SlideShare a Scribd company logo

IBM Qradar-Advisor

Luigi Perrone
Luigi Perrone

QRadar Advisor & Watson for Cybersecurity

Software
1 of 16
Download to read offline
IBM Security Cognitive IBM SECURITY INTELLIGENCE & ANALYTICS Luigi Perrone IBM SWG – Security Systems Security & Audit for zSystem & enterprise Security Intelligence solution luigi_perrone@it.ibm.com Marzo, 2017 by
2 IBM Security Perimeter Controls Pre 2005 Security Intelligence 2005++ Cognitive, Cloud, and Collaboration 2015+ Impiego di difese statiche che controllano o limitano il flusso dei dati, come firewalls, software antivirus, web gateways, ecc. Impiego di strumenti analitici per collezionare ed interpretare grandi quantità di flussi di dati in real-time, creando una priorità degli eventi evidenziandone il livello di rischio Interpretazione e comprensione ed elaborazione di dati di sicurezza eseguiti come una persona umana ma ad una velocità non raggiungibile da un umano Con l’evoluzione infrastrutturale cresce la complessità ed il volume di informazioni da analizzare Il percorso evolutivo della security negli ultimi anni IBM fornisce la tecnologia QRadar concepita come una soluzione che si adatta continuamente con l’evolversi delle problematiche di sicurezza
3 IBM Security Perché la sicurezza necessita del cognitive ? • Pensiamo all’attività ordinaria del team di controllo della sicurezza: analisi, verifiche, dati, report, relazioni, falsi positivi, origine dell’attacco, anomalie, ecc. • Pensiamo alla continua evoluzione delle metodologie e delle tipologie di attacco • Pensiamo al continuo incremento del numero di eventi critici o sospetti da analizzare
4 IBM Security Cos’è Watson for Cyber Security ? ‘‘…grazie alla sua capacità di calcolo e di apprendimento, l’intelligenza artificiale di Watson sarà in grado di distinguere più velocemente di qualsiasi esperto umano la minaccia informatica da anomalie benigne nel comportamento di reti, operatori e software… ’’ 1. Osservazione 2. Interpretazione 3. Valutazione 4. Decisione Servizio Cloud di tipo SaaS
5 IBM Security QRadar AdvisorQRadar SIEM Come può essere utilizzato W4CS ? W4CS
6 IBM Security QRadar Advisor • Manage alerts • Research security events and anomalies • Evaluate user activity and vulnerabilities • Configuration • Other • Data correlation • Pattern identification • Thresholds • Policies • Anomaly detection • Prioritization Security Analytics Security Analysts Watson for Cyber Security • Security knowledge • Threat identification • Reveal additional indicators • Surface or derive relationships • Evidence • Local data mining • Perform threat research using Watson for Cyber Security • Qualify and relate threat research to security incidents • Present findings QRadar Watson Advisor SECURITY ANALYSTS SECURITY ANALYTICS QRadar Watson Advisor Watson for Cyber Security Con QRadar Advisor sfrutto tutte le potenzialità di Watson for Cyber Security
7 IBM Security Quali requisiti per utilizzare QRadar Advisor ? Any customer running version 7.2.8 or above can try QRadar Watson Advisor for 30 days. Trial is initiated through the AppExchange 1. Direct customer to https://exchange.xforce.ibmcloud.com/hub to initiate trial 2. Customer will be instructed to set up a user ID if they don’t have one already 3. Email will be sent to customer with a link, password and instructions 4. Customer will receive a follow up call within 24 hours
8 IBM Security Dashboard Widgets which present visual/graphical representations of saved search results. Report Templates for scheduled or On demand reports which are built upon saved event or flow searches. Saved Searches Search criteria. Custom Rules Tests that are run against events and/or flow. ‘Fire’ Can trigger action(offense, new event, email notice, data collection, etc.) Custom Property Defines a property to be extracted or derived from an inbound event or flow. Regex or Calculation. Reference Data Container definition for holding reference data that can be used by searches and rules. Custom Action Custom response for a rule when ‘fired’. Application Enhancement/extension to QRadar that can provide new tabs, API methods, dashboard items, context menus, config pages, etc Log Source Extension A parsing logic definition used to synthesize a custom DSM for an event source for which there is no existing DSM. Custom QIDMap Supplement out-of-the-box QIDMap QRadar provides, in order to include QIDMap entries for events not formally supported by QRadar. Historical Correlation Combination of saved search and set of rules that allow a user to test rules by re-running a set of historical events "offline" Custom Function SQL-like function that can be used in an Advanced search to enhance or manipulate data Come effettuare l’installazione di QRadar Advisor ? • Direttamente dal Marketplace di QRadar AppExchange • AppExchange fornisce un sistema di creazione e condivisione di App
