ibm security blagdanske novosti - combis.hr€¦ · connect your critical security data . with...
TRANSCRIPT
IBM Security blagdanske novostiCombis adventsko security druženje
Aleksandar Ćirić
Decembar 2019
Security technical sales specialistaleksandarciricibmcom
IBM Security copy 2019 IBM Corporation
IBM Security
IBM Security copy 2019 IBM Corporation
bull 8000+ security employees
bull 3400+ security patents
32 Global Security Centers
bull Delivery - X-Force Command Centers
bull Excellence - Solution Development Centers
bull Innovation - Security Research Centers
2
IBM Security copy 2019 IBM Corporation 3
Visualize coverage across the MITRE ATTampCK frameworkbull Visually understand your ability to detect tactics and techniques
across the attack chainbull Use new insights to prioritize the rollout of new use cases and apps
to effectively strengthen your security posture
Built-in analysis of rulesbull Identify top firing rules and top offense generating rulesbull Gain in-app tuning recommendations unique to your environmentbull Easily update network hierarchy building blocks and server
discovery and based on recommendations
Guided tips to help you ensure QRadar is optimally configured to accurately detect threats throughout the attack chain
QRadar Use Case management
IBM Security copy 2019 IBM Corporation 4
Central visibility between cloud and on-prem
Generic REST API Connector
Visualize offenses in IaaS
Identify IAM policy risks
Visualize VPC trafficDetect and connect threats that
move across environments
IBM Security copy 2019 IBM Corporation
160+ rule and ML driven use cases addressing 3 major insider threat vectors
5
Compromised or Stolen Credentials
Careless or Malicious Insiders
Malware takeover of user accounts
IBM QRadar User Behavior Analytics
bull Multiple SOC Screen support
bull GEO Status Big Number Trend based views
bull Dashboard parameters enabling fast investigations
bull Dynamic time seriesbull Full power of AQL available
to create views bull Easily share dashboards
SOC Dashboards - Pulse
200+ free apps to easily add in new use cases and integrations
IBM Security copy 2019 IBM Corporation 7
Threat Detection Use Cases Compliance Monitoring amp Reporting
Cloud Security
OT Security
3rd Party Integrations System Management
Introducing IBM Cloud Pak for Security
A platform to more quickly integrate your existing security tools to generate deeper insights into threats orchestrate actions and automate responsesmdashall while leaving your data where it is
bull Hybrid multicloud architecture
bull Connected open ecosystem
bull Automation amp orchestration
IBM Security copy 2019 IBM Corporation
˝
Unified Interface
Federated search for investigation
Run anywhereIBM Cloud Pak for Security
Gain complete insights Take action faster| |
Development frameworkUniversal data insights | |Security orchestration amp automation
Open Hybrid Multicloud PlatformHybrid multicloudarchitecture
Cross-cutting security solutions
Open integration with existing security tools
Core platform services
QRadar Guardium
Incident Response Orchestration
amp Automation
Available post-GA
10
Federated search amp investigation ndash Data ExplorerUse Case
bull Investigate from a single unified interface to search threats and IOCs
bull Connect your critical security data with connectors to cloud and security data sources
bull Run queries against multiple data sources while keeping the data at rest
bull In-context investigation enrichments
bull Threat Intelligence from IBM X-Force
bull Internal asset details from CAR data sources
bull Track investigations with case management
bull Expand data sources and capabilities with SDK or IBM services to create new connectors
IBM Security copy 2019 IBM Corporation
IBM Cloud Pak for Security
STIX pattern search[filehashesSHA-256 = ef537f25c895bfa78252chellip]
Universal Security Insights
Universal Data Service (UDS)Federated search to investigate and analyze security insights across your organization without moving your data
Connect Asset amp Risk (CAR)Consolidate asset and risk information from a variety of security and IT tools to identify security gaps and better understand the overall security posture
Delivered by partners might be released post GA
QRadar QRoC QRadar Cloud Data Lake
Guardium Data Protection
Security (SIEM)CB Response
ePO
Security Advisor
QRadar QRoC
io
ePO
Guardium Data Protection
Life Cycle amp Compliance
CloudWatch
Azure Monitor
Build your own connectorBuild a customized connector to any homegrown database or tool in your environment
Two options
1 Do it yourselfLeverage the open source STIX_SHIFTER project and build your own data connector (githubcomIBMstix-shifter)
2 Let the experts helpLab Services engagement to analyze and build a new UDS connector for your environment
Requirement data source with a well defined REST API that returns JSON data
Azure Monitor
CloudWatch
12
Incident responseUse Case
bull Guide and execute investigation and response actions consistently
bull Enable incident responders to interact with the security ecosystem through API integrations
bull Automate manual and repetitive tasks and processes
bull Customize and extend playbooks through visual workflow editor
bull Extensive 3rd party apps and integrations available via X-Force App Exchange ecosystem
IBM Security copy 2019 IBM Corporation
13 IBM Security
Security Orchestration
ampAutomation
Security orchestration amp automation ndash integrations
httpsexchangexforceibmcloudcomhubResilient
14 IBM Security
Security orchestration amp automation (Resilient) ndash workflows for incident handlers
15 IBM Security
Visual workflow editor
16 IBM Security
KPI amp operational reporting
copy Copyright IBM Corporation 2019 All rights reserved The information contained in these materials is provided for informational purposes only and is provided AS IS without warranty of any kind express or implied Any statement of direction represents IBMrsquos current intent is subject to change or withdrawal and represent only goals and objectives IBM the IBM logo and other IBM products and services are trademarks of the International Business Machines Corporation in the United States other countries or both Other company product or service names may be trademarks or service marks of othersStatement of Good Security Practices IT system security involves protecting systems and information through prevention detection and response to improper access from within and outside your enterprise Improper access can result in information being altered destroyed misappropriated or misused or can result in damage to or misuse of your systems including for use in attacks on others No IT system or product should be considered completely secure and no single product service or security measure can be completely effective in preventing improper use or access IBM systems products and services are designed to be part of a lawful comprehensive security approach which will necessarily involve additional operational procedures and may require other systems products or services to be most effective IBM does not warrant that any systems products or services are immune from or will make your enterprise immune from the malicious or illegal conduct of any party
Follow us on
ibmcomsecurity
securityintelligencecom
ibmcomsecuritycommunity
xforceibmcloudcom
ibmsecurity
youtubeuseribmsecuritysolutions
Thank you
18
- IBM Security blagdanske novosti
- IBM Security
- QRadar Use Case management
- Central visibility between cloud and on-prem
- Slide Number 5
- Slide Number 6
- 200+ free apps to easily add in new use cases and integrations
- Slide Number 8
- Slide Number 9
- Slide Number 10
- Universal Security Insights
- Slide Number 12
- Security orchestration amp automation ndash integrations
- Security orchestration amp automation (Resilient) ndash workflows for incident handlers
- Visual workflow editor
- KPI amp operational reporting
- Slide Number 17
- Slide Number 18
-
IBM Security
IBM Security copy 2019 IBM Corporation
bull 8000+ security employees
bull 3400+ security patents
32 Global Security Centers
bull Delivery - X-Force Command Centers
bull Excellence - Solution Development Centers
bull Innovation - Security Research Centers
2
IBM Security copy 2019 IBM Corporation 3
Visualize coverage across the MITRE ATTampCK frameworkbull Visually understand your ability to detect tactics and techniques
across the attack chainbull Use new insights to prioritize the rollout of new use cases and apps
