Il fenomeno degli attacchi informatici continua ad aumentare utilizzando molteplici vettori di infezione e tecniche di attacco estremamente sofisticate ed evasive.
I vecchi metodi basati solo sull’analisi dei log non sono più sufficienti per rilevare gli attacchi. Nel seminario vedremo come la piattaforma IBM di Security Intelligence ( Qradar ) è possibile identificare proattivamente anomalie, attacchi e violazioni e come l’adozione di tecnologie Cognitive renda più semplice effettuare l’analisi in modo ricco ed esaustivo.
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...IBM Security
After the great response to the first “Safeguard Healthcare Identities and Data with Identity Governance and Intelligence” webinar and the continued success of IBM in the healthcare industry we have decided to bring it back!
With the increased focus on security, you may not have guessed that healthcare is one of the hardest hit industries. The people involved – doctors, nurses, hospital employees, patients, pharmacies and more – have become an easy entry point. Because of this, healthcare organizations have started to look for ways to better manage and govern the identities of their users. The challenge has been integrating with their Electronic Medical Record (EMR) systems, however, IBM has devised a solution.
View the slides from this December 5th webinar to learn about how IBM can help safeguard healthcare identities, as well as how IBM, using IBM Identity Governance and Intelligence, was able to integrate with EPIC EMR.
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
SIEM technology has been around for years and continues to enjoy broad market adoption. Companies continue to rely on SIEM capabilities to handle proactive security monitoring, detection and response, and regulatory compliance. However, with today’s staggering volume of cyber-security threats and the number of security devices, network infrastructures and system logs, IT security staff can become quickly overwhelmed.
Gartner projects that by 2020:
-- 50% of new SIEM implementations will be delivered via SIEM as a service.
-- 60% of all advanced security analytics will be delivered from the cloud as part of SIEM-as-a-service offerings.
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
View ondemand webinar: https://securityintelligence.com/events/qradar-investment-2016/
Helping you stay ahead of cybercriminals means our work at IBM Security is never done. With data coming from every direction to collect, you need real time and historical analytics to discover anomalistic conditions that often provide the early warning signs of an attacker’s presence. Join us to hear about new features in IBM Security QRadar that can provide you with better visibility into what’s happening on your network and new integrations that will help you multiply your investment and help speed your remediation efforts.
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...IBM Security
After the great response to the first “Safeguard Healthcare Identities and Data with Identity Governance and Intelligence” webinar and the continued success of IBM in the healthcare industry we have decided to bring it back!
With the increased focus on security, you may not have guessed that healthcare is one of the hardest hit industries. The people involved – doctors, nurses, hospital employees, patients, pharmacies and more – have become an easy entry point. Because of this, healthcare organizations have started to look for ways to better manage and govern the identities of their users. The challenge has been integrating with their Electronic Medical Record (EMR) systems, however, IBM has devised a solution.
View the slides from this December 5th webinar to learn about how IBM can help safeguard healthcare identities, as well as how IBM, using IBM Identity Governance and Intelligence, was able to integrate with EPIC EMR.
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
SIEM technology has been around for years and continues to enjoy broad market adoption. Companies continue to rely on SIEM capabilities to handle proactive security monitoring, detection and response, and regulatory compliance. However, with today’s staggering volume of cyber-security threats and the number of security devices, network infrastructures and system logs, IT security staff can become quickly overwhelmed.
Gartner projects that by 2020:
-- 50% of new SIEM implementations will be delivered via SIEM as a service.
-- 60% of all advanced security analytics will be delivered from the cloud as part of SIEM-as-a-service offerings.
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
View ondemand webinar: https://securityintelligence.com/events/qradar-investment-2016/
Helping you stay ahead of cybercriminals means our work at IBM Security is never done. With data coming from every direction to collect, you need real time and historical analytics to discover anomalistic conditions that often provide the early warning signs of an attacker’s presence. Join us to hear about new features in IBM Security QRadar that can provide you with better visibility into what’s happening on your network and new integrations that will help you multiply your investment and help speed your remediation efforts.
Are You Ready to Move Your IAM to the Cloud?IBM Security
Many companies are considering moving their current identity and access management (IAM) implementations to the cloud, or they are looking at the cloud for their new IAM use cases. This might be driven by the threat of attacks via identities, increasing compliance mandates, expanding needs of end users for frictionless data access or improving the total cost of ownership.
View this presentation and watch the corresponding webinar to help you determine whether your organization is ready to move to IDaaS.
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
Learn about Sogeti’s journey of creating a new Security Operation Center, and how and why we leveraged QRadar solutions. We explore the full program lifecycle, from strategic choices to technical analysis and benchmarking on the product. We explain how QRadar accelerates the go-to-market of the SOC, and how we embed IBM Security Intelligence offerings in our solution. Having a strong collaboration between different IBM stakeholders such as Software Group, Global Technology Services, as well as the Labs, was key to client satisfaction and operational effectiveness. We also show the value of integrating new QRadar features in our SOC roadmap, in order to constantly stay ahead in the cyber security game.
the IBM Security Intelligence Platform, also known as QRadar®, integrates SIEM, log management, anomaly detection, vulnerability management, risk management and incident forensics into a unified, highly scalable, real-time solution that provides superior threat detection, greater ease of use, and low total cost of ownership compared with competitive products
How to Choose the Right Security Information and Event Management (SIEM) Solu...IBM Security
View on-demand webinar: https://securityintelligence.com/events/choose-right-security-information-event-management-siem-solution/
Learn what matters most when choosing a SIEM solution. In this session, we take a tour of the 2015 Gartner Magic Quadrant for SIEM, and IBM experts will discuss what we believe has set IBM Security QRadar® apart from other vendors for 7 consecutive years.
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsIBM Security
Attackers are using increasingly sophisticated methods to access your most sensitive data, and at the same time cloud, mobile and other innovations expand the perimeter you need to protect. This keynote discusses how to build a more secure enterprise with real-time analytics and behavior-based activity monitoring.
Advanced Security Intelligence tools store, correlate and analyze millions of events and flows daily to identify critical incidents your security team needs to investigate. The volume, variety and velocity involved clearly defines Security as a “Big Data challenge.”
Learn how advanced predictive analytics and incident forensics help defend against advanced attacks and respond to and remediate incidents quickly and effectively.
Extend Your Market Reach with IBM Security QRadar for MSPsIBM Security
View on-demand recording: http://securityintelligence.com/events/ibm-security-qradar-for-msps/
As the number of security events grow in complexity and frequency, your clients are likely looking for ways to deploy leading security capabilities to gain more comprehensive security visibility across their operations. With the next release of IBM Security QRadar, you have an enhanced opportunity to deliver a best-in-class security intelligence solution to your broad base of customers.
Join us for a webcast presented by Vijay Dheap, IBM Security Global Solutions Manager, to learn about the new features of IBM Security QRadar designed especially for Managed Service Providers. He will cover:
- Centralized views and incident management with extensive APIs
- Flexible MSP pricing options
- Horizontal, snap-on scalability that is cloud ready
Top 5 Things to Look for in an IPS SolutionIBM Security
Today’s next-generation intrusion prevention systems (NGIPS) offer a great deal more capability than the traditional IDS/IPS. And for many organizations, these improvements have come about since the last time they refreshed their IPS appliances.
With advanced threats on the rise, it is critical that organizations deploy the latest network security solutions that can stop zero-day attacks, mutated threats and evasion techniques. And do so without taking a network performance hit. Additionally, improved visibility and control is important – something that can be further enhanced with broad integration and data sharing with your existing security solutions.
Join this webinar to learn what to look for when considering IPS solutions, so you can make the right decision for your organization’s network security.
Avoiding data breach using security intelligence and big data to stay out of ...IBM Security
Attackers and exploits are becoming increasingly sophisticated, and the pressure to protect business critical data is only getting more and more intense. Security Intelligence transforms the playing field by adding analytics and context, and shifts the balance in favor of the good guys. Today forward thinking organizations are looking at extending Security Intelligence even further by combining it with Big Data to form a solution that allows them to analyze new types of information, and data that travels at higher velocity, and in larger volume. This powerful combination yields new insights that can more effectively identify threats and fraud than ever before.
In this session, attendees will learn how to combine Security Intelligence and Big Data, and deploy a solution that is well suited for structured, repeatable tasks. We will also cover the addition of complementary new technologies that address speed and flexibility, and are ideal for analyzing unstructured data. This session will also highlight how organizations are using Security Intelligence to pro-actively detect advanced threats before they cause damage, and take effective corrective action if a compromise succeeds.
View the On-demand webinar: https://www2.gotomeeting.com/register/657029698
How to Improve Threat Detection & Simplify Security OperationsIBM Security
Over 74% of global enterprise security professionals rate improving security monitoring as a top priority. Monitoring must be done efficiently within a security operations center (SOC) to combat increased threats and a limited supply of trained security analysts.