9 IBM Security Come accedo a QRadar Advisor ? Dall’apposito Tab posso accedere alla main page di Advisor e visualizzare tutte le investigazioni eseguite da Watson
10 IBM Security Da dove inizio per attivare Watson ? L’aiuto di Watson for Cyber Security può essere sempre innescato tramite l’analisi di una offense
11 IBM Security Quali informazioni per l’investigazione di Watson ? Sulla parte laterale dello schermo vengono visualizzate le informazioni necessarie per l’investigazione di Watson
12 IBM Security Gli «observables» utilizzati da Advisor Gli observables costituiscono un set di dati collezionati dalla offense relativamente agli eventi analizzati in locale da QRadar Advisor arrichiti da dati di ricerche esterni (es. feeds). Solo un subset di questi dati sono inviati a Watson for Cyber Security per l’investigazione di potenziali minacce Observable Type Description Sent to W4CS Source IP External Source IPs that appear in an offense – enforced by respecting the Network Hierarchy defined in QRadar Yes Destination IP External Destination IPs that appear in an offense – enforced by respecting the Network Hierarchy defined in QRadar Yes File Hash Hash value of a file that is deemed suspicious Yes URL External URLs that appear in an offense Yes Domain External Domains that appear in an offense Yes Destination Port Destination Ports belonging to Destination IPs No User Agent The user agent identified by a browser or HTTP application No AV Signature Malware signatures identified by antivirus solutions No Email Address Email addresses associated with suspicious emails No File Name Names of suspicious files No Observable Type Description Sent to W4CS Source Port Source Ports belonging to Source IPs No Destination ASN Autonomous System Number of a destination IP address (from a DNS) No Source ASN Autonomous System Number of a source IP address (from a DNS) No Destination Country Name of the destination country of outbound communications No Source Country Name of source country of inbound communications No Low Level Category Low level QRadar offense category No High Level Category High level QRadar offense category No Direction Direction of communication No User name Aliases that may attempt to access critical internal infrastructure No
13 IBM Security Observables: sicurezza, controllo e privacy Gli observables costituiscono un set di dati collezionati dalla offense relativamente agli eventi analizzati in locale da QRadar Advisor arrichiti da dati di ricerche esterni (es. feeds). Solo un subset di questi dati sono inviati a Watson for Cyber Security per l’investigazione di potenziali minacce CONTROL • QRadar Advisor with Watson references the Network Hierarchy defined in QRadar • QRadar Administrator can control which types of observables are sent in the QRadar Advisor with Watson administration page • QRadar Administrator can select which custom properties are mapped to observable types • Only external URLs, domains, IPs, ports and asn values are sent to W4CS • After an investigation, all observables sent to W4CS are destroyed, and the results of the investigation are also not persisted in the cloud • W4CS does not track the IPs or the specific instance of QRadar Advisor with Watson submitting the investigation requests to preserve anonymity PRIVACY • Observables are sent via an encrypted channel to Watson for Cyber Security • Watson for Cyber Security isolates each customer’s offense investigation • Watson for Cyber Security can only be accessed by authorized QRadar Advisor with Watson apps SECURITY
14 IBM Security Il responso di Watson for Cyber Security W4CS presenta il “knowledge graph”, una vista delle relazioni tra entità e observables. Dall’ Incident Overview page, si seleziona l’incidente per entrare nel dettaglio con “Explore Insights”. Il knowledge- graph utilizza i colori per ogni tipologia di informazione. Se si vogliono eliminare informazioni secondarie e rendere più facile l’interpretazione del grafico si può operare sul tasto “Key Insights only”
15 IBM Security Il Cognitive riduce in maniera significativa:“threat- research” e “response-time” RemediationInvestigation and Impact AssessmentIncident Triage Manual threat analysis Remediation Investigation and Impact Assessment Incident Triage IBM W4CS assisted threat analysis Una veloce ed accurata analisi delle minacce di sicurezza risparmiando tempo e risorse Days to Weeks Minutes to Hours • Accelera l’indirizzamento dei casi di incident in maniera automatica • Allevia preoccupazioni e pressioni dovute a mancanza di skill • Incrementa la velocità di analisi del team di sicurezza
THANK YOU ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions FOLLOW US ON: © Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. Domande ?