to effectively strengthen your security posture
Built-in analysis of rulesbull Identify top firing rules and top offense generating rulesbull Gain in-app tuning recommendations unique to your environmentbull Easily update network hierarchy building blocks and server
discovery and based on recommendations
Guided tips to help you ensure QRadar is optimally configured to accurately detect threats throughout the attack chain
QRadar Use Case management
IBM Security copy 2019 IBM Corporation 4
Central visibility between cloud and on-prem
Generic REST API Connector
Visualize offenses in IaaS
Identify IAM policy risks
Visualize VPC trafficDetect and connect threats that
move across environments
IBM Security copy 2019 IBM Corporation
160+ rule and ML driven use cases addressing 3 major insider threat vectors
5
Compromised or Stolen Credentials
Careless or Malicious Insiders
Malware takeover of user accounts
IBM QRadar User Behavior Analytics
bull Multiple SOC Screen support
bull GEO Status Big Number Trend based views
bull Dashboard parameters enabling fast investigations
bull Dynamic time seriesbull Full power of AQL available
to create views bull Easily share dashboards
SOC Dashboards - Pulse
200+ free apps to easily add in new use cases and integrations
IBM Security copy 2019 IBM Corporation 7
Threat Detection Use Cases Compliance Monitoring amp Reporting
Cloud Security
OT Security
3rd Party Integrations System Management
Introducing IBM Cloud Pak for Security
A platform to more quickly integrate your existing security tools to generate deeper insights into threats orchestrate actions and automate responsesmdashall while leaving your data where it is
bull Hybrid multicloud architecture
bull Connected open ecosystem
bull Automation amp orchestration
IBM Security copy 2019 IBM Corporation
˝
Unified Interface
Federated search for investigation
Run anywhereIBM Cloud Pak for Security
Gain complete insights Take action faster| |
Development frameworkUniversal data insights | |Security orchestration amp automation
Open Hybrid Multicloud PlatformHybrid multicloudarchitecture
Cross-cutting security solutions
Open integration with existing security tools
Core platform services
QRadar Guardium
Incident Response Orchestration
amp Automation
Available post-GA
10
Federated search amp investigation ndash Data ExplorerUse Case
bull Investigate from a single unified interface to search threats and IOCs
bull Connect your critical security data with connectors to cloud and security data sources
bull Run queries against multiple data sources while keeping the data at rest
bull In-context investigation enrichments
bull Threat Intelligence from IBM X-Force
bull Internal asset details from CAR data sources
bull Track investigations with case management
bull Expand data sources and capabilities with SDK or IBM services to create new connectors
IBM Security copy 2019 IBM Corporation
IBM Cloud Pak for Security
STIX pattern search[filehashesSHA-256 = ef537f25c895bfa78252chellip]
Universal Security Insights
Universal Data Service (UDS)Federated search to investigate and analyze security insights across your organization without moving your data
Connect Asset amp Risk (CAR)Consolidate asset and risk information from a variety of security and IT tools to identify security gaps and better understand the overall security posture
Delivered by partners might be released post GA
QRadar QRoC QRadar Cloud Data Lake
Guardium Data Protection
Security (SIEM)CB Response
ePO
Security Advisor
QRadar QRoC
io
ePO
Guardium Data Protection
Life Cycle amp Compliance
CloudWatch
Azure Monitor
Build your own connectorBuild a customized connector to any homegrown database or tool in your environment
Two options
1 Do it yourselfLeverage the open source STIX_SHIFTER project and build your own data connector (githubcomIBMstix-shifter)
2 Let the experts helpLab Services engagement to analyze and build a new UDS connector for your environment
Requirement data source with a well defined REST API that returns JSON data
Azure Monitor
CloudWatch
12
Incident responseUse Case
bull Guide and execute investigation and response actions consistently
bull Enable incident responders to interact with the security ecosystem through API integrations
bull Automate manual and repetitive tasks and processes
bull Customize and extend playbooks through visual workflow editor
bull Extensive 3rd party apps and integrations available via X-Force App Exchange ecosystem
IBM Security copy 2019 IBM Corporation
13 IBM Security
Security Orchestration
ampAutomation
Security orchestration amp automation ndash integrations
httpsexchangexforceibmcloudcomhubResilient
14 IBM Security
Security orchestration amp automation (Resilient) ndash workflows for incident handlers
15 IBM Security
Visual workflow editor
16 IBM Security
KPI amp operational reporting
copy Copyright IBM Corporation 2019 All rights reserved The information contained in these materials is provided for informational purposes only and is provided AS IS without warranty of any kind express or implied Any statement of direction represents IBMrsquos current intent is subject to change or withdrawal and represent only goals and objectives IBM the IBM logo and other IBM products and services are trademarks of the International Business Machines Corporation in the United States other countries or both Other company product or service names may be trademarks or service marks of othersStatement of Good Security Practices IT system security involves protecting systems and information through prevention detection and response to improper access from within and outside your enterprise Improper access can result in information being altered destroyed misappropriated or misused or can result in damage to or misuse of your systems including for use in attacks on others No IT system or product should be considered completely secure and no single product service or security measure can be completely effective in preventing improper use or access IBM systems products and services are designed to be part of a lawful comprehensive security approach which will necessarily involve additional operational procedures and may require other systems products or services to be most effective IBM does not warrant that any systems products or services are immune from or will make your enterprise immune from the malicious or illegal conduct of any party
Follow us on
ibmcomsecurity
securityintelligencecom
ibmcomsecuritycommunity
xforceibmcloudcom
ibmsecurity
youtubeuseribmsecuritysolutions
Thank you
18
- IBM Security blagdanske novosti
- IBM Security
- QRadar Use Case management
- Central visibility between cloud and on-prem
- Slide Number 5
- Slide Number 6
- 200+ free apps to easily add in new use cases and integrations
- Slide Number 8
- Slide Number 9
- Slide Number 10
- Universal Security Insights
- Slide Number 12
- Security orchestration amp automation ndash integrations
- Security orchestration amp automation (Resilient) ndash workflows for incident handlers
- Visual workflow editor
- KPI amp operational reporting
- Slide Number 17
- Slide Number 18
-
IBM Security copy 2019 IBM Corporation 3
Visualize coverage across the MITRE ATTampCK frameworkbull Visually understand your ability to detect tactics and techniques
across the attack chainbull Use new insights to prioritize the rollout of new use cases and apps
to effectively strengthen your security posture
Built-in analysis of rulesbull Identify top firing rules and top offense generating rulesbull Gain in-app tuning recommendations unique to your environmentbull Easily update network hierarchy building blocks and server
discovery and based on recommendations
Guided tips to help you ensure QRadar is optimally configured to accurately detect threats throughout the attack chain
QRadar Use Case management
IBM Security copy 2019 IBM Corporation 4
Central visibility between cloud and on-prem
Generic REST API Connector
Visualize offenses in IaaS
Identify IAM policy risks
Visualize VPC trafficDetect and connect threats that
move across environments
IBM Security copy 2019 IBM Corporation
160+ rule and ML driven use cases addressing 3 major insider threat vectors
5
Compromised or Stolen Credentials
Careless or Malicious Insiders
Malware takeover of user accounts
IBM QRadar User Behavior Analytics
bull Multiple SOC Screen support
bull GEO Status Big Number Trend based views