While the vendor landscape for security solutions is rapidly evolving, many early point solutions and first generation SIEMs are not keeping pace with the changing needs of security operations. A new class of platforms has emerged that combine advanced analytics and flexible deployment options. Join this exclusive webinar featuring Forrester Research to learn:
Characteristics of modern security platforms that have evolved from point solutions and basic SIEMs
Criteria to consider when evaluating vendors and solutions
The advantages of an integrated security platform that incorporates cognitive capabilities and augmented intelligence
Delivering operational efficiency and lower costs through an integrated approach to network security management
Q1 Labs is a global provider of high-value, cost-effective network security management products. The company's next-generation security information and event management (SIEM) offering, QRadar, integrates functions typically segmented by first generation solutions - including log management, SIEM and network activity monitoring - into a total security intelligence solution. QRadar provides users with crucial visibility into what is occurring with their networks, data centers, and applications to better protect IT assets and meet regulatory requirements. By deploying QRadar, organizations greatly enhance their IT security programs and meet the following specific security requirements.
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
Businesses and governments alike are experiencing an alarming rate of malicious activity from both external and internal actors.
Not surprisingly, mission-critical mainframe applications make for desirable targets with large repositories of enterprise customer sensitive data. Mainframe environments are increasingly at risk opening accesses through the internet, mobile initiatives, big data initiatives, social initiatives, and more to drive the business forward. Additionally, there are some security challenges that are specific to the mainframe - traditional protection methods are no longer enough, insider threats are also on the rise, mainframe environments could be more vulnerable with reliance on privilege users to administer security, silo-ed mainframe IT management, limited ownership visibility, and lack of uniformed security management across the enterprise.
View this on-demand webcast to learn more about specific mainframe data protection challenges, top tips for protecting sensitive data, and key data protection capabilities that you should consider to address these challenges.
Register here for the playback: https://event.on24.com/wcc/r/1461947/D9664CC82EC641AA58D35462DB703470
IBM® QRadar® QFlow Collector integrates with IBM QRadar SIEM and flow processors to provide Layer 7 application visibility and flow analysis to help you sense, detect and respond to activities throughout your network. This combined solution, powered by the advanced IBM Sense Analytics Engine™, gives you greater visibility into network activity to better detect threats, meet policy and regulatory compliance requirements, and minimize risks to mission-critical services, data and assets.
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
Security Operation Centers (SOCs) today are complex environments. They often have too many separate tools, uncoordinated analysts in the response process, and confusion around alert prioritization. Because of this, SOCs consistently struggle responding to the most urgent incidents.
The integration between IBM Resilient and Carbon Black helps SOCs overcome these challenges. IBM Resilient’s Intelligent Orchestration combined with Carbon Black Response provides a single view for all relevant response data and streamlines the entire security process. This makes it simpler for analysts to quickly and efficiently remediate cyberattacks.
Join experts Chris Berninger, Business Development Engineer, Carbon Black, and Hugh Pyle, Product Manager, IBM Resilient, for this webinar, to learn:
- How the IBM Resilient-Carbon Black integration works within your SOC to accelerate incident response improvement
- Strategies to implement Intelligent Orchestrate and automation into your incident response process
- Actions that can be taken today for maximizing the effectiveness of your SOC
Identity intelligence: Threat-aware Identity and Access ManagementProlifics
Presentation at Pulse 2014 as part of the session, "Enhance Your Identity and Access Management Solution with Integrations from Key IBM Technology Partners"
Speaker:
Russell Tait, Prolifics
Join a panel of IBM technology partners to learn about new and exciting Identity and Access Management (IAM) integrations that have been validated through the Ready for IBM Security Intelligence program. In this slide deck, IBM technology partner, Prolifics, discusses how their integrations with key areas of the IBM Security portfolio increase solution value for customers. The panel discussion will cover strong authentication, mobile, cloud, and security intelligence use cases.
Top Cybersecurity Threats and How SIEM Protects Against ThemSBWebinars
Everyone has become increasingly aware of the danger hackers pose—they can steal data, dismantle systems, and cause damage that can take years to recover from. However, organizations often have a false sense of safety when it comes to their security environments. There are countless ways that businesses are making it easier for a threat actor to find their way in undetected.
Join cybersecurity expert Bob Erdman, senior security product manager, as he outlines the most common ways organizations unintentionally put themselves at risk against threats like:
Insider attacks
Alert and console fatigue
Shortage of security staff
Misconfigurations
Excessive access
By better understanding what and where the challenges are, organizations can be better equipped to find solutions. This webinar will also highlight different strategies for mitigating risk, from specific Security Information and Event Management (SIEM) tools to employee education.
Webcast title : GDPR: Protecting Your Data
Description : Find out why data protection and encryption is an essential component of preparing for your GDPR readiness process.
Specifically, we will cover:
What is considered "Personal Data" and why it needs to be "protected"
The Legal Aspects of Data Protection under GDPR.
The technical ways to protect/pseudonymization
In this Session you will learn from the leading experts:
- Ulf Mattsson: The father of database Encryption.
- Martyn Hope: The Co-Founder of the GDPR Institut.
- Mark Rasch: Former Chief Cybersecurity Evangelist at Verizon and led the DOJ's Cyber Crime Unit.
Presenter : Ulf Mattsson, Martyn Hope, Mark Rasch, David Morris
Are You Ready to Move Your IAM to the Cloud?IBM Security
Many companies are considering moving their current identity and access management (IAM) implementations to the cloud, or they are looking at the cloud for their new IAM use cases. This might be driven by the threat of attacks via identities, increasing compliance mandates, expanding needs of end users for frictionless data access or improving the total cost of ownership.
View this presentation and watch the corresponding webinar to help you determine whether your organization is ready to move to IDaaS.
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
Learn about Sogeti’s journey of creating a new Security Operation Center, and how and why we leveraged QRadar solutions. We explore the full program lifecycle, from strategic choices to technical analysis and benchmarking on the product. We explain how QRadar accelerates the go-to-market of the SOC, and how we embed IBM Security Intelligence offerings in our solution. Having a strong collaboration between different IBM stakeholders such as Software Group, Global Technology Services, as well as the Labs, was key to client satisfaction and operational effectiveness. We also show the value of integrating new QRadar features in our SOC roadmap, in order to constantly stay ahead in the cyber security game.
the IBM Security Intelligence Platform, also known as QRadar®, integrates SIEM, log management, anomaly detection, vulnerability management, risk management and incident forensics into a unified, highly scalable, real-time solution that provides superior threat detection, greater ease of use, and low total cost of ownership compared with competitive products
How to Choose the Right Security Information and Event Management (SIEM) Solu...IBM Security
View on-demand webinar: https://securityintelligence.com/events/choose-right-security-information-event-management-siem-solution/
Learn what matters most when choosing a SIEM solution. In this session, we take a tour of the 2015 Gartner Magic Quadrant for SIEM, and IBM experts will discuss what we believe has set IBM Security QRadar® apart from other vendors for 7 consecutive years.
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsIBM Security
Attackers are using increasingly sophisticated methods to access your most sensitive data, and at the same time cloud, mobile and other innovations expand the perimeter you need to protect. This keynote discusses how to build a more secure enterprise with real-time analytics and behavior-based activity monitoring.
Advanced Security Intelligence tools store, correlate and analyze millions of events and flows daily to identify critical incidents your security team needs to investigate. The volume, variety and velocity involved clearly defines Security as a “Big Data challenge.”
Learn how advanced predictive analytics and incident forensics help defend against advanced attacks and respond to and remediate incidents quickly and effectively.
Extend Your Market Reach with IBM Security QRadar for MSPsIBM Security
View on-demand recording: http://securityintelligence.com/events/ibm-security-qradar-for-msps/
As the number of security events grow in complexity and frequency, your clients are likely looking for ways to deploy leading security capabilities to gain more comprehensive security visibility across their operations. With the next release of IBM Security QRadar, you have an enhanced opportunity to deliver a best-in-class security intelligence solution to your broad base of customers.
Join us for a webcast presented by Vijay Dheap, IBM Security Global Solutions Manager, to learn about the new features of IBM Security QRadar designed especially for Managed Service Providers. He will cover:
- Centralized views and incident management with extensive APIs
- Flexible MSP pricing options
- Horizontal, snap-on scalability that is cloud ready
Top 5 Things to Look for in an IPS SolutionIBM Security
Today’s next-generation intrusion prevention systems (NGIPS) offer a great deal more capability than the traditional IDS/IPS. And for many organizations, these improvements have come about since the last time they refreshed their IPS appliances.
With advanced threats on the rise, it is critical that organizations deploy the latest network security solutions that can stop zero-day attacks, mutated threats and evasion techniques. And do so without taking a network performance hit. Additionally, improved visibility and control is important – something that can be further enhanced with broad integration and data sharing with your existing security solutions.
Join this webinar to learn what to look for when considering IPS solutions, so you can make the right decision for your organization’s network security.
Avoiding data breach using security intelligence and big data to stay out of ...IBM Security
Attackers and exploits are becoming increasingly sophisticated, and the pressure to protect business critical data is only getting more and more intense. Security Intelligence transforms the playing field by adding analytics and context, and shifts the balance in favor of the good guys. Today forward thinking organizations are looking at extending Security Intelligence even further by combining it with Big Data to form a solution that allows them to analyze new types of information, and data that travels at higher velocity, and in larger volume. This powerful combination yields new insights that can more effectively identify threats and fraud than ever before.
In this session, attendees will learn how to combine Security Intelligence and Big Data, and deploy a solution that is well suited for structured, repeatable tasks. We will also cover the addition of complementary new technologies that address speed and flexibility, and are ideal for analyzing unstructured data. This session will also highlight how organizations are using Security Intelligence to pro-actively detect advanced threats before they cause damage, and take effective corrective action if a compromise succeeds.
