More Related Content
Similar to QRadar-XDR-Solution.pdf
Similar to QRadar-XDR-Solution.pdf (20)
QRadar-XDR-Solution.pdf
- 2. Cybersecurity
is becoming
more challenging
2
Factors most responsible for making cybersecurity
management and operations more difficult
An increase in the number of remote workers accessing
the corporate network and / or applications
An increase in the threat landscape
An increase in the number of cloud applications
our organization uses
41%
38%
32%
of organizations say cybersecurity
has become more difficult over
the last two years
Source: ESG, The State of Zero-trust Security Strategies, April 2021
IBM Security / © IBM Corporation 2021
- 3. Cloud /
SaaS
Cloud /
SaaS
Cloud /
SaaS
Current Enterprise Architecture Complexity
Previous Enterprise Architectures
Evolving enterprise architectures is forcing enterprises
to rethink their security approach
Traditional Enterprise
Resources
Legacy Network
• Threat prevention
• Policy enforcement
• Monitoring and response
Remote Users / Endpoints
On-premises Users / Endpoints
VPN
Cloud /
SaaS
Traditional Enterprise
Resources
Legacy Network
• Threat prevention
• Policy enforcement
• Monitoring and response
On-premises Users / Endpoints
Cloud /
SaaS
Cloud /
SaaS
Cloud /
SaaS
Cloud /
SaaS
VPN
Hundreds / Thousands More Remote Users / Endpoints
Source: Scott Crawford, 451 Research, part of S&P Global Market Intelligence
- 4. Missed threats
Traditional approaches rely on
finding what’s known and can miss
new attacks
Costs and complexity
Many siloed tools and disjointed
workflows can increase costs
Legacy defenses and security teams face challenges
against advanced threats
IBM Security / © IBM Corporation 2021 4
Poor visibility
Digital transformation and
cloud adoption have expanded
monitoring needs, but there can be
blind spots
Struggle to keep up
Today’s threats are extremely complex
and automated, humans can have
difficulty evaluating many fast-moving
parts at once
- 5. How organizations can modernize threat
detection and response
IBM Security / © IBM Corporation 2021 5
Eliminate silos
Gain visibility across data
sources — from the cloud
to the core
Unify workflows
Work without pivoting
between tools
Automate work
Let machines do the heavy lifting
— whether mundane tasks or
complex analysis
- 6. Security analysts typical
workflow complexity
IBM Security / © IBM Corporation 2021 6
• Fewer, more accurate alerts
with an open scalable
approach
• Leverage existing tools and
avoid vendor lock in
• Streamlined workflow,
reduced manual effort
thanks to automation
• Pre-built detection and
response so teams can
protect your organization,
even without deep security
expertise
Incident
Triage and investigate incident
Respond
Perform root-cause analysis
Mitigation steps
Close incident
Choose highest priority
Review open incidents
Investigate in tool 2
Investigate in tool 3
Investigate in tool 4
Determine validity / severity
Determine response steps
Build / alter playbook
Respond in SOAR
Incident
Execute additional investigation
Add relevant response
Review automated workflow
1 click to execute response actions
Close incident
Open routed incident
Review root cause analysis
Simplified workflow
using QRadar XDR
BEFORE AFTER
Source: Forrester Report, Adapt Or Die: XDR Is On A Collision Course With SIEM And SOAR, April 2021
- 7. Future of the Modern SOC
IBM Security / © IBM Corporation 2021 7
ReaQta’s endpoint security solutions leverage AI to help
automatically identify and manage threats
The industry’s most open
threat detection, investigation,
and response solution
- 8. IBM Security QRadar XDR, an Open, Connected Approach
IBM Security / © IBM Corporation 2021 8
- Integration with Existing Tools or IBM’s
The industry’s largest Open XDR ecosystem can integrate your EDR,
SIEM, NDR, SOAR and Threat Intelligence, while leaving data where it
is for a complete XDR approach
- Single User Experience across Tools & Teams
Simple XDR workflows, co-designed with experts, help speed up alert
triage, threat hunting, investigation and response
- AI Built for Analyst Productivity
Automate the work of enriching, correlating, and investigating
threats with purpose-built AI and pre-built playbooks, including
automated root cause analysis and MITRE ATT&CK mapping
– Adaptable Architecture to Help Avoid Lock-In
Built on IBM Cloud Pak for Security for deployment on premises or on
cloud, and ready for use by security service providers
IBM Cloud Pak® for Security platform
and open integrations
NDR SOAR
EDR SIEM Threat
intel
Open source and standards
Connected XDR workflows
Hunt + Investigate + Triage + Response + Automate
IBM Security QRadar XDR
- 9. IBM Security QRadar XDR, an Open, Connected Approach
IBM Security / © IBM Corporation 2021 9
Open Integrations
Threat Intel
IBM Security
X-Force
Alien Vault
NDR SOAR
EDR SIEM
IBM Security
QRadar XDR Connect Connect your tools and automate your SOC using IBM and open third-party integrations
Open Source and Standards
IBM Security QRadar XDR
Many More
Open Integrations
Requires QRadar SIEM to integrate
with QRadar XDR Connect
More Threat Intelligence Integrations
More EDR
Integrations
IBM Security
QRadar SOAR
IBM Security
QRadar NDR
IBM Security
QRadar SIEM
Microsoft Azure
MySql
Elastic
Search
Azure Sentinel
Windows
Defender Vectra
- 10. Leverage your existing
security tools with an open
approach
Enable your teams to connect
a full range of tools, data and intel feeds to
modernize your SOC.
Act quickly with automated threat
investigations and accelerated threat
hunting
Use AI to automate case investigation and correlate data,
allowing more time for strategic imperatives. Improve
prioritization, root-cause analysis and response with MITRE
ATT&CK mapping and contextual intelligence.
Gain enhanced insights
while improving threat
detection
Correlate related alerts by connecting
additional telemetry and prioritize threats
to eliminate alert fatigue.
Connect your tools, automate your SOC, and free up time
for what matters most
IBM Security QRadar XDR Connect
IBM Security / © IBM Corporation 2021 10
Response recommendation planned for Q1 2022
- 11. Simplifying Threat Detection
and Response
for the Hybrid World
IBM Security / © IBM Corporation 2021 11
Next Steps
Watch the QRadar XDR
Watch now
Learn more about
QRadar XDR Suite
ibm.com/qradar
- 12. © Copyright IBM Corporation 2021. All rights reserved. The information contained in these materials is provided for informational
purposes only, and is provided AS IS without warranty, of any kind, express or implied. Any statement of direction represents IBM’s
current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM
products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or
both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection
and response to improper access from within and outside your enterprise. Improper access can result in information being altered,
destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others.
No IT system or product should be considered completely secure and no single product, service or security measure can be
completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful,
comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,
products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will
make your enterprise immune from, the malicious or illegal conduct of any party.
Follow us on:
ibm.com/security
securityintelligence.com
ibm.com/security/community
xforce.ibmcloud.com
@ibmsecurity
youtube.com/ibmsecurity
Thank you