bull Dashboard parameters enabling fast investigations
bull Dynamic time seriesbull Full power of AQL available
to create views bull Easily share dashboards
SOC Dashboards - Pulse
200+ free apps to easily add in new use cases and integrations
IBM Security copy 2019 IBM Corporation 7
Threat Detection Use Cases Compliance Monitoring amp Reporting
Cloud Security
OT Security
3rd Party Integrations System Management
Introducing IBM Cloud Pak for Security
A platform to more quickly integrate your existing security tools to generate deeper insights into threats orchestrate actions and automate responsesmdashall while leaving your data where it is
bull Hybrid multicloud architecture
bull Connected open ecosystem
bull Automation amp orchestration
IBM Security copy 2019 IBM Corporation
˝
Unified Interface
Federated search for investigation
Run anywhereIBM Cloud Pak for Security
Gain complete insights Take action faster| |
Development frameworkUniversal data insights | |Security orchestration amp automation
Open Hybrid Multicloud PlatformHybrid multicloudarchitecture
Cross-cutting security solutions
Open integration with existing security tools
Core platform services
QRadar Guardium
Incident Response Orchestration
amp Automation
Available post-GA
10
Federated search amp investigation ndash Data ExplorerUse Case
bull Investigate from a single unified interface to search threats and IOCs
bull Connect your critical security data with connectors to cloud and security data sources
bull Run queries against multiple data sources while keeping the data at rest
bull In-context investigation enrichments
bull Threat Intelligence from IBM X-Force
bull Internal asset details from CAR data sources
bull Track investigations with case management
bull Expand data sources and capabilities with SDK or IBM services to create new connectors
IBM Security copy 2019 IBM Corporation
IBM Cloud Pak for Security
STIX pattern search[filehashesSHA-256 = ef537f25c895bfa78252chellip]
Universal Security Insights
Universal Data Service (UDS)Federated search to investigate and analyze security insights across your organization without moving your data
Connect Asset amp Risk (CAR)Consolidate asset and risk information from a variety of security and IT tools to identify security gaps and better understand the overall security posture
Delivered by partners might be released post GA
QRadar QRoC QRadar Cloud Data Lake
Guardium Data Protection
Security (SIEM)CB Response
ePO
Security Advisor
QRadar QRoC
io
ePO
Guardium Data Protection
Life Cycle amp Compliance
CloudWatch
Azure Monitor
Build your own connectorBuild a customized connector to any homegrown database or tool in your environment
Two options
1 Do it yourselfLeverage the open source STIX_SHIFTER project and build your own data connector (githubcomIBMstix-shifter)
2 Let the experts helpLab Services engagement to analyze and build a new UDS connector for your environment
Requirement data source with a well defined REST API that returns JSON data
Azure Monitor
CloudWatch
12
Incident responseUse Case
bull Guide and execute investigation and response actions consistently
bull Enable incident responders to interact with the security ecosystem through API integrations
bull Automate manual and repetitive tasks and processes
bull Customize and extend playbooks through visual workflow editor
bull Extensive 3rd party apps and integrations available via X-Force App Exchange ecosystem
IBM Security copy 2019 IBM Corporation
13 IBM Security
Security Orchestration
ampAutomation
Security orchestration amp automation ndash integrations
httpsexchangexforceibmcloudcomhubResilient
14 IBM Security
Security orchestration amp automation (Resilient) ndash workflows for incident handlers
15 IBM Security
Visual workflow editor
16 IBM Security
KPI amp operational reporting
copy Copyright IBM Corporation 2019 All rights reserved The information contained in these materials is provided for informational purposes only and is provided AS IS without warranty of any kind express or implied Any statement of direction represents IBMrsquos current intent is subject to change or withdrawal and represent only goals and objectives IBM the IBM logo and other IBM products and services are trademarks of the International Business Machines Corporation in the United States other countries or both Other company product or service names may be trademarks or service marks of othersStatement of Good Security Practices IT system security involves protecting systems and information through prevention detection and response to improper access from within and outside your enterprise Improper access can result in information being altered destroyed misappropriated or misused or can result in damage to or misuse of your systems including for use in attacks on others No IT system or product should be considered completely secure and no single product service or security measure can be completely effective in preventing improper use or access IBM systems products and services are designed to be part of a lawful comprehensive security approach which will necessarily involve additional operational procedures and may require other systems products or services to be most effective IBM does not warrant that any systems products or services are immune from or will make your enterprise immune from the malicious or illegal conduct of any party
Follow us on
ibmcomsecurity
securityintelligencecom
ibmcomsecuritycommunity
xforceibmcloudcom
ibmsecurity
youtubeuseribmsecuritysolutions
Thank you
18
- IBM Security blagdanske novosti
- IBM Security
- QRadar Use Case management
- Central visibility between cloud and on-prem
- Slide Number 5
- Slide Number 6
- 200+ free apps to easily add in new use cases and integrations
- Slide Number 8
- Slide Number 9
- Slide Number 10
- Universal Security Insights
- Slide Number 12
- Security orchestration amp automation ndash integrations
- Security orchestration amp automation (Resilient) ndash workflows for incident handlers
- Visual workflow editor
- KPI amp operational reporting
- Slide Number 17
- Slide Number 18
-
IBM Security copy 2019 IBM Corporation 4
Central visibility between cloud and on-prem
Generic REST API Connector
Visualize offenses in IaaS
Identify IAM policy risks
Visualize VPC trafficDetect and connect threats that
move across environments
IBM Security copy 2019 IBM Corporation
160+ rule and ML driven use cases addressing 3 major insider threat vectors
5
Compromised or Stolen Credentials
Careless or Malicious Insiders
Malware takeover of user accounts
IBM QRadar User Behavior Analytics
bull Multiple SOC Screen support
bull GEO Status Big Number Trend based views
bull Dashboard parameters enabling fast investigations
bull Dynamic time seriesbull Full power of AQL available
to create views bull Easily share dashboards
SOC Dashboards - Pulse
200+ free apps to easily add in new use cases and integrations
IBM Security copy 2019 IBM Corporation 7
Threat Detection Use Cases Compliance Monitoring amp Reporting
Cloud Security
OT Security
3rd Party Integrations System Management
Introducing IBM Cloud Pak for Security
A platform to more quickly integrate your existing security tools to generate deeper insights into threats orchestrate actions and automate responsesmdashall while leaving your data where it is
bull Hybrid multicloud architecture
bull Connected open ecosystem
bull Automation amp orchestration
IBM Security copy 2019 IBM Corporation
˝
Unified Interface
Federated search for investigation
Run anywhereIBM Cloud Pak for Security
Gain complete insights Take action faster| |
Development frameworkUniversal data insights | |Security orchestration amp automation
Open Hybrid Multicloud PlatformHybrid multicloudarchitecture
Cross-cutting security solutions
Open integration with existing security tools
Core platform services
QRadar Guardium
Incident Response Orchestration
amp Automation
Available post-GA
10
Federated search amp investigation ndash Data ExplorerUse Case
bull Investigate from a single unified interface to search threats and IOCs
bull Connect your critical security data with connectors to cloud and security data sources
bull Run queries against multiple data sources while keeping the data at rest
bull In-context investigation enrichments
bull Threat Intelligence from IBM X-Force
bull Internal asset details from CAR data sources
bull Track investigations with case management