View the On-demand webinar: https://www2.gotomeeting.com/register/657029698
How to Improve Threat Detection & Simplify Security OperationsIBM Security
Over 74% of global enterprise security professionals rate improving security monitoring as a top priority. Monitoring must be done efficiently within a security operations center (SOC) to combat increased threats and a limited supply of trained security analysts.
While the vendor landscape for security solutions is rapidly evolving, many early point solutions and first generation SIEMs are not keeping pace with the changing needs of security operations. A new class of platforms has emerged that combine advanced analytics and flexible deployment options. Join this exclusive webinar featuring Forrester Research to learn:
Characteristics of modern security platforms that have evolved from point solutions and basic SIEMs
Criteria to consider when evaluating vendors and solutions
The advantages of an integrated security platform that incorporates cognitive capabilities and augmented intelligence
Delivering operational efficiency and lower costs through an integrated approach to network security management
Q1 Labs is a global provider of high-value, cost-effective network security management products. The company's next-generation security information and event management (SIEM) offering, QRadar, integrates functions typically segmented by first generation solutions - including log management, SIEM and network activity monitoring - into a total security intelligence solution. QRadar provides users with crucial visibility into what is occurring with their networks, data centers, and applications to better protect IT assets and meet regulatory requirements. By deploying QRadar, organizations greatly enhance their IT security programs and meet the following specific security requirements.
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
Businesses and governments alike are experiencing an alarming rate of malicious activity from both external and internal actors.
Not surprisingly, mission-critical mainframe applications make for desirable targets with large repositories of enterprise customer sensitive data. Mainframe environments are increasingly at risk opening accesses through the internet, mobile initiatives, big data initiatives, social initiatives, and more to drive the business forward. Additionally, there are some security challenges that are specific to the mainframe - traditional protection methods are no longer enough, insider threats are also on the rise, mainframe environments could be more vulnerable with reliance on privilege users to administer security, silo-ed mainframe IT management, limited ownership visibility, and lack of uniformed security management across the enterprise.
View this on-demand webcast to learn more about specific mainframe data protection challenges, top tips for protecting sensitive data, and key data protection capabilities that you should consider to address these challenges.
Register here for the playback: https://event.on24.com/wcc/r/1461947/D9664CC82EC641AA58D35462DB703470
IBM® QRadar® QFlow Collector integrates with IBM QRadar SIEM and flow processors to provide Layer 7 application visibility and flow analysis to help you sense, detect and respond to activities throughout your network. This combined solution, powered by the advanced IBM Sense Analytics Engine™, gives you greater visibility into network activity to better detect threats, meet policy and regulatory compliance requirements, and minimize risks to mission-critical services, data and assets.
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
Security Operation Centers (SOCs) today are complex environments. They often have too many separate tools, uncoordinated analysts in the response process, and confusion around alert prioritization. Because of this, SOCs consistently struggle responding to the most urgent incidents.
The integration between IBM Resilient and Carbon Black helps SOCs overcome these challenges. IBM Resilient’s Intelligent Orchestration combined with Carbon Black Response provides a single view for all relevant response data and streamlines the entire security process. This makes it simpler for analysts to quickly and efficiently remediate cyberattacks.
Join experts Chris Berninger, Business Development Engineer, Carbon Black, and Hugh Pyle, Product Manager, IBM Resilient, for this webinar, to learn:
- How the IBM Resilient-Carbon Black integration works within your SOC to accelerate incident response improvement
- Strategies to implement Intelligent Orchestrate and automation into your incident response process
- Actions that can be taken today for maximizing the effectiveness of your SOC
Identity intelligence: Threat-aware Identity and Access ManagementProlifics
Presentation at Pulse 2014 as part of the session, "Enhance Your Identity and Access Management Solution with Integrations from Key IBM Technology Partners"
Speaker:
Russell Tait, Prolifics
Join a panel of IBM technology partners to learn about new and exciting Identity and Access Management (IAM) integrations that have been validated through the Ready for IBM Security Intelligence program. In this slide deck, IBM technology partner, Prolifics, discusses how their integrations with key areas of the IBM Security portfolio increase solution value for customers. The panel discussion will cover strong authentication, mobile, cloud, and security intelligence use cases.
Top Cybersecurity Threats and How SIEM Protects Against ThemSBWebinars
Everyone has become increasingly aware of the danger hackers pose—they can steal data, dismantle systems, and cause damage that can take years to recover from. However, organizations often have a false sense of safety when it comes to their security environments. There are countless ways that businesses are making it easier for a threat actor to find their way in undetected.
Join cybersecurity expert Bob Erdman, senior security product manager, as he outlines the most common ways organizations unintentionally put themselves at risk against threats like:
Insider attacks
Alert and console fatigue
Shortage of security staff
Misconfigurations
Excessive access
By better understanding what and where the challenges are, organizations can be better equipped to find solutions. This webinar will also highlight different strategies for mitigating risk, from specific Security Information and Event Management (SIEM) tools to employee education.
Webcast title : GDPR: Protecting Your Data
Description : Find out why data protection and encryption is an essential component of preparing for your GDPR readiness process.
Specifically, we will cover:
What is considered "Personal Data" and why it needs to be "protected"
The Legal Aspects of Data Protection under GDPR.
The technical ways to protect/pseudonymization
In this Session you will learn from the leading experts:
- Ulf Mattsson: The father of database Encryption.
- Martyn Hope: The Co-Founder of the GDPR Institut.
- Mark Rasch: Former Chief Cybersecurity Evangelist at Verizon and led the DOJ's Cyber Crime Unit.
Presenter : Ulf Mattsson, Martyn Hope, Mark Rasch, David Morris
Information Security protects information from a wide range of threats in order to ensure business continuity, minimise business damage and maximise return on investment and business opportunities
The GDPR requires organizations — both “data controllers” and “data processors” — to strengthen their data protection and security measures to protect the personally identifiable information (PII) of EU citizens, and to demonstrate their compliance at any time. See how Quest solutions can help make it easier to ensure that your customer on-premises, cloud or hybrid environment meets GDPR compliance requirements.
Securing Your Digital Files from Legal ThreatsAbbie Hosta
Get ready to learn some immensely powerful tips and management approaches designed to safeguard your digital files firm from today’s growing cyber threats. Dive into Worldox technology and how it helps clients ensure compliance with ABA rules and protect your documents. We’ll offer practical guidance and strategies for Worldox users, law firm administrators, and IT managers looking to secure their documents and protect their sensitive client, business and employee information.
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)Shawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma presents the lunch keynote on the Legal Case for Cybersecurity at SecureWorld-Dallas in 2017.
Here is a link directly to the YouTube video of this presentation: https://youtu.be/3ZeJ86Ebas0
Compete To Win: Don’t Just Be Compliant – Be Secure!IBM Security
view on-demand webinar: https://event.on24.com/wcc/r/1241904/E7C5BDA81308626F69D20F843B229534
An alarming number of organizations today are doing the bare minimum to meet compliance regulations. They are completely unaware of the “data security race” taking place against malicious insiders and criminal hackers creating risk, flying past them in a to win over sensitive data. These organizations are spending their time doing just enough to check the compliance ‘checkbox’ and pass their audits. While being compliance-ready is absolutely important and represents a great first step along the road to data security, it won't win you the gold.
View this on-demand webcast to learn more about how to shift your thinking and compete to win by using your compliance efforts to springboard you into a successful data security program - one that can safeguard data from internal and external threats, allowing you to be the champion and protector of your customers, your brand, and the sensitive data the fuels your business.
GDPR for operations and development teams. GDPR includes the data protection by default and data protection by design principles that can be troublesome if not taken into consideration in the beginning of the secure software development life cycle. What are the technical requirements to be considered as "satte of the art" that are mentioned in the regulation. What are the methods of implementation to the risk-based approach the general data protection regulation has.
Similar to SIEM/QRadar: le Soluzioni cognitive e di Security Intelligence di IBM per rilevare attacchi informatici (20)
La collaborazione IBM CRUI
Il Cloud IBM: caratteristiche e punti di forza
Cloud First e la soluzione per qualunque necessità: IBM IaaS, IBM e VMWare, IBM e Skytap, Cloud Object Storage
Modernizzazione applicativa e Cloud Native: IBM PaaS
Soluzioni Cognitive con IBM Watson
IBM: il primo fornitore a qualificare i propri servizi sul MarketPlace di AGID
IBM Garage
Visita al DataCenter Cloud a Cornaredo
I Virtual Labs sono una soluzione Microsoft, studiata per implementare in maniera rapida ed efficace ambienti e classi virtuali, sia a scopo didattico\formativo che di ricerca\sviluppo. Grazie a questa tecnologia è possibile creare Virtual Machine (VM) Windows e Linux, in grado di ridurre al minimo gli sprechi di risorse, grazie all’utilizzo di quote e criteri puntuali, come ad esempio l’avvio e lo spegnimento automatico delle VM o il numero massimo di VM utilizzabile da ogni utente (Professore, Ricercatore, Tesista o Studente)
Esploriamo Windows 10: nuove funzionalità e aggiornamenti. Potenziare l’esper...Jürgen Ambrosi
Come utilizzare e gestire in un’ottica moderna il sistema operativo client di Microsoft. Crea, studia e lavora praticamente ovunque, lo straordinario e ultraleggero Surface offre il meglio per la produttività mobile.