Recommended

IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Qradar ibm partner_enablement_220212_final
Qradar ibm partner_enablement_220212_finalQradar ibm partner_enablement_220212_final
Qradar ibm partner_enablement_220212_finalArrow ECS UK
 
IBM Security Intelligence
IBM Security IntelligenceIBM Security Intelligence
IBM Security IntelligenceAnna Landolfi
 
IBM Qradar
IBM QradarIBM Qradar
IBM QradarCoenraad Smith
 
Whitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceWhitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceCamilo Fandiño Gómez
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapDATA SECURITY SOLUTIONS
 
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...IBM Security
 

Recommended

IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Qradar ibm partner_enablement_220212_final
Qradar ibm partner_enablement_220212_finalQradar ibm partner_enablement_220212_final
Qradar ibm partner_enablement_220212_finalArrow ECS UK
 
IBM Security Intelligence
IBM Security IntelligenceIBM Security Intelligence
IBM Security IntelligenceAnna Landolfi
 
IBM Qradar
IBM QradarIBM Qradar
IBM QradarCoenraad Smith
 
Whitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceWhitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceCamilo Fandiño Gómez
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapDATA SECURITY SOLUTIONS
 
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...IBM Security
 
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...Andris Soroka
 
Extend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsExtend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsIBM Security
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business CaseEnterprise Technology Management (ETM)
 
IBM-QRadar-Corporate-Online-Training.
IBM-QRadar-Corporate-Online-Training.IBM-QRadar-Corporate-Online-Training.
IBM-QRadar-Corporate-Online-Training.Avishek Priyadarshi
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Andris Soroka
 
IBM Security QFlow & Vflow
IBM Security QFlow & VflowIBM Security QFlow & Vflow
IBM Security QFlow & VflowCamilo Fandiño Gómez
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
 
IBM QRadar Xforce
IBM QRadar XforceIBM QRadar Xforce
IBM QRadar Xforcesreenivas1591
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA IBM Security
 
MISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM ImplementationMISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM ImplementationMichael Nickle
 
IBM Security Immune System
IBM Security Immune SystemIBM Security Immune System
IBM Security Immune SystemJuan Pablo Coelho
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardEMC
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemSBWebinars
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsAnton Chuvakin
 
SIEM evolution
SIEM evolutionSIEM evolution
SIEM evolutionStijn Vande Casteele
 
SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 Andris Soroka
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:Anton Chuvakin
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 
Presentation data security solutions certified ibm business partner for ibm...
Presentation data security solutions certified ibm business partner for ibm...Presentation data security solutions certified ibm business partner for ibm...
Presentation data security solutions certified ibm business partner for ibm...xKinAnx
 

More Related Content

What's hot

DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...Andris Soroka
 
Extend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsExtend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsIBM Security
 
IBM-QRadar-Corporate-Online-Training.
IBM-QRadar-Corporate-Online-Training.IBM-QRadar-Corporate-Online-Training.
IBM-QRadar-Corporate-Online-Training.Avishek Priyadarshi
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Andris Soroka
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
 
MISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM ImplementationMISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM ImplementationMichael Nickle
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardEMC
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemSBWebinars
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsAnton Chuvakin
 
SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 Andris Soroka
 

What's hot (20)

DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
 
Extend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPsExtend Your Market Reach with IBM Security QRadar for MSPs
Extend Your Market Reach with IBM Security QRadar for MSPs
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business Case
 