bull Expand data sources and capabilities with SDK or IBM services to create new connectors
IBM Security copy 2019 IBM Corporation
IBM Cloud Pak for Security
STIX pattern search[filehashesSHA-256 = ef537f25c895bfa78252chellip]
Universal Security Insights
Universal Data Service (UDS)Federated search to investigate and analyze security insights across your organization without moving your data
Connect Asset amp Risk (CAR)Consolidate asset and risk information from a variety of security and IT tools to identify security gaps and better understand the overall security posture
Delivered by partners might be released post GA
QRadar QRoC QRadar Cloud Data Lake
Guardium Data Protection
Security (SIEM)CB Response
ePO
Security Advisor
QRadar QRoC
io
ePO
Guardium Data Protection
Life Cycle amp Compliance
CloudWatch
Azure Monitor
Build your own connectorBuild a customized connector to any homegrown database or tool in your environment
Two options
1 Do it yourselfLeverage the open source STIX_SHIFTER project and build your own data connector (githubcomIBMstix-shifter)
2 Let the experts helpLab Services engagement to analyze and build a new UDS connector for your environment
Requirement data source with a well defined REST API that returns JSON data
Azure Monitor
CloudWatch
12
Incident responseUse Case
bull Guide and execute investigation and response actions consistently
bull Enable incident responders to interact with the security ecosystem through API integrations
bull Automate manual and repetitive tasks and processes
bull Customize and extend playbooks through visual workflow editor
bull Extensive 3rd party apps and integrations available via X-Force App Exchange ecosystem
IBM Security copy 2019 IBM Corporation
13 IBM Security
Security Orchestration
ampAutomation
Security orchestration amp automation ndash integrations
httpsexchangexforceibmcloudcomhubResilient
14 IBM Security
Security orchestration amp automation (Resilient) ndash workflows for incident handlers
15 IBM Security
Visual workflow editor
16 IBM Security
KPI amp operational reporting
copy Copyright IBM Corporation 2019 All rights reserved The information contained in these materials is provided for informational purposes only and is provided AS IS without warranty of any kind express or implied Any statement of direction represents IBMrsquos current intent is subject to change or withdrawal and represent only goals and objectives IBM the IBM logo and other IBM products and services are trademarks of the International Business Machines Corporation in the United States other countries or both Other company product or service names may be trademarks or service marks of othersStatement of Good Security Practices IT system security involves protecting systems and information through prevention detection and response to improper access from within and outside your enterprise Improper access can result in information being altered destroyed misappropriated or misused or can result in damage to or misuse of your systems including for use in attacks on others No IT system or product should be considered completely secure and no single product service or security measure can be completely effective in preventing improper use or access IBM systems products and services are designed to be part of a lawful comprehensive security approach which will necessarily involve additional operational procedures and may require other systems products or services to be most effective IBM does not warrant that any systems products or services are immune from or will make your enterprise immune from the malicious or illegal conduct of any party
Follow us on
ibmcomsecurity
securityintelligencecom
ibmcomsecuritycommunity
xforceibmcloudcom
ibmsecurity
youtubeuseribmsecuritysolutions
Thank you
18
- IBM Security blagdanske novosti
- IBM Security
- QRadar Use Case management
- Central visibility between cloud and on-prem
- Slide Number 5
- Slide Number 6
- 200+ free apps to easily add in new use cases and integrations
- Slide Number 8
- Slide Number 9
- Slide Number 10
- Universal Security Insights
- Slide Number 12
- Security orchestration amp automation ndash integrations
- Security orchestration amp automation (Resilient) ndash workflows for incident handlers
- Visual workflow editor
- KPI amp operational reporting
- Slide Number 17
- Slide Number 18
-
IBM Security copy 2019 IBM Corporation
160+ rule and ML driven use cases addressing 3 major insider threat vectors
5
Compromised or Stolen Credentials
Careless or Malicious Insiders
Malware takeover of user accounts
IBM QRadar User Behavior Analytics
bull Multiple SOC Screen support
bull GEO Status Big Number Trend based views
bull Dashboard parameters enabling fast investigations
bull Dynamic time seriesbull Full power of AQL available
to create views bull Easily share dashboards
SOC Dashboards - Pulse
200+ free apps to easily add in new use cases and integrations
IBM Security copy 2019 IBM Corporation 7
Threat Detection Use Cases Compliance Monitoring amp Reporting
Cloud Security
OT Security
3rd Party Integrations System Management
Introducing IBM Cloud Pak for Security
A platform to more quickly integrate your existing security tools to generate deeper insights into threats orchestrate actions and automate responsesmdashall while leaving your data where it is
bull Hybrid multicloud architecture
bull Connected open ecosystem
bull Automation amp orchestration
IBM Security copy 2019 IBM Corporation
˝
Unified Interface
Federated search for investigation
Run anywhereIBM Cloud Pak for Security
Gain complete insights Take action faster| |
Development frameworkUniversal data insights | |Security orchestration amp automation
Open Hybrid Multicloud PlatformHybrid multicloudarchitecture
Cross-cutting security solutions
Open integration with existing security tools
Core platform services
QRadar Guardium
Incident Response Orchestration
amp Automation
Available post-GA
10
Federated search amp investigation ndash Data ExplorerUse Case
bull Investigate from a single unified interface to search threats and IOCs
bull Connect your critical security data with connectors to cloud and security data sources
bull Run queries against multiple data sources while keeping the data at rest
bull In-context investigation enrichments
bull Threat Intelligence from IBM X-Force
bull Internal asset details from CAR data sources
bull Track investigations with case management
bull Expand data sources and capabilities with SDK or IBM services to create new connectors
IBM Security copy 2019 IBM Corporation
IBM Cloud Pak for Security
STIX pattern search[filehashesSHA-256 = ef537f25c895bfa78252chellip]
Universal Security Insights
Universal Data Service (UDS)Federated search to investigate and analyze security insights across your organization without moving your data
Connect Asset amp Risk (CAR)Consolidate asset and risk information from a variety of security and IT tools to identify security gaps and better understand the overall security posture
Delivered by partners might be released post GA
QRadar QRoC QRadar Cloud Data Lake
Guardium Data Protection
Security (SIEM)CB Response
ePO
Security Advisor
QRadar QRoC
io
ePO
Guardium Data Protection
Life Cycle amp Compliance
CloudWatch
Azure Monitor
Build your own connectorBuild a customized connector to any homegrown database or tool in your environment
Two options
1 Do it yourselfLeverage the open source STIX_SHIFTER project and build your own data connector (githubcomIBMstix-shifter)
2 Let the experts helpLab Services engagement to analyze and build a new UDS connector for your environment
Requirement data source with a well defined REST API that returns JSON data
Azure Monitor
CloudWatch
12
Incident responseUse Case
bull Guide and execute investigation and response actions consistently
bull Enable incident responders to interact with the security ecosystem through API integrations
bull Automate manual and repetitive tasks and processes
bull Customize and extend playbooks through visual workflow editor
bull Extensive 3rd party apps and integrations available via X-Force App Exchange ecosystem
IBM Security copy 2019 IBM Corporation
13 IBM Security
Security Orchestration
ampAutomation
Security orchestration amp automation ndash integrations
httpsexchangexforceibmcloudcomhubResilient
14 IBM Security
Security orchestration amp automation (Resilient) ndash workflows for incident handlers
15 IBM Security
Visual workflow editor