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...Jürgen Ambrosi
I vantaggi di Office 2019; Gestione e condivisione dei documenti: OneDrive e SharePoint; Lavoro di gruppo con Teams; Strumenti moderni per la formazione (Forms, Sway e Stream). Funzionalità di centralino telefonico e di audio-conferencing integrate in Skype for Business e Teams che abilitano le comunicazioni interne ed esterne all’organizzazione
Power BI Overview e la soluzione SCA per gli AteneiJürgen Ambrosi
Presentazione delle potenzialità di PowerBI e demo di creazione di un Report e Dashboard.
SCA (Università degli Studi di Roma “Tor Vergata”) è la soluzione per le Università in grado di fornire un unico punto di accesso alle informazioni degli studenti relative a performance, carriere e amministrazione, dando facile accesso a risultati di potenti query per prendere rapidamente decisioni
Liberati dal sovraccarico e dalle limitazioni dell’infrastruttura locale. Sfrutta risorse illimitate per ottenere scalabilità per i processi HPC (High Performance Computing), per analizzare dati su vasta scala, eseguire simulazioni e modelli finanziari e sperimentare riducendo il tempo di immissione sul mercato.
Threat management lifecycle in ottica GDPRJürgen Ambrosi
Introduzione agli scenari di autenticazione per i servizi informativi nei contesti lavorativi moderni. Panoramica delle soluzioni offerte dalla soluzione Enterprise Mobility and Security per la messa in sicurezza delle identità e delle informazioni nel loro completo ciclo di vita. Prevenzione, rilevamento, contenimento e risposta a minacce di tipo avanzato con riferimenti alla cyber kill chain (focus su Endpoint, Identità, servizi di produttività e cloud app).
Identity and Data protection with Enterprise Mobility Security in ottica GDPRJürgen Ambrosi
Introduzione agli scenari di autenticazione per i servizi informativi nei contesti lavorativi moderni. Panoramica delle soluzioni offerte dalla soluzione Enterprise Mobility and Security per la messa in sicurezza delle identità e delle informazioni nel loro completo ciclo di vita. Prevenzione, rilevamento, contenimento e risposta a minacce di tipo avanzato con riferimenti alla cyber kill chain (focus su Endpoint, Identità, servizi di produttività e cloud app).
Proposte ORACLE per la gestione dei contenuti digitali e per la ricerca scien...Jürgen Ambrosi
Agenda
gli obiettivi della collaborazione Oracle / CRUI; overview delle soluzioni proposte
l’evoluzione dell’offerta Oracle, on prem e in Cloud
certificazione CSP Agid e modello di pricing su Cloud
le soluzioni per la Comunicazione “Digital” (prodotti, servizi e formazione)
Redazione collaborativa e gestione dei contenuti digitali; integrazione con strumenti di produttività come Office365 e Google
Sviluppo rapido e self-service di micrositi e API per front-end digitali
Assistenti Digitali
le soluzioni per la Ricerca Scientifica e l’Innovazione tecnologica
Il Cloud Oracle per l’HPC
soluzioni on-premise e Cloud per BigData e Data Science / Deep Learning
soluzioni in Cloud per IoT, Blockchain
Survey
Q/A
Proposte ORACLE per la modernizzazione dello sviluppo applicativoJürgen Ambrosi
Argomenti trattati nella sessione:
•gli obiettivi della collaborazione Oracle / CRUI; overview delle soluzioni proposte
l’evoluzione dell’offerta Oracle, on prem e in Cloud
•certificazione CSP Agid e modello di pricing su Cloud
•le soluzioni per la modernizzazione dello Sviluppo Applicativo (prodotti, servizi e formazione)
•Database “Multi-Modello” (relazionale, non relazionale / json, REST): le novità del DB Oracle
•Sviluppo rapido di API e UI “Digital” su Oracle DB: le novità di Apex 18.2
•Sviluppo “poliglotta” su Docker e Kubernetes, in Integrazione e Deployment continui
•Arricchire le applicazioni con funzionalità analitiche evolute, “in-database”
•Tecnologia e framework per gli adempimenti di base del GDPR
•Gestione federata delle Identità (SPID, Social Login)
•Survey
•Q/A
Proposte ORACLE per la modernizzazione del Datacenter e delle infrastrutture ITJürgen Ambrosi
Argomenti trattati nella sessione:
• gli obiettivi della collaborazione Oracle / CRUI; overview delle soluzioni proposte.
• l’evoluzione dell’offerta Oracle, on prem e in Cloud
• certificazione CSP Agid e modello di pricing su Cloud
• le soluzioni per la modernizzazione delle Infrastrutture IT (prodotti, servizi e formazione)
• efficientamento dei Database Oracle
• Appliances per il Database (ODA) e per BigData
• Offloading di workload su Cloud Oracle
• Storage e Backup as-a-Service, Lift/Shift di ambienti di Sviluppo e Test, Decommissioning
• VirtualLabs e MOOC “on-demand” su cloud
• Continuità e DR (su on-prem o su Cloud): soluzioni per basi dati Oracle e non Oracle
Dalle soluzioni di BackUp & Recovery al Data management a 360° Jürgen Ambrosi
Modernizzare le soluzioni di Data Protection è oggi un tema dettato dalla rapida comparsa di fenomeni come la Digital Trasformation (o Revolution), la crescita esponenziale del volume dei dati riscontrata ed attesa nel prossimo futuro, l’adozione del Cloud e delle nuove Applicazioni, nonché il GDPR.
Non possono più fare affidamento a soluzioni di Backup poco efficienti, costose e molto spesso complesse. Conseguentemente ci si sta orientando verso nuove strategie di protezione del dato.
Esploreremo la piattaforma Veritas nativamente integrata “360° Data Management”, una piattaforma integrata che offra la protezione, l’alta affidabilità e la visibilità del dato. Primo elemento fondamentale è l’introduzione di una soluzione di Data Protection Unificata con unica console per ambienti fisici, virtuali e in Cloud capace di agire proattivamente per individuare in quale ambiente siano depositati i dati di interesse e quali dati strategici debbano essere rapidamente protetti e preservati in modo sicuro, contenendone il volume ai soli necessari per garantire i servizi di business.
Le soluzioni tecnologiche per il disaster recovery e business continuityJürgen Ambrosi
Oggi è vitale per le aziende consolidare il proprio vantaggio competitivo sul mercato di riferimento. La crescente quantità di dati aziendali quotidianamente raccolta, elaborata ed archiviata costituisce di fatto un prezioso asset per generare nuove opportunità di business. La gestione di tale importante servizio coinvolge direttamente l’IT che, conseguentemente, deve adottare tutte le misure atte a garantirne la continuità operativa per rispettare i livelli di RTO e RPO fissati dagli obiettivi aziendali e dalle normative vigenti.Le soluzioni di Business Continuity e di Disaster Recovery indirizzano questa esigenza in modo puntuale, garantendo la funzionalità di servizio anche a fronte di fenomeni accidentali (guasto, fenomeni naturali, attacchi informatici, errore umano, ecc.) che potrebbero presentarsi nell’esercizio, evitando il rischio di interruzione del business e/o di incorrere in sanzioni amministrative.
Le soluzioni Veritas Resiliency Platform e Veritas CloudMobility permettono di realizzare infrastrutture di Business Continuity e Disaster Recovery con molta flessibilità architetturale. In particolare, entrambe – seppur con strategie diverse – permettono di sfruttare l’interessante opportunità di servizi in Cloud offerta dai vari Service Providers, risolvendo inoltre qualsiasi possibile complessità e rischio di lock-in di tipo contrattuale nell'adozione di queste tecnologie.
Le soluzioni tecnologiche per il Copy Data ManagementJürgen Ambrosi
L'incremento dei dati presenti sui sistemi aziendali impone all’IT di confrontarsi con l’aumento della complessità e dei costi che ne derivano per l’adeguamento tecnologico.
Uno dei motivi principali che causano l’aumento dei dati è tuttavia rappresentato dalla sempre più frequente richiesta di copie attendibili e rapide degli stessi, per far fronte alle diverse esigenze di business nell’avvio di nuovi progetti o di routine come test, archiviazione, backup, disaster recovery, reporting, ecc. Inoltre molto spesso non si ha il pieno controllo di chi ha accesso agli storage per eseguire tali copie con evidente esposizione a rischi di sottrazione illecita dei dati.
Venendo incontro a tale tipo di necessità, Veritas presenta Velocity, la propria soluzione di Copy Data Management che permette di ottenere in tempi rapidi copie di dati con accesso automatizzato e controllato, evitando inutili proliferazioni di copie e conseguente esposizione a rischi di atti fraudolenti.
L’assistente virtuale che informa gli studenti: l'esperienza del Politecnico ...Jürgen Ambrosi
Il Politecnico di Milano ha implementato una chatbot che consente agli studenti, di interagire con una piattaforma alimentata da intelligenza artificiale. Il sistema sfrutta IBM Watson Conversation, un servizio cognitivo basato su cloud, per migliorare e facilitare l'esperienza. L'assistente virtuale è addestrato per rispondere a domande relative a tre aree specifiche nell'ambito del supporto agli studenti: ammissioni, certificati e tasse. In aggiunta, se le informazioni richieste esulano dalle aree di riferimento, la chatbot rimanda la ricerca delle risposte a pagine specifiche o ai contatti di segreteria.