IBM-QRadar-Corporate-Online-Training.
IBM-QRadar-Corporate-Online-Training.IBM-QRadar-Corporate-Online-Training.
IBM-QRadar-Corporate-Online-Training.
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
 
IBM Security QFlow & Vflow
IBM Security QFlow & VflowIBM Security QFlow & Vflow
IBM Security QFlow & Vflow
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
 
IBM QRadar Xforce
IBM QRadar XforceIBM QRadar Xforce
IBM QRadar Xforce
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
MISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM ImplementationMISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM Implementation
 
IBM Security Immune System
IBM Security Immune SystemIBM Security Immune System
IBM Security Immune System
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path Forward
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against Them
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and Lessons
 
SIEM evolution
SIEM evolutionSIEM evolution
SIEM evolution
 
SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
 

Similar to IBM Qradar-Advisor

Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 
Presentation data security solutions certified ibm business partner for ibm...
Presentation data security solutions certified ibm business partner for ibm...Presentation data security solutions certified ibm business partner for ibm...
Presentation data security solutions certified ibm business partner for ibm...xKinAnx
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadarPencilData
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016Francisco González Jiménez
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSmmiznoni
 
Brochure SWASCAN-ENG On Premise
Brochure SWASCAN-ENG On PremiseBrochure SWASCAN-ENG On Premise
Brochure SWASCAN-ENG On PremiseSWASCAN
 
Swascan brochure-eng
Swascan brochure-engSwascan brochure-eng
Swascan brochure-engSWASCAN
 
Swascan Cyber Security Testing Platform
Swascan Cyber Security Testing PlatformSwascan Cyber Security Testing Platform
Swascan Cyber Security Testing PlatformPierguido Iezzi
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectioninfoLock Technologies
 
Fernando Imperiale - Security Intelligence para PYMES
Fernando Imperiale - Security Intelligence para PYMESFernando Imperiale - Security Intelligence para PYMES
Fernando Imperiale - Security Intelligence para PYMESFernando M. Imperiale
 
IBM - Security Intelligence para PYMES
IBM - Security Intelligence para PYMESIBM - Security Intelligence para PYMES
IBM - Security Intelligence para PYMESFernando M. Imperiale
 
Azure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and complianceAzure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and complianceAsaf Nakash
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 sucesuminas
 
Secure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security SensemakingSecure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security SensemakingAnita D'Amico
 
2022 APIsecure_Monitoring your APIs for Attacks Using SIEM versus XDR
2022 APIsecure_Monitoring your APIs for Attacks Using SIEM versus XDR2022 APIsecure_Monitoring your APIs for Attacks Using SIEM versus XDR
2022 APIsecure_Monitoring your APIs for Attacks Using SIEM versus XDRAPIsecure_ Official
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureQualys
 

Similar to IBM Qradar-Advisor (20)

Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
 
Presentation data security solutions certified ibm business partner for ibm...
Presentation data security solutions certified ibm business partner for ibm...Presentation data security solutions certified ibm business partner for ibm...
Presentation data security solutions certified ibm business partner for ibm...
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadar
 
ISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdfISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdf
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPS
 
Brochure SWASCAN-ENG On Premise
Brochure SWASCAN-ENG On PremiseBrochure SWASCAN-ENG On Premise
Brochure SWASCAN-ENG On Premise
 
Swascan brochure-EN
Swascan brochure-ENSwascan brochure-EN
Swascan brochure-EN
 
Swascan brochure-eng
Swascan brochure-engSwascan brochure-eng
Swascan brochure-eng
 
Swascan Cyber Security Testing Platform
Swascan Cyber Security Testing PlatformSwascan Cyber Security Testing Platform
Swascan Cyber Security Testing Platform
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
 
Fernando Imperiale - Security Intelligence para PYMES
Fernando Imperiale - Security Intelligence para PYMESFernando Imperiale - Security Intelligence para PYMES
Fernando Imperiale - Security Intelligence para PYMES
 
IBM - Security Intelligence para PYMES
IBM - Security Intelligence para PYMESIBM - Security Intelligence para PYMES
IBM - Security Intelligence para PYMES
 