16 IBM Security
KPI amp operational reporting
copy Copyright IBM Corporation 2019 All rights reserved The information contained in these materials is provided for informational purposes only and is provided AS IS without warranty of any kind express or implied Any statement of direction represents IBMrsquos current intent is subject to change or withdrawal and represent only goals and objectives IBM the IBM logo and other IBM products and services are trademarks of the International Business Machines Corporation in the United States other countries or both Other company product or service names may be trademarks or service marks of othersStatement of Good Security Practices IT system security involves protecting systems and information through prevention detection and response to improper access from within and outside your enterprise Improper access can result in information being altered destroyed misappropriated or misused or can result in damage to or misuse of your systems including for use in attacks on others No IT system or product should be considered completely secure and no single product service or security measure can be completely effective in preventing improper use or access IBM systems products and services are designed to be part of a lawful comprehensive security approach which will necessarily involve additional operational procedures and may require other systems products or services to be most effective IBM does not warrant that any systems products or services are immune from or will make your enterprise immune from the malicious or illegal conduct of any party
Follow us on
ibmcomsecurity
securityintelligencecom
ibmcomsecuritycommunity
xforceibmcloudcom
ibmsecurity
youtubeuseribmsecuritysolutions
Thank you
18
- IBM Security blagdanske novosti
- IBM Security
- QRadar Use Case management
- Central visibility between cloud and on-prem
- Slide Number 5
- Slide Number 6
- 200+ free apps to easily add in new use cases and integrations
- Slide Number 8
- Slide Number 9
- Slide Number 10
- Universal Security Insights
- Slide Number 12
- Security orchestration amp automation ndash integrations
- Security orchestration amp automation (Resilient) ndash workflows for incident handlers
- Visual workflow editor
- KPI amp operational reporting
- Slide Number 17
- Slide Number 18
-
bull Multiple SOC Screen support
bull GEO Status Big Number Trend based views
bull Dashboard parameters enabling fast investigations
bull Dynamic time seriesbull Full power of AQL available
to create views bull Easily share dashboards
SOC Dashboards - Pulse
200+ free apps to easily add in new use cases and integrations
IBM Security copy 2019 IBM Corporation 7
Threat Detection Use Cases Compliance Monitoring amp Reporting
Cloud Security
OT Security
3rd Party Integrations System Management
Introducing IBM Cloud Pak for Security
A platform to more quickly integrate your existing security tools to generate deeper insights into threats orchestrate actions and automate responsesmdashall while leaving your data where it is
bull Hybrid multicloud architecture
bull Connected open ecosystem
bull Automation amp orchestration
IBM Security copy 2019 IBM Corporation
˝
Unified Interface
Federated search for investigation
Run anywhereIBM Cloud Pak for Security
Gain complete insights Take action faster| |
Development frameworkUniversal data insights | |Security orchestration amp automation
Open Hybrid Multicloud PlatformHybrid multicloudarchitecture
Cross-cutting security solutions
Open integration with existing security tools
Core platform services
QRadar Guardium
Incident Response Orchestration
amp Automation
Available post-GA
10
Federated search amp investigation ndash Data ExplorerUse Case
bull Investigate from a single unified interface to search threats and IOCs
bull Connect your critical security data with connectors to cloud and security data sources
bull Run queries against multiple data sources while keeping the data at rest
bull In-context investigation enrichments
bull Threat Intelligence from IBM X-Force
bull Internal asset details from CAR data sources
bull Track investigations with case management
bull Expand data sources and capabilities with SDK or IBM services to create new connectors
IBM Security copy 2019 IBM Corporation
IBM Cloud Pak for Security
STIX pattern search[filehashesSHA-256 = ef537f25c895bfa78252chellip]
Universal Security Insights
Universal Data Service (UDS)Federated search to investigate and analyze security insights across your organization without moving your data
Connect Asset amp Risk (CAR)Consolidate asset and risk information from a variety of security and IT tools to identify security gaps and better understand the overall security posture
Delivered by partners might be released post GA
QRadar QRoC QRadar Cloud Data Lake
Guardium Data Protection
Security (SIEM)CB Response
ePO
Security Advisor
QRadar QRoC
io
ePO
Guardium Data Protection
Life Cycle amp Compliance
CloudWatch
Azure Monitor
Build your own connectorBuild a customized connector to any homegrown database or tool in your environment
Two options
1 Do it yourselfLeverage the open source STIX_SHIFTER project and build your own data connector (githubcomIBMstix-shifter)
2 Let the experts helpLab Services engagement to analyze and build a new UDS connector for your environment
Requirement data source with a well defined REST API that returns JSON data
Azure Monitor
CloudWatch
12
Incident responseUse Case
bull Guide and execute investigation and response actions consistently
bull Enable incident responders to interact with the security ecosystem through API integrations
bull Automate manual and repetitive tasks and processes
bull Customize and extend playbooks through visual workflow editor
bull Extensive 3rd party apps and integrations available via X-Force App Exchange ecosystem
IBM Security copy 2019 IBM Corporation
13 IBM Security
Security Orchestration
ampAutomation
Security orchestration amp automation ndash integrations
httpsexchangexforceibmcloudcomhubResilient
14 IBM Security
Security orchestration amp automation (Resilient) ndash workflows for incident handlers
15 IBM Security
Visual workflow editor
16 IBM Security
KPI amp operational reporting
copy Copyright IBM Corporation 2019 All rights reserved The information contained in these materials is provided for informational purposes only and is provided AS IS without warranty of any kind express or implied Any statement of direction represents IBMrsquos current intent is subject to change or withdrawal and represent only goals and objectives IBM the IBM logo and other IBM products and services are trademarks of the International Business Machines Corporation in the United States other countries or both Other company product or service names may be trademarks or service marks of othersStatement of Good Security Practices IT system security involves protecting systems and information through prevention detection and response to improper access from within and outside your enterprise Improper access can result in information being altered destroyed misappropriated or misused or can result in damage to or misuse of your systems including for use in attacks on others No IT system or product should be considered completely secure and no single product service or security measure can be completely effective in preventing improper use or access IBM systems products and services are designed to be part of a lawful comprehensive security approach which will necessarily involve additional operational procedures and may require other systems products or services to be most effective IBM does not warrant that any systems products or services are immune from or will make your enterprise immune from the malicious or illegal conduct of any party
Follow us on
ibmcomsecurity
securityintelligencecom
ibmcomsecuritycommunity
xforceibmcloudcom
ibmsecurity
youtubeuseribmsecuritysolutions
Thank you
18
- IBM Security blagdanske novosti
- IBM Security
- QRadar Use Case management
- Central visibility between cloud and on-prem
- Slide Number 5
- Slide Number 6
- 200+ free apps to easily add in new use cases and integrations
- Slide Number 8
- Slide Number 9
- Slide Number 10
- Universal Security Insights
- Slide Number 12
- Security orchestration amp automation ndash integrations
- Security orchestration amp automation (Resilient) ndash workflows for incident handlers
- Visual workflow editor