L'assistente virtuale consente di fornire un servizio continuo agli studenti, senza limiti di orario. Informazioni aggiornate e dettagliate sui quesiti più comuni saranno sempre disponibile e fruibili grazie ad un'interazione guidata. La chatbot è attiva nell'area pubblica del sito e chiunque può porre i quesiti senza la necessità di autenticarsi, ovviamente ciò implica che le informazioni fornite non siano personalizzate.
Dal punto di vista dell'università, la chatbot consente alla segreteria di fornire un servizio di maggior qualità, potendo questa dedicarsi maggiormente al soddisfare le esigenze più specifiche dei singoli studenti.
Le soluzioni tecnologiche a supporto del mondo OpenStack e ContainerJürgen Ambrosi
L’interesse da parte delle aziende verso soluzioni come i Containers e cloud-based come OpenStack è ampiamente confermato dal trend positivo rilevato dagli analisti. I benefici derivanti dall’adozione di tali soluzioni nell’ambito IT sono rappresentati dalla possibitità di realizzare architetture maggiormente agili, scalabili ed economiche in grado di soddisfare le sempre piu’ stingenti esigenze di business ed affrontare le pressioni competitive. Veritas presenta le proprie soluzioni software defined storage Veritas ™ HyperScale per OpenStack e Veritas ™ HyperScale for Containers quali piattaforme abilitanti all’introduzione di tali nuove soluzioni tecnologiche garantendo altresì un livello di affidabilità Enterprise-class.
Webinar Fondazione CRUI e VMware: VMware vRealize SuiteJürgen Ambrosi
vRealize Suite è una piattaforma di Cloud Management di classe enterprise progettata appositamente per il cloud ibrido che consente di distribuire e gestire rapidamente l’infrastruttura e le applicazioni senza compromettere il controllo IT.
Continua il ciclo di webinar in collaborazione con Veritas Technologies.
In questo secondo appuntamento abbiamo visto le soluzioni Veritas di Software Defined Storage.
Il settore IT è oggi una delle aree aziendali maggiormente impattate dal fenomeno dell’aumento esponenziale dei dati. Conseguentemente, gli IT Manager devono far fronte all'aumento dei costi e della complessità per l’implementazione di soluzioni di Storage atte a contenere la crescita del volume dei dati.
Al tempo stesso essi devono operare delle scelte orientate a soluzioni in grado di soddisfare i livelli prestazionali sempre più elevati richiesti dalle nuove applicazioni di business mantenendo altresì la funzionalità di quelle legacy.
L’implementazione di hardware NAS ad alte prestazioni o l’adozione di soluzioni storage di tipo diversificato non rappresentano oggi la soluzione ideale dal punto di vista degli impatti economici e di gestione. Sono infatti disponibili nuove tecnologie, sviluppate proprio in risposta all'esigenza di efficientamento e al contenimento dei costi, che permettono di realizzare infrastrutture che consentono di massimizzare l’utilizzo delle soluzioni storage già presenti nel Data Center e l’adozione si soluzioni Object Storage.
Allo scopo Veritas presenta la propria linea di soluzioni Software Defined Storage.
Normal Labour/ Stages of Labour/ Mechanism of LabourWasim Ak
Normal labor is also termed spontaneous labor, defined as the natural physiological process through which the fetus, placenta, and membranes are expelled from the uterus through the birth canal at term (37 to 42 weeks
Safalta Digital marketing institute in Noida, provide complete applications that encompass a huge range of virtual advertising and marketing additives, which includes search engine optimization, virtual communication advertising, pay-per-click on marketing, content material advertising, internet analytics, and greater. These university courses are designed for students who possess a comprehensive understanding of virtual marketing strategies and attributes.Safalta Digital Marketing Institute in Noida is a first choice for young individuals or students who are looking to start their careers in the field of digital advertising. The institute gives specialized courses designed and certification.
for beginners, providing thorough training in areas such as SEO, digital communication marketing, and PPC training in Noida. After finishing the program, students receive the certifications recognised by top different universitie, setting a strong foundation for a successful career in digital marketing.
Strategies for Effective Upskilling is a presentation by Chinwendu Peace in a Your Skill Boost Masterclass organisation by the Excellence Foundation for South Sudan on 08th and 09th June 2024 from 1 PM to 3 PM on each day.
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionTechSoup
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
Delivering Micro-Credentials in Technical and Vocational Education and TrainingAG2 Design
Explore how micro-credentials are transforming Technical and Vocational Education and Training (TVET) with this comprehensive slide deck. Discover what micro-credentials are, their importance in TVET, the advantages they offer, and the insights from industry experts. Additionally, learn about the top software applications available for creating and managing micro-credentials. This presentation also includes valuable resources and a discussion on the future of these specialised certifications.
For more detailed information on delivering micro-credentials in TVET, visit this https://tvettrainer.com/delivering-micro-credentials-in-tvet/
Thinking of getting a dog? Be aware that breeds like Pit Bulls, Rottweilers, and German Shepherds can be loyal and dangerous. Proper training and socialization are crucial to preventing aggressive behaviors. Ensure safety by understanding their needs and always supervising interactions. Stay safe, and enjoy your furry friends!
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...NelTorrente
In this research, it concludes that while the readiness of teachers in Caloocan City to implement the MATATAG Curriculum is generally positive, targeted efforts in professional development, resource distribution, support networks, and comprehensive preparation can address the existing gaps and ensure successful curriculum implementation.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
SIEM/QRadar: le Soluzioni cognitive e di Security Intelligence di IBM per rilevare attacchi informatici
1. IBM QRADAR
Alessandra Pecorari
October 16, 2017
Technical Sales - Mobility & Endpoint Management Solutions
LE SOLUZIONI COGNITIVE E DI SECURITY
INTELLIGENCE DI IBM PER RILEVARE ATTACCHI
INFORMATICI
Giulia Caliari
Security Architect
2. 2 IBM Security
Objectives: Information Security & Data Protection
Protect public and private
organizations in running their
business
Protect indiviuals (privacy and
security)
Protect the physical and
economic security of the
nation(s)
Security of services & critical information Protection of personal data
3. 3 IBM Security
The Italian landscape (major initiatives)
• Dicembre 2013 - Quadro strategico nazionale per la sicurezza dello spazio cibernetico
• Dicembre 2013 - Piano nazionale per la protezione cibernetica e la sicurezza informatica
• Febbraio 2016 - Italy’s National Framework for Cybersecurity
• Marzo 2017 - Controlli Essenziali di Cybersecurity
• Aprile 2016 – AGID: Misure Minime di Sicurezza ICT per le Pubbliche Amministrazioni
• Luglio 2016 - EU Network and Information Security Directive
• .......• DL196 del 2003 - CODICE IN MATERIA DI
PROTEZIONE DEI DATI PERSONALI
• DIRETTIVA 95/46/CE - Tutela delle persone fisiche
con riguardo al trattamento dei dati personali,
nonché alla libera circolazione di tali dati
• DECISIONE QUADRO 2008/977/GAI - Protezione
dei dati personali trattati nell’ambito della
cooperazione giudiziaria e di polizia in materia
penale
• REGOLAMENTO (UE) 2016/679 relativo alla protezione
delle persone fisiche con riguardo al trattamento dei
dati personali, nonché alla libera circolazione di tali
dati (GDPR)
• DIRETTIVA (UE) 2016/680 relativa alla protezione delle
persone fisiche con riguardo al trattamento dei dati
personali da parte delle autorità competenti a fini di
prevenzione, indagine, accertamento e perseguimento
di reati o esecuzione di sanzioni penali, nonché alla
libera circolazione di tali dati
CybersecurityPrivacy
4. 4 IBM Security
SANS Security Controls & Misure Minime AGID
1. Inventory of Authorized and Unauthorized
Devices
2. Inventory of Authorized and Unauthorized
Software
3. Secure Configuration of End-User Devices
4. Continuous Vulnerability Assessment &
Remediation
5. Controlled Use of Administrative Privileges
6. Maintenance, Monitoring, and Analysis of
Audit Logs
7. Email and Web Browser Protections
8. Malware Defense
9. Limitation & Control of Network Ports,
Protocols, and Service
10. Data Recovery Capability
11. Secure Configuration of Network Devices
12. Boundary Defense
13. Data Protection
14. Controlled Access Based on Need to
Know
15. Wireless Access Control
16. Account Monitoring and Control
17. Security Skills Assessment and
Appropriate Training
18. Application Software Security
19. Incident Response and Management
20. Penetration Tests and Red Team
Exercises
https://www.sans.org/critical-security-controls
https://www.cisecurity.org/controls/
5. 5 IBM Security
1 Inventory of auth. and
unauth. device
2 Inventory of auth. and
unauth. software
3 Secure Configurations of
end-user devices (and
servers)
