dispatches from the front: what does it take to deploy ibm security qradar?
Post on 14-Sep-2014
1.027 views
DESCRIPTION
Ease of deployment, workable results with days or hours, and superior visibility using one customizable and intuitive dashboard interface are but three of many key differentiators why clients have chosen the IBM Security QRadar Platform. Join members of IBM Security Systems and special guest Dr. Larry Ponemon, from Ponemon Institute, to hear more about Total Cost of Ownership and Return on Investment experiences associated with IBM Security Intelligence contrasted with competitive solutions. View the full on-demand webcast: https://www2.gotomeeting.com/register/482658634TRANSCRIPT
![Page 1: Dispatches from the front: What does it take to deploy IBM Security QRadar?](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5415f01c8d7f72336c8b48d7/html5/thumbnails/1.jpg)
© 2014 IBM Corporation
IBM Security Systems
1 © 2014 IBM Corporation
Dr. Larry PonemonResearch Principal – Ponemon Institute, LLC
Jason CorbinDirector Product Management - IBM Security Systems
Jay BretzmannSegment Manager Security Intelligence - IBM Security Systems
February 12, 2014
Dispatches from the front: What does it take to deploy IBM Security QRadar? Examining TCO and ROI across 25 Organizations
![Page 2: Dispatches from the front: What does it take to deploy IBM Security QRadar?](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5415f01c8d7f72336c8b48d7/html5/thumbnails/2.jpg)
© 2014 IBM Corporation
IBM Security Systems
2
Two of the most common requests from prospective clients
What does it take to implementa SIEM solution?
What value do clients receivefrom SIEM investments?
1
2
![Page 3: Dispatches from the front: What does it take to deploy IBM Security QRadar?](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5415f01c8d7f72336c8b48d7/html5/thumbnails/3.jpg)
© 2014 IBM Corporation
IBM Security Systems
3
Customer comments always alluded to the value…
“Without QRadar QFlow Collectors, it would be impossible to identify network anomalies. QRadar SIEM helps us take any network behavior and judge its relative importance to the company’s overall security posture.” RON PORRITT, Information Security Engineer for Gordon Food Service
“We evaluated several security and compliance solutions, but each required a dedicated in-house or 3rd party professional services. QRadar SIEM was the only solution we tested that immediately worked out-of-the-box.”BILL BAKER, Lead Security Analyst, S1 Corporation
“Results were instantaneous. As soon as the system was up and running, we found close to 20 bot-controlled hosts on the network,
which we were able to immediately isolate and remove.”GRAYDON HUFFMAN, Senior Systems Security Specialist, Wayne State University
“We’ve been working hard on QRadar for a year and a half and we’re collecting a billion events per day. We call this Data Fusion Management
because we’re collecting everything we can all across the world and it’s been a critical improvement in our ability to stay secure.”
TONY SPINELLI, Senior VP & CISO for Equifax
![Page 4: Dispatches from the front: What does it take to deploy IBM Security QRadar?](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5415f01c8d7f72336c8b48d7/html5/thumbnails/4.jpg)
© 2014 IBM Corporation
IBM Security Systems
4
…but we sought a better quantification of their experiences
Determine total investment in SIEM technologies– Fully loaded labor costs for implementation
and ongoing maintenance– Total service fees for contractors,
consultants and managed service providers
Understand how long it takes to implement a SIEM
Hear what sort of investment return clients realize
24%
20%
20%
12%
8%
8%
8%
Financial servicesPublic/governmentEnergy & utilitiesHealthcareManufacturingRetailServices
Sample distribution by industry
![Page 5: Dispatches from the front: What does it take to deploy IBM Security QRadar?](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5415f01c8d7f72336c8b48d7/html5/thumbnails/5.jpg)
© 2014 IBM Corporation
IBM Security Systems
5
Sample distribution by former SIEM installed
32%
20%16%
12%
12%
8%
HP ArcSight
McAfee Nitro
RSA Netwitness
Splunk
LogRhythm
Other
Collected from organizations with prior SIEM installations
Key requirement for participation was prior experience with competitive product
Included a cross-section of observations in multiple industries from leading suppliers
Conducted in totally blind and confidential manner using well respected firm
![Page 6: Dispatches from the front: What does it take to deploy IBM Security QRadar?](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5415f01c8d7f72336c8b48d7/html5/thumbnails/6.jpg)
© 2014 IBM Corporation
IBM Security Systems
6
Today’s speakers and discussion format
ANALYSISDr. Larry Ponemon
Research Principal Ponemon Institute, LLC
PERSPECTIVEJason Corbin
Director Product ManagementIBM Security Systems
![Page 7: Dispatches from the front: What does it take to deploy IBM Security QRadar?](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5415f01c8d7f72336c8b48d7/html5/thumbnails/7.jpg)
Ponemon Institute LLC
The Institute is dedicated to advancing responsible information management practices that positively affect privacy and data protection in business and government.
The Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations.
Ponemon Institute is a full member of CASRO (Council of American Survey Research organizations). Dr. Ponemon serves as CASRO’s chairman of Government & Public Affairs Committee of the Board.
The Institute has assembled more than 65+ leading multinational corporations called the RIM Council, which focuses the development and execution of ethical principles for the collection and use of personal data about people and households.
The majority of active participants are privacy or information security leaders.
04/07/2023 7Ponemon Institute: Preliminary Analysis
![Page 8: Dispatches from the front: What does it take to deploy IBM Security QRadar?](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5415f01c8d7f72336c8b48d7/html5/thumbnails/8.jpg)
© 2012 IBM Corporation© 2013 IBM Corporation8
The Findings
![Page 9: Dispatches from the front: What does it take to deploy IBM Security QRadar?](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5415f01c8d7f72336c8b48d7/html5/thumbnails/9.jpg)
Reasons for switching to QRadar
04/07/2023 Ponemon Institute: Preliminary Analysis 9
Analysis conducted from 25 confidential interviews of QRadar users
Operating costs
Product cost
Other
Performance issues
Complexity issues
Organizational changes
Interoperability issues
Management mandate
Vendor support problems
Maintenance cost
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%
8%
8%
12%
16%
20%
28%
36%
36%
40%
40%
![Page 10: Dispatches from the front: What does it take to deploy IBM Security QRadar?](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5415f01c8d7f72336c8b48d7/html5/thumbnails/10.jpg)
Average time (months) to fully implement SIEM across the enterprise
04/07/2023 Ponemon Institute: Preliminary Analysis 10
Analysis conducted from 25 confidential interviews of QRadar users
QRadar Former SIEM -
2.0
4.0
6.0
8.0
10.0
12.0
14.0
16.0
5.5
15.2
Average months to implement SIEM across the enterprise
![Page 11: Dispatches from the front: What does it take to deploy IBM Security QRadar?](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5415f01c8d7f72336c8b48d7/html5/thumbnails/11.jpg)
Anomalous traffic detected relative to total netflow
04/07/2023 Ponemon Institute: Preliminary Analysis 11
Comparison of QRadar experience to former SIEM provider experience
Significantly increased
Increased No change Decreased Significantly decreased
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
44%
28% 28%
0% 0%
Anomalous traffic detected relative to total netflow
![Page 12: Dispatches from the front: What does it take to deploy IBM Security QRadar?](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5415f01c8d7f72336c8b48d7/html5/thumbnails/12.jpg)
Comparison of QRadar experience to former SIEM provider experience fornine attributes
04/07/2023 Ponemon Institute: Preliminary Analysis 12
Percentage of companies that said each attribute either decreased or significantly decreased after the deployment of QRadar
Frequency of denial of service attacks
Frequency of data breach incidents
Average duration of IT downtime caused by cyber attacks
The total cost of downtime and business disruption caused by cyber attacks
Non-compliance with policies, regulations and external standards
Average duration of business disruption caused by cyber attacks
Average time to contain compromises
False positive rates
Average time to detect compromises
0% 20% 40% 60% 80% 100%
28%
36%
36%
40%
44%
48%
64%
80%
80%
Significantly decreased and decreased responses combined
![Page 13: Dispatches from the front: What does it take to deploy IBM Security QRadar?](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5415f01c8d7f72336c8b48d7/html5/thumbnails/13.jpg)
Does QRadar meet expectations?
04/07/2023 Ponemon Institute: Preliminary Analysis 13
Analysis conducted from 25 confidential interviews of QRadar users
Exceeds expectation Meets expectation Does not meet expectation0%
10%
20%
30%
40%
50%
60% 56%
36%
8%
Does QRadar meet your expectations?