- KPI amp operational reporting
- Slide Number 17
- Slide Number 18
-
200+ free apps to easily add in new use cases and integrations
IBM Security copy 2019 IBM Corporation 7
Threat Detection Use Cases Compliance Monitoring amp Reporting
Cloud Security
OT Security
3rd Party Integrations System Management
Introducing IBM Cloud Pak for Security
A platform to more quickly integrate your existing security tools to generate deeper insights into threats orchestrate actions and automate responsesmdashall while leaving your data where it is
bull Hybrid multicloud architecture
bull Connected open ecosystem
bull Automation amp orchestration
IBM Security copy 2019 IBM Corporation
˝
Unified Interface
Federated search for investigation
Run anywhereIBM Cloud Pak for Security
Gain complete insights Take action faster| |
Development frameworkUniversal data insights | |Security orchestration amp automation
Open Hybrid Multicloud PlatformHybrid multicloudarchitecture
Cross-cutting security solutions
Open integration with existing security tools
Core platform services
QRadar Guardium
Incident Response Orchestration
amp Automation
Available post-GA
10
Federated search amp investigation ndash Data ExplorerUse Case
bull Investigate from a single unified interface to search threats and IOCs
bull Connect your critical security data with connectors to cloud and security data sources
bull Run queries against multiple data sources while keeping the data at rest
bull In-context investigation enrichments
bull Threat Intelligence from IBM X-Force
bull Internal asset details from CAR data sources
bull Track investigations with case management
bull Expand data sources and capabilities with SDK or IBM services to create new connectors
IBM Security copy 2019 IBM Corporation
IBM Cloud Pak for Security
STIX pattern search[filehashesSHA-256 = ef537f25c895bfa78252chellip]
Universal Security Insights
Universal Data Service (UDS)Federated search to investigate and analyze security insights across your organization without moving your data
Connect Asset amp Risk (CAR)Consolidate asset and risk information from a variety of security and IT tools to identify security gaps and better understand the overall security posture
Delivered by partners might be released post GA
QRadar QRoC QRadar Cloud Data Lake
Guardium Data Protection
Security (SIEM)CB Response
ePO
Security Advisor
QRadar QRoC
io
ePO
Guardium Data Protection
Life Cycle amp Compliance
CloudWatch
Azure Monitor
Build your own connectorBuild a customized connector to any homegrown database or tool in your environment
Two options
1 Do it yourselfLeverage the open source STIX_SHIFTER project and build your own data connector (githubcomIBMstix-shifter)
2 Let the experts helpLab Services engagement to analyze and build a new UDS connector for your environment
Requirement data source with a well defined REST API that returns JSON data
Azure Monitor
CloudWatch
12
Incident responseUse Case
bull Guide and execute investigation and response actions consistently
bull Enable incident responders to interact with the security ecosystem through API integrations
bull Automate manual and repetitive tasks and processes
bull Customize and extend playbooks through visual workflow editor
bull Extensive 3rd party apps and integrations available via X-Force App Exchange ecosystem
IBM Security copy 2019 IBM Corporation
13 IBM Security
Security Orchestration
ampAutomation
Security orchestration amp automation ndash integrations
httpsexchangexforceibmcloudcomhubResilient
14 IBM Security
Security orchestration amp automation (Resilient) ndash workflows for incident handlers
15 IBM Security
Visual workflow editor
16 IBM Security
KPI amp operational reporting
copy Copyright IBM Corporation 2019 All rights reserved The information contained in these materials is provided for informational purposes only and is provided AS IS without warranty of any kind express or implied Any statement of direction represents IBMrsquos current intent is subject to change or withdrawal and represent only goals and objectives IBM the IBM logo and other IBM products and services are trademarks of the International Business Machines Corporation in the United States other countries or both Other company product or service names may be trademarks or service marks of othersStatement of Good Security Practices IT system security involves protecting systems and information through prevention detection and response to improper access from within and outside your enterprise Improper access can result in information being altered destroyed misappropriated or misused or can result in damage to or misuse of your systems including for use in attacks on others No IT system or product should be considered completely secure and no single product service or security measure can be completely effective in preventing improper use or access IBM systems products and services are designed to be part of a lawful comprehensive security approach which will necessarily involve additional operational procedures and may require other systems products or services to be most effective IBM does not warrant that any systems products or services are immune from or will make your enterprise immune from the malicious or illegal conduct of any party
Follow us on
ibmcomsecurity
securityintelligencecom
ibmcomsecuritycommunity
xforceibmcloudcom
ibmsecurity
youtubeuseribmsecuritysolutions
Thank you
18
- IBM Security blagdanske novosti
- IBM Security
- QRadar Use Case management
- Central visibility between cloud and on-prem
- Slide Number 5
- Slide Number 6
- 200+ free apps to easily add in new use cases and integrations
- Slide Number 8
- Slide Number 9
- Slide Number 10
- Universal Security Insights
- Slide Number 12
- Security orchestration amp automation ndash integrations
- Security orchestration amp automation (Resilient) ndash workflows for incident handlers
- Visual workflow editor
- KPI amp operational reporting
- Slide Number 17
- Slide Number 18
-
Introducing IBM Cloud Pak for Security
A platform to more quickly integrate your existing security tools to generate deeper insights into threats orchestrate actions and automate responsesmdashall while leaving your data where it is
bull Hybrid multicloud architecture
bull Connected open ecosystem
bull Automation amp orchestration
IBM Security copy 2019 IBM Corporation
˝
Unified Interface
Federated search for investigation
Run anywhereIBM Cloud Pak for Security
Gain complete insights Take action faster| |
Development frameworkUniversal data insights | |Security orchestration amp automation
Open Hybrid Multicloud PlatformHybrid multicloudarchitecture
Cross-cutting security solutions
Open integration with existing security tools
Core platform services
QRadar Guardium
Incident Response Orchestration
amp Automation
Available post-GA
10
Federated search amp investigation ndash Data ExplorerUse Case
bull Investigate from a single unified interface to search threats and IOCs
bull Connect your critical security data with connectors to cloud and security data sources
bull Run queries against multiple data sources while keeping the data at rest
bull In-context investigation enrichments
bull Threat Intelligence from IBM X-Force
bull Internal asset details from CAR data sources
bull Track investigations with case management
bull Expand data sources and capabilities with SDK or IBM services to create new connectors
IBM Security copy 2019 IBM Corporation
IBM Cloud Pak for Security
STIX pattern search[filehashesSHA-256 = ef537f25c895bfa78252chellip]
Universal Security Insights
Universal Data Service (UDS)Federated search to investigate and analyze security insights across your organization without moving your data
Connect Asset amp Risk (CAR)Consolidate asset and risk information from a variety of security and IT tools to identify security gaps and better understand the overall security posture
Delivered by partners might be released post GA
QRadar QRoC QRadar Cloud Data Lake
Guardium Data Protection
Security (SIEM)CB Response
ePO
Security Advisor
QRadar QRoC
io
ePO
Guardium Data Protection
Life Cycle amp Compliance
CloudWatch
Azure Monitor
Build your own connectorBuild a customized connector to any homegrown database or tool in your environment
Two options
1 Do it yourselfLeverage the open source STIX_SHIFTER project and build your own data connector (githubcomIBMstix-shifter)