4 Continuous Vulnerability
Assessment and Remediation
8 Malware defence
8 Malware defence
7 Email and Web Browser
Protections
9 Limitation and Control of Network
Ports, Protocols, and Services
12 Boundary Defense
17 Security Skills Assessment
and Appropriate Training to Fill
Gaps
1 Inventory of auth. and
unauth. device
4 Continuous vulnerability
assessment & remediation
8 Malware defence
6 Maintenance, Monitoring,
and Analysis of Audit Logs
9 (Limitation and) Control of
Network Ports, Protocols, and
Service
11 Secure Configuration of
Network Devices
• 19 Incident Response
and Management
5 Controlled Use of
Administrative Privileges
14 Controlled Access based on
the need to know
16 Account Monitoring and
Control
1 Inventory of auth. and unauth.
device
2 Inventory of auth. and unauth.
software
3 Secure configurations of end-
user devices
4 Continuous vulnerability
assessment & remediation
8 Malware defence
4 Continuous vulnerability
assessment & remediation
13 Data Protection
18 Application Security 20 Penetration Tests &
Red Team Exercise
IBM Security Immune System to address Critical Security Controls
6. 6 IBM Security
SANS Security Controls & Misure Minime AGID
1. Inventory of Authorized and
Unauthorized Devices
2. Inventory of Authorized and
Unauthorized Software
3. Secure Configuration of End-User Devices
4. Continuous Vulnerability Assessment &
Remediation
5. Controlled Use of Administrative
Privileges
6. Maintenance, Monitoring, and Analysis of
Audit Logs
7. Email and Web Browser Protections
8. Malware Defense
9. Limitation & Control of Network Ports,
Protocols, and Service
10. Data Recovery Capability
11. Secure Configuration of Network Devices
12. Boundary Defense
13. Data Protection
14. Controlled Access Based on Need to
Know
15. Wireless Access Control
16. Account Monitoring and Control
17. Security Skills Assessment and
Appropriate Training
18. Application Software Security
19. Incident Response and Management
20. Penetration Tests and Red Team
Exercises
https://www.sans.org/critical-security-controls
https://www.cisecurity.org/controls/
• Automated discovery based on «passive» tools
• DHCP logging to improve asset
• Automated vulnerability scanning tools
• Correlate event logs with information from
vulnerability scans
• Subscribe to vulnerability intelligence services
• Establish a process to risk-rate vulnerabilities
based on the exploitability and potential impact
• Deploy a SIEM …tools for log aggregation and
consolidation …and for log correlation and
analysis.
• Use network-based anti-malware tools to identi
• Ensure that only ports, protocols, and services
with validated business needs are running on
each system.
• Compare firewall, router, and switch
configuration against standard secure
configurations
• Use automated tools to verify standard device
configurations and detect changes.
• automated tool on network perimeters that
monitors for sensitive information (..), keywords,
…to discover unauthorized attempts to exfiltrate
• Monitor all traffic leaving the organization and
detect any unauthorized use of encryption
• Monitor account usage to determine dormant
accounts,
• Monitor attempts to access deactivated
accounts through audit logging.
• Profile each user’s typical account usage
7. 7 IBM Security
Sicurezza dei dati personali Art.. 5, 24, da 32 a 34
• ... un'adeguata sicurezza dei dati personali, compresa
la protezione... da trattamenti non autorizzati o illeciti e
dalla perdita, dalla distruzione o dal danno accidentali
(«integrità e riservatezza»).
• .. misure tecniche e organizzative ... per garantire un
livello di sicurezza adeguato al rischio, ...
• la pseudonimizzazione e la cifratura;
• la capacità di assicuraresu base permanente la
riservatezza, l'integrità, la disponibilità e la
resilienza..
• la capacità di ripristinare tempestivamente ....
• verificare e valutare regolarmente l'efficacia
delle misure..
• .. si tiene conto in special modo dei rischi .. dalla
distruzione, dalla perdita, dalla modifica, dalla
divulgazione non autorizzata o dall'accesso, in modo
accidentale o illegale, a dati personali
• Notifica di violazione all’autorità di controllo (Art 33)
• Notifica di violazione agli interessati (Art 34)
Responsabilità Art. 5, 24 e altri
• Il titolare del trattamento è competente .... e in
grado di comprovarlo («responsabilizzazione»).
• Titolari e responsabili hanno l’obbligo di dimostrare
la conformità con i Principi della normativa, e quindi
l’obbligo di tracciare le attività di trattamento e la
liceità, la raccolta delle informazioni e dei consensi,
le attività di gestione, le misure di sicurezza
adottate, gli accessi, ecc..
• Obbligo ai “Registri delle Attività di Trattamento”
(Art. 30)
• Valutazione d’Impatto (At. 35)
By Design and By Default Art 25
• «..misure tecniche e organizzative adeguate,
quali la pseudonimizzazione, voltead attuare in
modo efficace i principi di protezione dei dati,
quali la minimizzazione, e a integrare nel
trattamento le necessarie garanzie» per la
conformità alla normativa e la tutela dei diritti
dell’interessato
• «... che siano trattati, per impostazione
predefinita, solo i dati personali necessari ...
Tale obbligo vale per la quantità dei dati
personali raccolti, la portata del trattamento, il
periodo di conservazione e l'accessibilità»
• «.. non siano resi accessibili dati personali a un
numero indefinito di persone fisiche ..»
Liceità e Consenso (Art 5-8)
• I dati personali sono: trattati in modo lecito, corretto e trasparente.. ; raccolti
per finalità determinate, esplicite e legittime...; adeguati, pertinenti e limitati a
quanto necessario ..; conservati in una forma che consental'identificazione
degli interessati ...;
• Liceità (Art 6)
• Consenso (Art. 7 e 8)
Diritti dei cittadini europei Art. 12 to 20 e altri
• Trasparenza
• Diritto all’accesso, rettifica e cancellazione (diritto
“all’oblio”)
• Diritto di limitazione al trattamento
• Diritto alla portabilità dei dati
• Diritto di opposizione e processo decisionale
automatizzato
• Diritto di reclamo e ricorso (Art. 77-79)
• Diritto al risarcimento (Art. 82)
Assessmen
t & Clean
Up
Archiving
Legal
Curation
Records &
Retention
By Design
and BY
Default
Liceità e
Consenso
Responsabilit
à Data
Breaches
Conoscenza
dei dati
Diritti
dei
residenti
in
Europa
Normativa GDPR: doveri e obblighi fondamentali
8. 8 IBM Security8
Information Security and Data Privacy are correlated but
different and must be managed accurately
Information Security and Data Privacy: differences and interactions
Information Security
Information security is all of the practices and
processes that are in place to ensure data is
not being accessed or used by unauthorized
individuals or parties. It covers a wider array of
data than personal data, because it includes the
protection of all the information and asset
managed for the business.
Organizational, Technical and Physical Controls;
mostly as per Industry Standards (ISO 27001).
Some Examples:
• Information Security Policy
• Security Risk analysis, Security Risk Treatment
Plan, Information Security Appropriate
organizational and technological Measure
• Security Incidence Response Plan
• IAM (Identity and Access Management)
• SIEM (Security Incident and Event
Management)
• Data Security
• Firewalls
• Encryption
• Locks, guards, video surveillance
Data Privacy
Data privacy is concerned with establishing rules
that govern the collection and handling of
personal information. Handling personal data
includes processing, use, transfer, sharing and
deletion.
• Privacy Strategy Policy
• Privacy Risk Analysis, Privacy Risk Treatmen
Plan: Privacy appropriate organizational and
technological Privacy Measure
• Privacy Treatment registrations
• Collection Minimization, Transparency
• Notice, Choice, Consent
• Purpose Specification, Use Limitation
• Data Security
• Access, Rectification and Erasure … Rights of
Data Subjects
• Retention Periods
• 3rd Party Vendor Requirements
• Cross-border Export Restrictions
• Cross-border Access Restrictions
• Data Breach Notification
• Accountability
9. 9 IBM Security
(Personal) Data Processing activities built upon a reliable infrastructure
Users
DBA
Infrastructure IT Hygiene
Enterprise
Rules
Server & endpoint security
Perimeter Security
App
Data
DataEncryptDBs
Protect Keys
Data
Encryption
Discovery & Classify Data
Monitor and Log Activity
Enforce policies
Monitor DBAs
Real-Time
Data Protection
Extract Data
Mask Data
Data Copy
Check App Code Security
Correct Vulnerabilities
Application
Quality
Identity
Governance
Audit the authorizations currently existing in the systems
Manage re-certification campaigns
Ensure separation of duty
Privileged
Identities
Control Admins
Access
Control
Flexible policies
Risk-Based Authentication
Multi-Factor & Biometry
Correlate events, traffic flows,
Behaviour Analysis..
Identify Incidents
Forensic Analysis
Manage Incidents
Security
Analytics
Incident
Response
Users
Activity
App
Activity
Data
Activity
Infrastructure
Activity
10. 10 IBM Security
(Personal) Data Processing activities built upon a reliable infrastructure
Users
DBA
Infrastructure IT Hygiene
Enterprise
Rules
Server & endpoint security
Perimeter Security
App
Data
DataEncryptDBs
Protect Keys
Data
Encryption
Discovery & Classify Data
Monitor and Log Activity
Enforce policies
Monitor DBAs
Real-Time
Data Protection
Extract Data
Mask Data
Data Copy
Check App Code Security
Correct Vulnerabilities
Application
Quality
Identity
Governance
Audit the authorizations currently existing in the systems
Manage re-certification campaigns
Ensure separation of duty
Privileged
Identities
Control Admins
Access
Control
Flexible policies
Risk-Based Authentication
Multi-Factor & Biometry
Correlate events, traffic flows,
Behaviour Analysis..
