The document outlines IBM Security's solutions for modern security operations, emphasizing the importance of advanced threat detection, insider threat identification, and cloud security. It highlights the need for real-time threat identification, risk management, and compliance, addressing challenges such as alert fatigue and user behavior analysis. Additionally, it promotes IBM's Qradar as an integrated solution for managing security operations effectively and efficiently.

1. Take your SOC beyond SIEM
Tom Springer
May 9, 2018
North American Digital Development Representative
IBM #QRADAR
bit.ly/IBMSecurityTom

2. 2 IBM Security
Today’s security challenges
COMPLIANCE
HUMAN
ERROR
SKILLS GAP
ADVANCED
ATTACKS
INNOVATION
TIME

3. 3 IBM Security
Todays security operations priorities
Security
Orchestration
and
Analytics
Advance and
Persistent Threats
Insider
Threats
Critical Data
Protection
Secure
the Cloud
Manage
Vulnerability
Risk
Incident
Response
Compliance

4. 4 IBM Security
Event Correlation
and Log Management
IBM QRadar Security Intelligence
SIEM LAYER
Incident Response
Orchestration
Cognitive Security
Threat Intelligence
Hunting
User and Entity Behavior
ABOVE THE SIEM
New Security Operations Tools
BELOW THE SIEM
IBM QRadar – An integrated ‘Above SIEM’ solution for the SOC

5. Securing the enterprise

6. 6 IBM Security
Advanced Threat Detection : How can organizations…
Address these concerns:
• Identify threats in real time and escalate to identify
the most critical ones to focus on
• Detect long and slow attacks
• Avoid alert fatigue and minimize the chance of
missing alerts in the noise of event data
• Identify threat actors, malware, campaigns and the
attack vectors exploited in the face of skills and
knowledge gaps and ever growing threat variety

7. 7 IBM Security
Detecting Advanced and persistent threats with deep Network Insights
and AI
SINGLE, REAL-TIME ATTACK VIEW
Intelligently gathers all attack related activities
into a single pain of glass and updates in real
time as attack unfolds minimizing noise
BUSINESS DRIVEN PRIORITIZATION
Automatically adjusts severity based on
business impact, and evidence as attack
progresses
COGNITIVE ANALYSIS
Accelerates alert triage and threat discovery
with cognitive incident analysis
COMPREHENSIVE INVESTIGATION
Enables full forensics analysis of log, network
PCAP, and Endpoint data from single screen
Asset
Database
Vulnerability
Data
Network
Behaviour
Analytics
Threat
Intelligence
Cognitive
Analysis
Event has been
triggered against
a high profile
asset
Asset is
vulnerable
to this specific
attack
Network
analytics
detects abnormal
behaviour
Outbound
connection has
connected to a
known ‘bad’ site
Watson reveals
wider campaign,
Malware
other IOCs
INCIDENT ALERT

8. 8 IBM Security
Insider Threats : How can organizations…
Address these concerns:
• Have credentials been stolen via phishing or
malware account takeover
• Are credentials being misused
• Are there double earners and career jumpers
stealing customer data and/or intellectual
property
• Are users performing activities that are putting
themselves and the organization at increased
risk

9. 9 IBM Security
Identify insider threats with behavioral analytics
IDENTIFY AT RISK USERS
Account takeover, disgruntled
employees, malware actions
STREAMLINED INCIDENT
INVESTIGATIONS
Immediate insights into risky user
behaviors, action and activity history
360°ANALYSIS
Performs analysis of activities at the
end point, insights from network data,
and cloud activities
FAST TIME TO VALUE
Deploys in minutes from the IBM App
Exchange and leverages existing
QRadar data sets immediately
Behavioural
and peer group
analytics
Network
Threat
Analytics
Machine
Learning
Cloud
Analytics
Cognitive
Analysis
Unusual
resource
access
Sensitive
customer
data copied
Unusual amounts
of data copied to
file sharing/social
media
Abnormal
salesforce
Account
access
Watson reveals
account
compromised
by spyware
Risk Level

10. 10 IBM Security
Cloud Security : How can organizations…
Address these concerns:
• What cloud services are being used and
who is using them
• Identify malicious and suspicious activities
in cloud services
• Insider threats and stolen credentials being
used to access cloud services
• Copying of sensitive and customer data to
unapproved cloud services

11. 11 IBM Security
Securing the cloud with end to end visibility
IDENTIFY CLOUD APPS BEING
USED
Analyses proxy logs, with threat
intelligence from IBM X-Force, combined
with asset and use data to determine who
is using what, how much they are using,
and how risky it is
BUSINESS APPS VISIBILITY
Native cloud usage collection enabling
visibility into what is going on in my
environment (O365, Salesforce, AWS,
etc.) and if it is it malicious
QUICKLY FIND THREATS IN THE
CLOUD
Immediately discovers malicious activities
in the cloud using out of the box analytics
and Apps from the App Exchange
Entity
behavioural
Analytics
X-Force
Threat
Intell
Network
Threat
Analytics
Machine
Learning
User
Behaviour
Analysis
Discover
cloud
services
What
Risk do
they pose
Is customer,
sensitive,
potentially
malicious data
being transferred
Office 365
access
location
abnormal
User account
has been
compromised
Risk Level

12. 12 IBM Security
Critical Data : How can organizations…
Address these concerns:
• What data do I have
• Where is it
• What is the nature of it, is it critical, PII or
sensitive data
• What systems and users can access it
• Is it at risk to exploitation, exfiltration and
compromise

13. 13 IBM Security
Critical data protection and GDPR with Network Insights and behavioral
profiling
FIND IT
Automatically identifies servers, services,
databases, apps, and devices through
real-time behavioral profiling of log, flow
and vulnerability data.
WHO CAN ACCESS IT
Collects infrastructure topology configuration
determining who is allowed to access servers,
services and apps
WHERE DOES IT GO
Utilizes network insights to track network
communications, behavior and content to
identify critical data movement and exfiltration
IDENTIFY EXFILTRATION
Analyses DLP, network insights, threat
intelligence and user behaviors to highlight
risky data transfer
Behavioural
Analytics and
Profiling
Vulnerability
Scanning and
Integration
x-Force
Threat
Intell
Network
Threat
Analytics
Context
Driven
prioritization
Discover
File,
Database
And
Applications
Identify
Vulnerability
Risk
Entities
being accessed
by potentially
malicious
sources
Personal
Identification
and
business
data
detected within
network
Security
incident
detected
Severity
automatically
increased
Risk Level

14. Ensuring customer success

15. 15 IBM Security
Advanced Threat
Detection
Insider Threat
Securing the
Cloud
Risk and Vuln
Management
A security operations platform for todays and tomorrows needs
Critical Data
Protection
Compliance
Incident
Response
Fast to deploy, easy to manage,
and focused on your success

16. 16 IBM Security
Learn more about IBM Security
countries where IBM delivers
managed security services
industry analyst reports rank
IBM Security as a LEADER
fastest growing of the Top 5
security vendors
clients protected
including…
133
25
No. 1
12K+
90% of the Fortune 100
companies
Join IBM X-Force Exchange
xforce.ibmcloud.com
Visit our website
ibm.com/security
Watch our videos on YouTube
IBM Security Channel
Read new blog posts
SecurityIntelligence.com
Follow us on Twitter
@ibmsecurity

17. ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
© Copyright IBM Corporation 2017. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind,
express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products
and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service
marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your
enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others.
No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems,
products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products
or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
FOLLOW US ON:
THANK YOU