2 Let the experts helpLab Services engagement to analyze and build a new UDS connector for your environment
Requirement data source with a well defined REST API that returns JSON data
Azure Monitor
CloudWatch
12
Incident responseUse Case
bull Guide and execute investigation and response actions consistently
bull Enable incident responders to interact with the security ecosystem through API integrations
bull Automate manual and repetitive tasks and processes
bull Customize and extend playbooks through visual workflow editor
bull Extensive 3rd party apps and integrations available via X-Force App Exchange ecosystem
IBM Security copy 2019 IBM Corporation
13 IBM Security
Security Orchestration
ampAutomation
Security orchestration amp automation ndash integrations
httpsexchangexforceibmcloudcomhubResilient
14 IBM Security
Security orchestration amp automation (Resilient) ndash workflows for incident handlers
15 IBM Security
Visual workflow editor
16 IBM Security
KPI amp operational reporting
copy Copyright IBM Corporation 2019 All rights reserved The information contained in these materials is provided for informational purposes only and is provided AS IS without warranty of any kind express or implied Any statement of direction represents IBMrsquos current intent is subject to change or withdrawal and represent only goals and objectives IBM the IBM logo and other IBM products and services are trademarks of the International Business Machines Corporation in the United States other countries or both Other company product or service names may be trademarks or service marks of othersStatement of Good Security Practices IT system security involves protecting systems and information through prevention detection and response to improper access from within and outside your enterprise Improper access can result in information being altered destroyed misappropriated or misused or can result in damage to or misuse of your systems including for use in attacks on others No IT system or product should be considered completely secure and no single product service or security measure can be completely effective in preventing improper use or access IBM systems products and services are designed to be part of a lawful comprehensive security approach which will necessarily involve additional operational procedures and may require other systems products or services to be most effective IBM does not warrant that any systems products or services are immune from or will make your enterprise immune from the malicious or illegal conduct of any party
Follow us on
ibmcomsecurity
securityintelligencecom
ibmcomsecuritycommunity
xforceibmcloudcom
ibmsecurity
youtubeuseribmsecuritysolutions
Thank you
18
- IBM Security blagdanske novosti
- IBM Security
- QRadar Use Case management
- Central visibility between cloud and on-prem
- Slide Number 5
- Slide Number 6
- 200+ free apps to easily add in new use cases and integrations
- Slide Number 8
- Slide Number 9
- Slide Number 10
- Universal Security Insights
- Slide Number 12
- Security orchestration amp automation ndash integrations
- Security orchestration amp automation (Resilient) ndash workflows for incident handlers
- Visual workflow editor
- KPI amp operational reporting
- Slide Number 17
- Slide Number 18
-
˝
Unified Interface
Federated search for investigation
Run anywhereIBM Cloud Pak for Security
Gain complete insights Take action faster| |
Development frameworkUniversal data insights | |Security orchestration amp automation
Open Hybrid Multicloud PlatformHybrid multicloudarchitecture
Cross-cutting security solutions
Open integration with existing security tools
Core platform services
QRadar Guardium
Incident Response Orchestration
amp Automation
Available post-GA
10
Federated search amp investigation ndash Data ExplorerUse Case
bull Investigate from a single unified interface to search threats and IOCs
bull Connect your critical security data with connectors to cloud and security data sources
bull Run queries against multiple data sources while keeping the data at rest
bull In-context investigation enrichments
bull Threat Intelligence from IBM X-Force
bull Internal asset details from CAR data sources
bull Track investigations with case management
bull Expand data sources and capabilities with SDK or IBM services to create new connectors
IBM Security copy 2019 IBM Corporation
IBM Cloud Pak for Security
STIX pattern search[filehashesSHA-256 = ef537f25c895bfa78252chellip]
Universal Security Insights
Universal Data Service (UDS)Federated search to investigate and analyze security insights across your organization without moving your data
Connect Asset amp Risk (CAR)Consolidate asset and risk information from a variety of security and IT tools to identify security gaps and better understand the overall security posture
Delivered by partners might be released post GA
QRadar QRoC QRadar Cloud Data Lake
Guardium Data Protection
Security (SIEM)CB Response
ePO
Security Advisor
QRadar QRoC
io
ePO
Guardium Data Protection
Life Cycle amp Compliance
CloudWatch
Azure Monitor
Build your own connectorBuild a customized connector to any homegrown database or tool in your environment
Two options
1 Do it yourselfLeverage the open source STIX_SHIFTER project and build your own data connector (githubcomIBMstix-shifter)
2 Let the experts helpLab Services engagement to analyze and build a new UDS connector for your environment
Requirement data source with a well defined REST API that returns JSON data
Azure Monitor
CloudWatch
12
Incident responseUse Case
bull Guide and execute investigation and response actions consistently
bull Enable incident responders to interact with the security ecosystem through API integrations
bull Automate manual and repetitive tasks and processes
bull Customize and extend playbooks through visual workflow editor
bull Extensive 3rd party apps and integrations available via X-Force App Exchange ecosystem
IBM Security copy 2019 IBM Corporation
13 IBM Security
Security Orchestration
ampAutomation
Security orchestration amp automation ndash integrations
httpsexchangexforceibmcloudcomhubResilient
14 IBM Security
Security orchestration amp automation (Resilient) ndash workflows for incident handlers
15 IBM Security
Visual workflow editor
16 IBM Security
KPI amp operational reporting
copy Copyright IBM Corporation 2019 All rights reserved The information contained in these materials is provided for informational purposes only and is provided AS IS without warranty of any kind express or implied Any statement of direction represents IBMrsquos current intent is subject to change or withdrawal and represent only goals and objectives IBM the IBM logo and other IBM products and services are trademarks of the International Business Machines Corporation in the United States other countries or both Other company product or service names may be trademarks or service marks of othersStatement of Good Security Practices IT system security involves protecting systems and information through prevention detection and response to improper access from within and outside your enterprise Improper access can result in information being altered destroyed misappropriated or misused or can result in damage to or misuse of your systems including for use in attacks on others No IT system or product should be considered completely secure and no single product service or security measure can be completely effective in preventing improper use or access IBM systems products and services are designed to be part of a lawful comprehensive security approach which will necessarily involve additional operational procedures and may require other systems products or services to be most effective IBM does not warrant that any systems products or services are immune from or will make your enterprise immune from the malicious or illegal conduct of any party
Follow us on
ibmcomsecurity
securityintelligencecom
ibmcomsecuritycommunity
xforceibmcloudcom
ibmsecurity
youtubeuseribmsecuritysolutions
Thank you
18
- IBM Security blagdanske novosti
- IBM Security
- QRadar Use Case management
- Central visibility between cloud and on-prem
- Slide Number 5
- Slide Number 6
- 200+ free apps to easily add in new use cases and integrations
- Slide Number 8
- Slide Number 9
- Slide Number 10
- Universal Security Insights
- Slide Number 12
- Security orchestration amp automation ndash integrations
- Security orchestration amp automation (Resilient) ndash workflows for incident handlers