Identify Incidents
Forensic Analysis
Manage Incidents
Security
Analytics
Incident
Response
Users
Activity
App
Activity
Data
Activity
Infrastructure
Activity
Privileged
Identity
Manager
Identity
Governanc
e
Security
Access
Manager
AppScan
Guardium
Data
Protection
Guardium
Data
Encryption
BigFix
MaaS360
XGS
QRadar
Resilient
11. 11 IBM Security
(Personal) Data Processing activities built upon a reliable infrastructure
Users
DBA
Infrastructure IT Hygiene
Enterprise
Rules
Server & endpoint security
Perimeter Security
App
Data
DataEncryptDBs
Protect Keys
Data
Encryption
Discovery & Classify Data
Monitor and Log Activity
Enforce policies
Monitor DBAs
Real-Time
Data Protection
Extract Data
Mask Data
Data Copy
Check App Code Security
Correct Vulnerabilities
Application
Quality
Identity
Governance
Audit the authorizations currently existing in the systems
Manage re-certification campaigns
Ensure separation of duty
Privileged
Identities
Control Admins
Access
Control
Flexible policies
Risk-Based Authentication
Multi-Factor & Biometry
Correlate events, traffic flows,
Behaviour Analysis..
Identify Incidents
Forensic Analysis
Manage Incidents
Security
Analytics
Incident
Response
Users
Activity
App
Activity
Data
Activity
Infrastructure
Activity
12. 12 IBM Security
Is this really sustainable ?
Threats Alerts Analysts
available
Quick Insights : Current Security Status
Available
time
”93% SOC Managers Not Able to Triage All Potential Threats”
“42 percent of cybersecurity professionals working at enterprise organizations claim
that they ignore a ‘significant number of security alerts’”
“(31 percent) of organizations forced to ignore security alerts claim they ignore 50
percent or more security alerts because they can’t keep up with the overall volume”
Knowledge
needed
13. 13 IBM Security
Evolving to meet current and future security operations needs with
cognitive enabled cyber security
Grep
Cognitive security solutions
harness the power of language
comprehension in performing
threat research, apply
deductive reasoning and self-
learning capabilities to direct
security practitioners to
contextually relevant information
and deliver advise on the
course of action
Grep
Search
Pattern
Matching
Correlation
and rules
Behavioral
Analytics
Cognition
Increasing data volumes, variety and complexity
Increasingattackandthreatsophistication
Recognition of threats & risks
Reasoning about
threats & risks
Helping security teams not only detect a security threat is but also resolving the what, how,
why, when and who to improve the overall incident response timeline
14. 14 IBM Security
Traditional
Security Data
A tremendous amount of security knowledge is created for human
consumption, but most of it is untapped
Examples include:
• Research documents
• Industry publications
• Forensic information
• Threat intelligence
commentary
• Conference presentations
• Analyst reports
• Webpages
• Wikis
• Blogs
• News sources
• Newsletters
• Tweets
A universe of security knowledge
Dark to your defenses
Typical organizations leverage only 8% of this content*
Human Generated
Knowledge
• Security events and alerts
• Logs and configuration data
• User and network activity
• Threat and vulnerability feeds
15. 15 IBM Security
IBM QRadar Intelligence and Analytics Platform
Advanced
Threat
Detection
Insider
Threat
Detection
Risk &
Vulnerability
Management
Critical Data
Protection
Incident
Response
Compliance
Reporting
Securing
Cloud
USE
CASES
ACTION
ENGINE
COLLECTION
DEPLOYMENT MODELS
Behavior-Based
Analytics
PRIORITIZED INCIDENTS
Context-Based
Analytics
Time-Based
Analytics
QRadar
Sense
Analytics
Third-Party
Usage
Automation WorkflowsDashboards Visualizations
ON PREM AS A SERVICE CLOUD HYBRID
Business
SystemsCloud Infrastructure Threat Intel Applications
Capability
and Threat
Intelligence
Collaboration
Platforms
App
Exchange
X-Force
Exchange
16. 16 IBM Security
Solutions for the full Security Intelligence timeline
What was the impact
to the organization?
What security incidents
are happening right now?
Are we configured
to protect against
advanced threats?
What are the major risks
and vulnerabilities?
• Risk Management.
• Vulnerability Management.
• Configuration and Patch Management.
• X-Force Research and Threat
Intelligence.
• Compliance Management.
• Reporting and Scorecards.
• Network and Host Intrusion Prevention.
• Network Anomaly Detection. Packet
Forensics.
• Database Activity Monitoring.
• Data Leak Prevention.
• Security Information and Event
Management.
• Log Management.
• Incident Response.
Exploit Remediation
REACTION / REMEDIATION PHASE
Post-ExploitVulnerability Pre-Exploit
PREDICTION/ PREVENTION PHASE
Security Intelligence
17. 17 IBM Security
Security Intelligence – Clear Visibility & Increased Accuracy
Dynamic Threat Environment Requires Clear Visibility &
Increased Accuracy
Taking in data from wide spectrum of feeds + continually adding context
Correlation
§ Logs/events
§ Network Flows
§ Geographic Location
Activity baselining and
anomaly detection
§ User activity
§ Database activity
§ Application activity
§ Network activity
Security devices
Servers and mainframes
Network and virtual
activity
Data activity
Application activity
Configuration information
Vulnerabilities and threats
Users and identities
Offense identification
§ Credibility
§ Severity
§ Relevance
Suspected
incidents
True
offense
Extensive data sources Deep intelligence
Exceptionally accurate
and actionable insight+ =
Security Intelligence Feeds
Internet Threats, Geo Location, …
18. 18 IBM Security
Command console for Security Intelligence
• Provides full visibility and actionable insight to protect against advanced threats
• Adds network flow capture and analysis for deep application insight
• Employs sophisticated correlation of events, flows, assets, topologies, vulnerabilities and external data to
identify and prioritize threats
• Contains workflow management to fully track threats and ensure resolution
• Uses scalable hardware, software and virtual appliance architecture to support the largest deployments
SIEM
19. 19 IBM Security
Cyber threats rely on our networks to carry our their objectives
• >99% of cyber attacks traverse the network
in some way
– Email/Web
– Reconnaissance
– Command and control
– Data collection…
• Only insider attacks collecting local system
data and posting it to removable media do
not
– Source: Enterprise ManagementAssociates (EMA)
• Threat activity inherently leaves a trail of
evidence across our networks
– So the data needed to detect these threats is there if
you look deep enough
Most-common attack types1
20. 20 IBM Security
Taking flow analysis to the next level
“A network flow is, in essence, a record of a given conversation between two
hosts on a network… this information is much like a phone bill: you can't tell what
was said during the conversation, but you can use it to prove who talked to who” –
SANS Institute
QFlow provides all the benefits of network flows but will also recognize layer 7
applications and allows you to capture the beginning of the conversation
QRadar Network Insights will also let you know if suspect items or
topics of interest were discussed at anytime during the conversation
QRadar Incident Forensics and Network Packet Capture will capture,
reconstruct and replay the entire conversation
Incident Detection
Incident Response
IBM Confidential SHARED
UNDER NDA
21. 21 IBM Security
Differentiated by network flow analytics - QFlow
• Network traffic doesn’t lie. Attackers can stop logging and erase their tracks, but can’t cut off
the network (flow data)
̶ Deep packet inspection for Layer 7 flow data
̶ Pivoting, drill-down and data mining on flow sources for advanced detection and forensics
• Helps detect anomalies that might otherwise get missed
• Enables visibility into attacker communications
22. 22 IBM Security
Bringing visibility to today’s cyber security challenges
• Session reconstruction and application analysis
• Extraction of key metadata and content
• Full payload and application content analysis
• Real-time analysis of network traffic
• Intrinsic Suspect Content detection
23. 23 IBM Security
Differentiated by network flow analytics - Network Insights
• Innovative network analytics solution that will
quickly and easily detect insider threats, data
exfiltration and malware activity
• Logs and traditional network flow data are not
providing enough visibility
• Records application activities, captures artifacts,
and identifies assets, applications and users
participating in network communications
• Configurable analysis from network traffic for real
time threat detection and long-term retrospective
analysis
• New Appliance with out-of-the-box content on the
App Exchange for fast time to value and best
practices
• Filling in the important gaps
̶ What is out there ?
̶ Who is talking to whom ?
̶ What files and data are being exchanged ?
̶ Do they look malicious ?
̶ Do they contain any important or sensitive data ?
̶ Is this malicious application use ?
̶ Is this new threat on my network ?
̶ If so, it where is it and what did it do ?