IKare Vulnerability Scanner - Datasheet EN
IKare Vulnerability Scanner - Datasheet ENIKare Vulnerability Scanner - Datasheet EN
IKare Vulnerability Scanner - Datasheet EN
 
Azure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and complianceAzure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and compliance
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
 
Secure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security SensemakingSecure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security Sensemaking
 
2022 APIsecure_Monitoring your APIs for Attacks Using SIEM versus XDR
2022 APIsecure_Monitoring your APIs for Attacks Using SIEM versus XDR2022 APIsecure_Monitoring your APIs for Attacks Using SIEM versus XDR
2022 APIsecure_Monitoring your APIs for Attacks Using SIEM versus XDR
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud Infrastructure
 

More from Luigi Perrone

EKMF solution overview
EKMF solution overviewEKMF solution overview
EKMF solution overviewLuigi Perrone
 
z/OS Authorized Code Scanner
z/OS Authorized Code Scannerz/OS Authorized Code Scanner
z/OS Authorized Code ScannerLuigi Perrone
 
Pervasive Encryption for DB2
Pervasive Encryption for DB2Pervasive Encryption for DB2
Pervasive Encryption for DB2Luigi Perrone
 
z/OS Pervasive Encryption
z/OS Pervasive Encryptionz/OS Pervasive Encryption
z/OS Pervasive EncryptionLuigi Perrone
 
Come gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLMCome gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLMLuigi Perrone
 
Come integrare il mainframe con QRadar
Come integrare il mainframe con QRadarCome integrare il mainframe con QRadar
Come integrare il mainframe con QRadarLuigi Perrone
 
Fare sicurezza con zSecure
Fare sicurezza con zSecureFare sicurezza con zSecure
Fare sicurezza con zSecureLuigi Perrone
 
Racf psw enhancement
Racf psw enhancementRacf psw enhancement
Racf psw enhancementLuigi Perrone
 

More from Luigi Perrone (12)

EKMF solution overview
EKMF solution overviewEKMF solution overview
EKMF solution overview
 
z/OS Authorized Code Scanner
z/OS Authorized Code Scannerz/OS Authorized Code Scanner
z/OS Authorized Code Scanner
 
Sklm webinar
Sklm webinarSklm webinar
Sklm webinar
 
Mfa.intro
Mfa.introMfa.intro
Mfa.intro
 
Pervasive Encryption for DB2
Pervasive Encryption for DB2Pervasive Encryption for DB2
Pervasive Encryption for DB2
 
Key management
Key managementKey management
Key management
 
z/OS Pervasive Encryption
z/OS Pervasive Encryptionz/OS Pervasive Encryption
z/OS Pervasive Encryption
 
Come gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLMCome gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLM
 
2017 racf 2.3 news
2017 racf 2.3 news2017 racf 2.3 news
2017 racf 2.3 news
 
Come integrare il mainframe con QRadar
Come integrare il mainframe con QRadarCome integrare il mainframe con QRadar
Come integrare il mainframe con QRadar
 
Fare sicurezza con zSecure
Fare sicurezza con zSecureFare sicurezza con zSecure
Fare sicurezza con zSecure
 
Racf psw enhancement
Racf psw enhancementRacf psw enhancement
Racf psw enhancement
 

Recently uploaded

EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxnada99848
 

Recently uploaded (20)

EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptx
 

IBM Qradar-Advisor

  • 1. IBM Security Cognitive IBM SECURITY INTELLIGENCE & ANALYTICS Luigi Perrone IBM SWG – Security Systems Security & Audit for zSystem & enterprise Security Intelligence solution luigi_perrone@it.ibm.com Marzo, 2017 by
  • 2. 2 IBM Security Perimeter Controls Pre 2005 Security Intelligence 2005++ Cognitive, Cloud, and Collaboration 2015+ Impiego di difese statiche che controllano o limitano il flusso dei dati, come firewalls, software antivirus, web gateways, ecc. Impiego di strumenti analitici per collezionare ed interpretare grandi quantità di flussi di dati in real-time, creando una priorità degli eventi evidenziandone il livello di rischio Interpretazione e comprensione ed elaborazione di dati di sicurezza eseguiti come una persona umana ma ad una velocità non raggiungibile da un umano Con l’evoluzione infrastrutturale cresce la complessità ed il volume di informazioni da analizzare Il percorso evolutivo della security negli ultimi anni IBM fornisce la tecnologia QRadar concepita come una soluzione che si adatta continuamente con l’evolversi delle problematiche di sicurezza
  • 3. 3 IBM Security Perché la sicurezza necessita del cognitive ? • Pensiamo all’attività ordinaria del team di controllo della sicurezza: analisi, verifiche, dati, report, relazioni, falsi positivi, origine dell’attacco, anomalie, ecc. • Pensiamo alla continua evoluzione delle metodologie e delle tipologie di attacco • Pensiamo al continuo incremento del numero di eventi critici o sospetti da analizzare
  • 4. 4 IBM Security Cos’è Watson for Cyber Security ? ‘‘…grazie alla sua capacità di calcolo e di apprendimento, l’intelligenza artificiale di Watson sarà in grado di distinguere più velocemente di qualsiasi esperto umano la minaccia informatica da anomalie benigne nel comportamento di reti, operatori e software… ’’ 1. Osservazione 2. Interpretazione 3. Valutazione 4. Decisione Servizio Cloud di tipo SaaS
  • 5. 5 IBM Security QRadar AdvisorQRadar SIEM Come può essere utilizzato W4CS ? W4CS
  • 6. 6 IBM Security QRadar Advisor • Manage alerts • Research security events and anomalies • Evaluate user activity and vulnerabilities • Configuration • Other • Data correlation • Pattern identification • Thresholds • Policies • Anomaly detection • Prioritization Security Analytics Security Analysts Watson for Cyber Security • Security knowledge • Threat identification • Reveal additional indicators • Surface or derive relationships • Evidence • Local data mining • Perform threat research using Watson for Cyber Security • Qualify and relate threat research to security incidents • Present findings QRadar Watson Advisor SECURITY ANALYSTS SECURITY ANALYTICS QRadar Watson Advisor Watson for Cyber Security Con QRadar Advisor sfrutto tutte le potenzialità di Watson for Cyber Security
  • 7. 7 IBM Security Quali requisiti per utilizzare QRadar Advisor ? Any customer running version 7.2.8 or above can try QRadar Watson Advisor for 30 days. Trial is initiated through the AppExchange 1. Direct customer to https://exchange.xforce.ibmcloud.com/hub to initiate trial 2. Customer will be instructed to set up a user ID if they don’t have one already 3. Email will be sent to customer with a link, password and instructions 4. Customer will receive a follow up call within 24 hours
  • 8. 8 IBM Security Dashboard Widgets which present visual/graphical representations of saved search results. Report Templates for scheduled or On demand reports which are built upon saved event or flow searches. Saved Searches Search criteria. Custom Rules Tests that are run against events and/or flow. ‘Fire’ Can trigger action(offense, new event, email notice, data collection, etc.) Custom Property Defines a property to be extracted or derived from an inbound event or flow. Regex or Calculation. Reference Data Container definition for holding reference data that can be used by searches and rules. Custom Action Custom response for a rule when ‘fired’. Application Enhancement/extension to QRadar that can provide new tabs, API methods, dashboard items, context menus, config pages, etc Log Source Extension A parsing logic definition used to synthesize a custom DSM for an event source for which there is no existing DSM. Custom QIDMap Supplement out-of-the-box QIDMap QRadar provides, in order to include QIDMap entries for events not formally supported by QRadar. Historical Correlation Combination of saved search and set of rules that allow a user to test rules by re-running a set of historical events "offline" Custom Function SQL-like function that can be used in an Advanced search to enhance or manipulate data Come effettuare l’installazione di QRadar Advisor ? • Direttamente dal Marketplace di QRadar AppExchange • AppExchange fornisce un sistema di creazione e condivisione di App
