security+ (Study Notes) for cs.pdf
CompTIA Security+ (Study Notes) for cs.pdfCompTIA Security+ (Study Notes) for cs.pdf
CompTIA Security+ (Study Notes) for cs.pdfFurqanuddin10
 
Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesKrzysztofKkol1
 
De mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FMEDe mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FMEJelle | Nordend
 
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdfA Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdfkalichargn70th171
 
StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi
StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with StrimziStrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi
StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzisteffenkarlsson2
 
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdf
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdfImplementing KPIs and Right Metrics for Agile Delivery Teams.pdf
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdfVictor Lopez
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
 
Breaking the Code : A Guide to WhatsApp Business API.pdf
Breaking the Code : A Guide to WhatsApp Business API.pdfBreaking the Code : A Guide to WhatsApp Business API.pdf
Breaking the Code : A Guide to WhatsApp Business API.pdfMeon Technology
 
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
 

Recently uploaded (20)

AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAGAI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
 
Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...
Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...
Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...
 
10 Essential Software Testing Tools You Need to Know About.pdf
10 Essential Software Testing Tools You Need to Know About.pdf10 Essential Software Testing Tools You Need to Know About.pdf
10 Essential Software Testing Tools You Need to Know About.pdf
 
5 Reasons Driving Warehouse Management Systems Demand
5 Reasons Driving Warehouse Management Systems Demand5 Reasons Driving Warehouse Management Systems Demand
5 Reasons Driving Warehouse Management Systems Demand
 
iGaming Platform & Lottery Solutions by Skilrock
iGaming Platform & Lottery Solutions by SkilrockiGaming Platform & Lottery Solutions by Skilrock
iGaming Platform & Lottery Solutions by Skilrock
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
 
A Guideline to Zendesk to Re:amaze Data Migration
A Guideline to Zendesk to Re:amaze Data MigrationA Guideline to Zendesk to Re:amaze Data Migration
A Guideline to Zendesk to Re:amaze Data Migration
 
Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024
 
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1
 
JustNaik Solution Deck (stage bus sector)
JustNaik Solution Deck (stage bus sector)JustNaik Solution Deck (stage bus sector)
JustNaik Solution Deck (stage bus sector)
 
CompTIA Security+ (Study Notes) for cs.pdf
CompTIA Security+ (Study Notes) for cs.pdfCompTIA Security+ (Study Notes) for cs.pdf
CompTIA Security+ (Study Notes) for cs.pdf
 
Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web Services
 
De mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FMEDe mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FME
 
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdfA Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
A Comprehensive Appium Guide for Hybrid App Automation Testing.pdf
 
StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi
StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with StrimziStrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi
StrimziCon 2024 - Transition to Apache Kafka on Kubernetes with Strimzi
 
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdf
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdfImplementing KPIs and Right Metrics for Agile Delivery Teams.pdf
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdf
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
 
Breaking the Code : A Guide to WhatsApp Business API.pdf
Breaking the Code : A Guide to WhatsApp Business API.pdfBreaking the Code : A Guide to WhatsApp Business API.pdf
Breaking the Code : A Guide to WhatsApp Business API.pdf
 