Seamless integration across the QRadar platform:
ü Extends QRadar flow capabilities
ü QNI analysis fuels QRadar capabilities, content and Apps
ü Derives sense events for User Behavior Analytics for
improved insider risk assessments
24. 24 IBM Security
Our Security Intelligence platform delivers powerful capabilities IT Security Operations Teams
Tells you exactly when
an incidentoccurred
Delivers intelligenceto guide
forensicsinvestigations
Merges powerfulforensics
capability with simplicity
Next generation network forensics: know what happened, fast
Introducing QRadar Incident Forensics
Leveraging the strengths of QRadar to optimize the process of investigating
and gathering evidence on advanced attacks and data breaches
• Visually construct threat actor relationships
• Builds detailed user and application profiles across
multiple IDs
• Full packet capture for complete session reconstruction
• Unified view of all flow, user, event, and forensic
information
• Retrace activity in chronological order
• Integrated with QRadar to discover true offenses and
prioritize forensics investigations
• Enables search-driven data exploration to return
detailed, multi-level results in seconds
25. 25 IBM Security
EMAIL
Chat
Social
Web
Extended clarity
From session data analysis yielding
basic application insights
To full visualization of extended relationships
and embedded content
From standard asset
identity information
To rich visualizations of digital impressions
showing extended relationships
26. 26 IBM Security
Qradar Risk Manager adds pro-active capabilities
• Depicts network topology views and helps visualize current and alternative network traffic patterns
• Identifies active attack paths and assets at risk of exploit
• Collects network device configuration data to assess vulnerabilities and facilitate analysis and reporting
• Discovers firewall configuration errors and improves performance by eliminating ineffective rules
• Analyzes policy compliance for network traffic, topology and vulnerability exposures
Risk Manager
27. 27 IBM Security
IBM QRadar Vulnerability Manager
§ First VA solution integrated
with Security Intelligence
§ Dramatically improving
actionable information through
rich context
§ Reducing total cost of
ownership through product
consolidation
§ Providing unified view of all
vulnerability information
Log
Manager
SIEM
Network
Activity
Monitor
Forensics
Vulnerability
Manager
Security Intelligence is extending and transforming Vulnerability Management
– just as it did to Log Management
Solution Highlights
28. 28 IBM Security
Not Active: By leveraging Network Insights, QVM can tell if
the vulnerable application is active
Patched: By leveraging BigFix, QVM understands what
vulnerabilities will be patched
Blocked: By leveraging network topology, QVM can
understand what vulnerabilities are blocked by firewalls and
IPSs and XGS
Critical: By leveraging its vulnerability knowledge base,
remediation flow and QRM policies, QVM can identify
business critical vulnerabilities
At Risk: By utilizing X-Force threat and SIEM security
incident data, coupled with QFlow network traffic visibility,
QVM can tell if vulnerable assets are communicating with
potential threats
Exploited: By leveraging SIEM correlation and XGS data,
QVM can reveal what vulnerabilities have been exploited
IBM QRadar Vulnerability Manager: How it works
29. 29 IBM Security
Cybercriminals rarely act alone, neither should you!
• What you also need to do to stay ahead of the threat
̶ Change the way teams collaborate for improved network security defenses.
̶ Raise the costs and reduce the opportunities for cybercriminals
• The solution
̶ IBM Security X-Force Exchange https://exchange.xforce.ibmcloud.com
• Provides aggregated threat intelligence and a platform for peer collaboration to add human context to machine-generated intelligence.
̶ IBM Security App Exchange http://apps.xforce.ibmcloud.com
• Provides a platform to share professionally developed tools and technologies, and also encourages rapid innovation through
crowdsourcing of client contributions.
Cybercriminals rarely act alone, neither should you!
30. 30 IBM Security
IBM Security App Exchange
Example: IBM QRadar User Behavior Analytics (UBA)
• QRadar UBA adds a user-centric view of network activities including a new tab and customizable
dashboard allowing security teams to quickly understand risky behaviors. It’s similar to the Offenses
tab in that it prioritizes or ranks incidents related to the triggering of behavioral or anomaly rules
associated with user actions.
• IBM QRadar platform extends to support an
integrated UBA approach to detect and
investigate user risk
• Enabled via IBM Security App Exchange –
QRadar UBA app available for download
• Leverage existing data set and analytics
platform reducing tool sprawl
Cybercriminals rarely act alone, neither should you!
Detect abnormal user behavior in one click
IBM QRadar User Behavior Analytics
31. 31 IBM Security
Cognitive Security Starts Here
IBM Security Introduces a Revolutionary Shift in Security Operations
• Employs powerful cognitive capabilities to
investigate and qualify security incidents and
anomalies on behalf of security analysts
• Powered by Watson for Cyber Security to tap into
vast amounts of security knowledge and deliver
insights relevant to specific security incidents
• Transforms SOC operations by addressing current
challenges that include skills shortages, alert
overloads, incident response delays, currency of
security information and process risks
• Designed to be easily consumable: delivered via
IBM Security App Exchange and deployed in
minutes
NEW! IBM QRadar Watson Advisor
32. 32 IBM Security
• Review the incident data
• Review the outlying events for anything
interesting (e.g., domains, MD5s, etc.)
• Pivot on the data to find outliers
(e.g., unusual domains, IPs, file access)
• Expand your search to capture more data
around that incident
• Search for these outliers / indicators
using X-Force Exchange + Google +
Virus Total + your favorite tools
• Discover new malware is at play
• Get the name of the malware
• Gather IOC (indicators of compromise)
from additional web searches
• Investigate gathered IOC locally
• Find other internal IPs are potentially
infected with the same Malware
• Qualify the incident based on insights
gathered from threat research
• Start another investigation around each
of these IPs
Cognitive Tasks of a Security Analyst in Investigating an Incident
Time
consuming
threat
analysis
There’s got to be
an easier way!
Apply the intelligence and
investigate the incident
Gather the threat research,
develop expertise
Gain local context leading
to the incident
33. 33 IBM Security
Unlocking a new partnership between security analysts and their technology
QRadar Advisor complementing the investigative resources of a SOC
• Manage alerts
• Research security events and anomalies
• Evaluate user activity and vulnerabilities
• Configuration
• Other
• Data correlation
• Pattern identification
• Thresholds
• Policies
• Anomaly detection
• Prioritization
Security Analytics
Security Analysts Watson for Cyber Security
• Security knowledge
• Threat identification
• Reveal additional indicators
• Surface or derive relationships
• Evidence
• Local data mining
• Perform threat research using Watson for Cyber Security
• Qualify and relate threat research to security incidents
• Present findings
QRadar Watson Advisor
SECURITY
ANALYSTS
SECURITY
ANALYTICS
QRadar
Advisor with
Watson
Watson
for Cyber
Security
34. 34 IBM Security
QRadar Advisor in Action
1. Offenses
5. Research results
Knowledge
graph
4. Performs threat
research and
develops expertise
3. Observables2. Gains local context
and forms threat
research strategy
Offense
context
Device
activities
Equivalency
relationships
6. Applies the intelligence
gathered to investigate
and qualify the incident
QRadar
Correlated enterprise data
35. 35 IBM Security
Gain local context leading to the incident and formulate a threat research
strategy
36. 36 IBM Security
Observables: Data used by QRadar Advisor
Observables: the finite set of discrete elements that are collected from an offense and related events that are
used by QRadar Watson Advisor for local analysis and external research. Only a subset are sent to Watson for
Cyber Security as observations of a potential threat
Observable
Type
Description Sent to
W4CS
Source IP External Source IPs that appear in an
offense – enforced by respecting the
Network Hierarchy defined in QRadar
Yes
Destination
IP
External Destination IPs that appear in an
offense – enforced by respecting the
Network Hierarchy defined in QRadar
Yes
File Hash Hash value of a file that is deemed
suspicious
Yes
URL External URLs that appear in an offense Yes
Domain External Domains that appear in an
offense
Yes
Destination
Port
Destination Ports belonging to Destination
IPs
No
User Agent The user agent identified by a browser or
HTTP application
No
AV
Signature
Malware signatures identified by antivirus
solutions
No
Email
Address
Email addresses associated with
suspicious emails
No
File Name Names of suspicious files No
Observable
Type
Description Sent to
W4CS
Source Port Source Ports belonging to Source IPs No
Destination
ASN
Autonomous System Number of a
destination IP address (from a DNS)
No
Source ASN Autonomous System Number of a source IP
address (from a DNS)
No
Destination
Country
Name of the destination country of outbound
communications
No
Source
Country
Name of source country of inbound
communications
No
Low Level
Category
Low level QRadar offense category No
High Level
Category
High level QRadar offense category No
Direction Direction of communication No
User name Aliases that may attempt to access critical
internal infrastructure
No
37. 37 IBM Security
Control, Privacy and Security of Transferring Observables
Control
• QRadar Watson Advisor
references the Network
Hiearchy defined in QRadar
• QRadar Administrator can
control which types of
observables are sent in the
QRadar Watson Advisor
administration page
• QRadar Administrator can
select which custom
properties are mapped to
observable types
Privacy
• Only external URLs,
domains, IPs, ports and and
values are sent to Watson
for Cyber Security
• After an investigation, all
observables sent to Watson
for Cyber Security are
destroyed, and the results of
the investigation are also not
persisted in the cloud
• Watson for Cyber Security
does not track the IPs or the
specific instance of QRadar
Watson Advisor submitting
the investigation requests to
preserve anonymity
Security
• Observables are sent via an
encrypted channel to
Watson for Cyber Security
• Watson for Cyber Security
isolates each customer’s
offense investigation
• Watson for Cyber Security
can only be accessed by
authorized QRadar Watson
Advisor apps
38. 38 IBM Security
Advanced Threat
Detection
Insider Threat
Securing the
Cloud
Risk and Vuln
Management
A security operations platform for todays and tomorrows needs
Critical Data
Protection
Compliance
Incident
Response
Fast to deploy, easy to manage,
and focused on your success