  • 9. 9 IBM Security Come accedo a QRadar Advisor ? Dall’apposito Tab posso accedere alla main page di Advisor e visualizzare tutte le investigazioni eseguite da Watson
  • 10. 10 IBM Security Da dove inizio per attivare Watson ? L’aiuto di Watson for Cyber Security può essere sempre innescato tramite l’analisi di una offense
  • 11. 11 IBM Security Quali informazioni per l’investigazione di Watson ? Sulla parte laterale dello schermo vengono visualizzate le informazioni necessarie per l’investigazione di Watson
  • 12. 12 IBM Security Gli «observables» utilizzati da Advisor Gli observables costituiscono un set di dati collezionati dalla offense relativamente agli eventi analizzati in locale da QRadar Advisor arrichiti da dati di ricerche esterni (es. feeds). Solo un subset di questi dati sono inviati a Watson for Cyber Security per l’investigazione di potenziali minacce Observable Type Description Sent to W4CS Source IP External Source IPs that appear in an offense – enforced by respecting the Network Hierarchy defined in QRadar Yes Destination IP External Destination IPs that appear in an offense – enforced by respecting the Network Hierarchy defined in QRadar Yes File Hash Hash value of a file that is deemed suspicious Yes URL External URLs that appear in an offense Yes Domain External Domains that appear in an offense Yes Destination Port Destination Ports belonging to Destination IPs No User Agent The user agent identified by a browser or HTTP application No AV Signature Malware signatures identified by antivirus solutions No Email Address Email addresses associated with suspicious emails No File Name Names of suspicious files No Observable Type Description Sent to W4CS Source Port Source Ports belonging to Source IPs No Destination ASN Autonomous System Number of a destination IP address (from a DNS) No Source ASN Autonomous System Number of a source IP address (from a DNS) No Destination Country Name of the destination country of outbound communications No Source Country Name of source country of inbound communications No Low Level Category Low level QRadar offense category No High Level Category High level QRadar offense category No Direction Direction of communication No User name Aliases that may attempt to access critical internal infrastructure No
  • 13. 13 IBM Security Observables: sicurezza, controllo e privacy Gli observables costituiscono un set di dati collezionati dalla offense relativamente agli eventi analizzati in locale da QRadar Advisor arrichiti da dati di ricerche esterni (es. feeds). Solo un subset di questi dati sono inviati a Watson for Cyber Security per l’investigazione di potenziali minacce CONTROL • QRadar Advisor with Watson references the Network Hierarchy defined in QRadar • QRadar Administrator can control which types of observables are sent in the QRadar Advisor with Watson administration page • QRadar Administrator can select which custom properties are mapped to observable types • Only external URLs, domains, IPs, ports and asn values are sent to W4CS • After an investigation, all observables sent to W4CS are destroyed, and the results of the investigation are also not persisted in the cloud • W4CS does not track the IPs or the specific instance of QRadar Advisor with Watson submitting the investigation requests to preserve anonymity PRIVACY • Observables are sent via an encrypted channel to Watson for Cyber Security • Watson for Cyber Security isolates each customer’s offense investigation • Watson for Cyber Security can only be accessed by authorized QRadar Advisor with Watson apps SECURITY
  • 14. 14 IBM Security Il responso di Watson for Cyber Security W4CS presenta il “knowledge graph”, una vista delle relazioni tra entità e observables. Dall’ Incident Overview page, si seleziona l’incidente per entrare nel dettaglio con “Explore Insights”. Il knowledge- graph utilizza i colori per ogni tipologia di informazione. Se si vogliono eliminare informazioni secondarie e rendere più facile l’interpretazione del grafico si può operare sul tasto “Key Insights only”
  • 15. 15 IBM Security Il Cognitive riduce in maniera significativa:“threat- research” e “response-time” RemediationInvestigation and Impact AssessmentIncident Triage Manual threat analysis Remediation Investigation and Impact Assessment Incident Triage IBM W4CS assisted threat analysis Una veloce ed accurata analisi delle minacce di sicurezza risparmiando tempo e risorse Days to Weeks Minutes to Hours • Accelera l’indirizzamento dei casi di incident in maniera automatica • Allevia preoccupazioni e pressioni dovute a mancanza di skill • Incrementa la velocità di analisi del team di sicurezza
  • 16. THANK YOU ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions FOLLOW US ON: © Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. Domande ?