![Page 14: Dispatches from the front: What does it take to deploy IBM Security QRadar?](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5415f01c8d7f72336c8b48d7/html5/thumbnails/14.jpg)
© 2012 IBM Corporation© 2013 IBM Corporation14
Summary
![Page 15: Dispatches from the front: What does it take to deploy IBM Security QRadar?](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5415f01c8d7f72336c8b48d7/html5/thumbnails/15.jpg)
© 2014 IBM Corporation
IBM Security Systems
15
Southbound APIs
Northbound APIs
Delivering multiple security capabilities through a purpose-built, extensible platform
IBM QRadar Security Intelligence Platform
Real Time Structured Security Data Unstructured Operational / Security Data
LEEF AXIS Configuration NetFlow Offense
Security Intelligence
Operating System
LogManagement
NextGenSIEM
Network Activity Monitoring
RiskManagement
Vulnerability Management Future
Reporting Engine Workflow Rules Engine Real-Time Viewer
Analytics Engine
Warehouse Archival
Normalization
![Page 16: Dispatches from the front: What does it take to deploy IBM Security QRadar?](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5415f01c8d7f72336c8b48d7/html5/thumbnails/16.jpg)
© 2014 IBM Corporation
IBM Security Systems
16
IBM QRadar Security Intelligence PlatformProviding actionable intelligence
IBM QRadarSecurity Intelligence
Platform
AUTOMATEDDriving simplicity and
accelerating time-to-value
INTEGRATEDUnified architecture delivered in a single console
INTELLIGENTCorrelation, analysis and massive data reduction
![Page 17: Dispatches from the front: What does it take to deploy IBM Security QRadar?](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5415f01c8d7f72336c8b48d7/html5/thumbnails/17.jpg)
© 2014 IBM Corporation
IBM Security Systems
17
What was the attack?
Who was responsible?
How many targets involved?
Was it successful?
Where do I find them?
Are any of them vulnerable?
Answering questions to help prevent and remediate attacks
How valuable are the targets to the business?
Where is all the evidence?
![Page 18: Dispatches from the front: What does it take to deploy IBM Security QRadar?](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5415f01c8d7f72336c8b48d7/html5/thumbnails/18.jpg)
© 2014 IBM Corporation
IBM Security Systems
18
Summary
Automation of data collection, asset discovery, asset profiling and more Impact: Reduced manual effort, fast time to value, lower-cost operation
Flexibility and ease of use enabling “mere mortals” to create and edit correlation rules, reports and dashboards Impact: Maximum insight, business agility and lower cost of ownership
Real-time correlation and anomaly detection based on broadest set of contextual data Impact: More accurate threat detection, in real-time
Integrated flow analytics with Layer 7 content (application) visibility Impact: Superior situational awareness and threat identification
Scalability for largest deployments, using an embedded database and unified data architecture Impact: QRadar supports your business needs at any scale
![Page 19: Dispatches from the front: What does it take to deploy IBM Security QRadar?](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5415f01c8d7f72336c8b48d7/html5/thumbnails/19.jpg)
© 2014 IBM Corporation
IBM Security Systems
19
Visit our:
Blog :www.securityintelligence.com
Website: http://ibm.co/QRadar
Read our IT Executive Guide to Security Intelligence White Paper:
ibm.co/11HQdfc
Learn more about IBM QRadar Security Intelligence
Download the 2013 Gartner Magic Quadrant for SIEM :http://ibm.co/GMQ
![Page 20: Dispatches from the front: What does it take to deploy IBM Security QRadar?](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5415f01c8d7f72336c8b48d7/html5/thumbnails/20.jpg)
© 2014 IBM Corporation
IBM Security Systems
20 20
Pulse Protect2014 The Security Forum at Pulse2014February 23- 26 MGM Grand – Las Vegas, Nevada
February 23- 26 MGM Grand – Las Vegas, Nevada
Pulse Protect 2014 will feature three days and 50+ sessions on the hottest security topics including security and threat intelligence, application and data security, vulnerability management, defense against web fraud and advanced malware, identity and access management, network security and emerging topics such as cloud and mobile security.
HIGHLIGHTS Threat Research
Hear from X-Force as well as IBM’s malware and application security researchers.
CISO Lunch & Networking
Hear from IBM’s CISO and other industry leaders while networking with your peers.
Introducing Trusteer
Discover Trusteer’s unique approach to addressing web fraud and malware.
Client & IBM led sessions
Featuring leading clients such as Standard Bank, WestJet & Whirlpool.
learn more at ibm.com/security/pulse
![Page 21: Dispatches from the front: What does it take to deploy IBM Security QRadar?](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5415f01c8d7f72336c8b48d7/html5/thumbnails/21.jpg)
© 2012 IBM Corporation© 2013 IBM Corporation21
Questions & Answers
![Page 22: Dispatches from the front: What does it take to deploy IBM Security QRadar?](https://reader034.vdocuments.mx/reader034/viewer/2022051411/5415f01c8d7f72336c8b48d7/html5/thumbnails/22.jpg)
© 2014 IBM Corporation
IBM Security Systems
22
www.ibm.com/security
© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.