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
 

Health Check Framework for IBM QRadar SIEM: Product Overview

  • 1. www.scnsoft.com © 2017 ScienceSoft ® Health Check Framework for IBM QRadar SIEM PRODUCT OVERVIEW
  • 2. www.scnsoft.com © 2017 ScienceSoft ® “SIEM products are complex and tend to become more so as vendors extend capabilities. Vendors that are able to provide effective products that users can successfully deploy, configure and manage with limited resources will be the most successful in the market.” Introduction Gartner Magic Quadrant for Security Information and Event Management, 2016 Dr. Anton Chuvakin, Research VP at Gartner “Measuring SIEM health and operations is still an emerging art.”
  • 3. www.scnsoft.com © 2017 ScienceSoft ® Executive Summary Health Check Framework for QRadar SIEM (HCF) is a monitoring instrument that allows for quick fine-tuning of QRadar SIEM deployments Participates in “Ready for IBM Security Intelligence” program and IBM AppExchange; used by Fortune 500 companies, government agencies, MSP providers Provides 60+ QRadar performance metrics and 25+ health markers for on-the-fly performance assessment and configuration fine-tuning Makes administration of QRadar SIEM deployments quicker and simpler, cuts administration time, increases QRadar ROI and user satisfaction
  • 4. www.scnsoft.com © 2017 ScienceSoft ® HCF for QRadar SIEM SITUATION: QRadar SIEM deployments suffer from:  inefficient EPS license capacity utilization  low log data quality and performance  security events omission  misfiring rules  heavy rules and reports SOLUTION: HCF for QRadar SIEM  includes 60+ performance metrics, 25 Health Markers  enables fast fine-tuning that increases ROI  ensures that your QRadar SIEM runs efficiently and your SOC team is available for important tasks PROBLEM: vulnerable perimeter, costly SIEM administration, low SIEM ROI
  • 5. www.scnsoft.com © 2017 ScienceSoft ® Automated QRadar SIEM Monitoring HCF for QRadar analyzes QRadar performance within its environment and detects deviations HCF for QRadar generates a detailed report and notifies your security team about issues to attend to HCF for QRadar suggests further remediation steps to restore faultless operability of your SIEM system
  • 6. www.scnsoft.com © 2017 ScienceSoft ® HCF Report Each report generated by HCF for QRadar contains a detailed analysis with the following performance indicators: Console summary of the system’s state (e.g. number of active log sources and assets, storage and memory available, top 10 unique offences) Log sources statistics Events and rules EPS and FPM statistics Data quality, etc.
  • 7. www.scnsoft.com © 2017 ScienceSoft ® HCF Report: Console Summary Console Summary provides a dynamic view of the system performance and enables stakeholders to respond to offenses nearly in real time
  • 8. www.scnsoft.com © 2017 ScienceSoft ® HCF Report: Log Sources This report section provides a holistic view of active, inactive, disabled, last added, deleted, modified log sources and protocol configuration errors
  • 9. www.scnsoft.com © 2017 ScienceSoft ® HCF Report: Events and Rules Events and Rules show how fast correlation rules are executed, their response time, the number of responses per correlation rule, as well as reveal average and peak EPS from log within a specified timeframe, etc.
  • 10. www.scnsoft.com © 2017 ScienceSoft ® HCF Report: EPS and FPM Statistics EPS and FPM Statistics reflect the amount of events and flows processed over a certain period of time, thus alerting security specialists when the enabled licenses don’t match the real incoming amount of log data
  • 11. www.scnsoft.com © 2017 ScienceSoft ® HCF Report: Data Quality Data Quality reports the quality of data received from various device types / log sources and the amount of log events that are collected but are not properly normalized and parsed by QRadar
  • 12. www.scnsoft.com © 2017 ScienceSoft ® Health Markers HCF for QRadar summarizes the status of all the important QRadar metrics in the form of 25 Health Markers. In case a marker shows Failed, HCF for QRadar sends an automatic warning with the description and basic recommendations for fixing the issue
  • 13. www.scnsoft.com © 2017 ScienceSoft ® Challenges Solved with HCF for QRadar Unsupported and uncategorized security events Misconfigured, unsupported or unidentified log sources Inadequate/unsatisfactory log and event data quality Improperly fine-tuned correlation rules SIEM system overload Ineffective EPS capacity utilization ! ! ! ! ! !
  • 14. www.scnsoft.com © 2017 ScienceSoft ® HCF Value for Security Teams Better control of QRadar deployments Increased log data quality Improved EPS license capacity utilization Less manual routine work Host overload protection Prompt diagnostics of security attacks and threats
  • 15. www.scnsoft.com © 2017 ScienceSoft ® HCF Value for Security Decision Makers Improved visibility of security events Less time, efforts, budget spent on QRadar maintenance/ tuning Improved effectiveness of security teams and SOCs Efficient planning and management of QRadar investments Higher ROI from QRadar SIEM
  • 16. www.scnsoft.com © 2017 ScienceSoft ® HCF Value for IBM Business Partners Improved performance of QRadar consultants Increased customer satisfaction and reduced customer attrition New upsell and cross-sell opportunities
  • 17. www.scnsoft.com © 2017 ScienceSoft ® Integration into QRadar Console To ensure a flexible setup and tuning of your HCF for QRadar, we created Health Check Framework Manager DOWNLOAD The application is validated by IBM and available for download at IBM Security App Exchange
  • 18. www.scnsoft.com © 2017 ScienceSoft ® The plugin brings you information that you would need to spend hours trying to find in the complicated QRadar log files A super-useful set of reports and metrics for QRadar SIEM What Our Customers & Partners Say Dr. Anton Chuvakin, Research VP at Gartner “ Ricardo Reimao, Cybersecurity specialist at QRadar Insights “ “ “
  • 19. www.scnsoft.com © 2017 ScienceSoft ® More Information on HCF for QRadar HCF for QRadar at IBM Security App Exchange Detailed description and sample reports of HCF for QRadar HCF for QRadar installation guide HCF for QRadar on QRadar Insights
  • 20. www.scnsoft.com © 2017 ScienceSoft ® Success Story Customer Solution Tools & Technologies One of the largest banks in North America providing services to 15+ million clients. The company is in the top 100 on the 2016 Forbes Global 2000 list HCF for a Major North American Bank ScienceSoft implemented Health Check Framework for QRadar with the following characteristics: • 40+ hosts • 40,000+ log sources • 2,500,000+ assets • 15,000+ average EPS • 60+ QRadar users
  • 21. www.scnsoft.com © 2017 ScienceSoft ® Key Facts about ScienceSoft ScienceSoft is an IBM Silver Business Partner that has been working in the Security Intelligence area since 2004 and has over 30 IBM QRadar projects behind its belt 450+ employees Customers in 30+ countries, including Fortune 500 companies 13 years in Information Security, 28 years in the IT market
  • 22. www.scnsoft.com © 2017 ScienceSoft ® Contact Us SCIENCESOFT Finland Myyrmäenraitti 2 01600 Vantaa, Finland Phone: +358 92 3163070 Email: contact@scnsoft.fi Web: www.scnsoft.com SCIENCESOFT USA 5900 S. Lake Forest Dr., Suite 300 McKinney, TX 75070, USA Phone: +1 214 306 68 37 Email: contact@scnsoft.com Web: www.scnsoft.com