- Visual workflow editor
- KPI amp operational reporting
- Slide Number 17
- Slide Number 18
-
10
Federated search amp investigation ndash Data ExplorerUse Case
bull Investigate from a single unified interface to search threats and IOCs
bull Connect your critical security data with connectors to cloud and security data sources
bull Run queries against multiple data sources while keeping the data at rest
bull In-context investigation enrichments
bull Threat Intelligence from IBM X-Force
bull Internal asset details from CAR data sources
bull Track investigations with case management
bull Expand data sources and capabilities with SDK or IBM services to create new connectors
IBM Security copy 2019 IBM Corporation
IBM Cloud Pak for Security
STIX pattern search[filehashesSHA-256 = ef537f25c895bfa78252chellip]
Universal Security Insights
Universal Data Service (UDS)Federated search to investigate and analyze security insights across your organization without moving your data
Connect Asset amp Risk (CAR)Consolidate asset and risk information from a variety of security and IT tools to identify security gaps and better understand the overall security posture
Delivered by partners might be released post GA
QRadar QRoC QRadar Cloud Data Lake
Guardium Data Protection
Security (SIEM)CB Response
ePO
Security Advisor
QRadar QRoC
io
ePO
Guardium Data Protection
Life Cycle amp Compliance
CloudWatch
Azure Monitor
Build your own connectorBuild a customized connector to any homegrown database or tool in your environment
Two options
1 Do it yourselfLeverage the open source STIX_SHIFTER project and build your own data connector (githubcomIBMstix-shifter)
2 Let the experts helpLab Services engagement to analyze and build a new UDS connector for your environment
Requirement data source with a well defined REST API that returns JSON data
Azure Monitor
CloudWatch
12
Incident responseUse Case
bull Guide and execute investigation and response actions consistently
bull Enable incident responders to interact with the security ecosystem through API integrations
bull Automate manual and repetitive tasks and processes
bull Customize and extend playbooks through visual workflow editor
bull Extensive 3rd party apps and integrations available via X-Force App Exchange ecosystem
IBM Security copy 2019 IBM Corporation
13 IBM Security
Security Orchestration
ampAutomation
Security orchestration amp automation ndash integrations
httpsexchangexforceibmcloudcomhubResilient
14 IBM Security
Security orchestration amp automation (Resilient) ndash workflows for incident handlers
15 IBM Security
Visual workflow editor
16 IBM Security
KPI amp operational reporting
copy Copyright IBM Corporation 2019 All rights reserved The information contained in these materials is provided for informational purposes only and is provided AS IS without warranty of any kind express or implied Any statement of direction represents IBMrsquos current intent is subject to change or withdrawal and represent only goals and objectives IBM the IBM logo and other IBM products and services are trademarks of the International Business Machines Corporation in the United States other countries or both Other company product or service names may be trademarks or service marks of othersStatement of Good Security Practices IT system security involves protecting systems and information through prevention detection and response to improper access from within and outside your enterprise Improper access can result in information being altered destroyed misappropriated or misused or can result in damage to or misuse of your systems including for use in attacks on others No IT system or product should be considered completely secure and no single product service or security measure can be completely effective in preventing improper use or access IBM systems products and services are designed to be part of a lawful comprehensive security approach which will necessarily involve additional operational procedures and may require other systems products or services to be most effective IBM does not warrant that any systems products or services are immune from or will make your enterprise immune from the malicious or illegal conduct of any party
Follow us on
ibmcomsecurity
securityintelligencecom
ibmcomsecuritycommunity
xforceibmcloudcom
ibmsecurity
youtubeuseribmsecuritysolutions
Thank you
18
- IBM Security blagdanske novosti
- IBM Security
- QRadar Use Case management
- Central visibility between cloud and on-prem
- Slide Number 5
- Slide Number 6
- 200+ free apps to easily add in new use cases and integrations
- Slide Number 8
- Slide Number 9
- Slide Number 10
- Universal Security Insights
- Slide Number 12
- Security orchestration amp automation ndash integrations
- Security orchestration amp automation (Resilient) ndash workflows for incident handlers
- Visual workflow editor
- KPI amp operational reporting
- Slide Number 17
- Slide Number 18
-
Universal Security Insights
Universal Data Service (UDS)Federated search to investigate and analyze security insights across your organization without moving your data
Connect Asset amp Risk (CAR)Consolidate asset and risk information from a variety of security and IT tools to identify security gaps and better understand the overall security posture
Delivered by partners might be released post GA
QRadar QRoC QRadar Cloud Data Lake
Guardium Data Protection
Security (SIEM)CB Response
ePO
Security Advisor
QRadar QRoC
io
ePO
Guardium Data Protection
Life Cycle amp Compliance
CloudWatch
Azure Monitor
Build your own connectorBuild a customized connector to any homegrown database or tool in your environment
Two options
1 Do it yourselfLeverage the open source STIX_SHIFTER project and build your own data connector (githubcomIBMstix-shifter)
2 Let the experts helpLab Services engagement to analyze and build a new UDS connector for your environment
Requirement data source with a well defined REST API that returns JSON data
Azure Monitor
CloudWatch
12
Incident responseUse Case
bull Guide and execute investigation and response actions consistently
bull Enable incident responders to interact with the security ecosystem through API integrations
bull Automate manual and repetitive tasks and processes
bull Customize and extend playbooks through visual workflow editor
bull Extensive 3rd party apps and integrations available via X-Force App Exchange ecosystem
IBM Security copy 2019 IBM Corporation
13 IBM Security
Security Orchestration
ampAutomation
Security orchestration amp automation ndash integrations
httpsexchangexforceibmcloudcomhubResilient
14 IBM Security
Security orchestration amp automation (Resilient) ndash workflows for incident handlers
15 IBM Security
Visual workflow editor
16 IBM Security
KPI amp operational reporting
copy Copyright IBM Corporation 2019 All rights reserved The information contained in these materials is provided for informational purposes only and is provided AS IS without warranty of any kind express or implied Any statement of direction represents IBMrsquos current intent is subject to change or withdrawal and represent only goals and objectives IBM the IBM logo and other IBM products and services are trademarks of the International Business Machines Corporation in the United States other countries or both Other company product or service names may be trademarks or service marks of othersStatement of Good Security Practices IT system security involves protecting systems and information through prevention detection and response to improper access from within and outside your enterprise Improper access can result in information being altered destroyed misappropriated or misused or can result in damage to or misuse of your systems including for use in attacks on others No IT system or product should be considered completely secure and no single product service or security measure can be completely effective in preventing improper use or access IBM systems products and services are designed to be part of a lawful comprehensive security approach which will necessarily involve additional operational procedures and may require other systems products or services to be most effective IBM does not warrant that any systems products or services are immune from or will make your enterprise immune from the malicious or illegal conduct of any party
Follow us on
ibmcomsecurity
securityintelligencecom
ibmcomsecuritycommunity
xforceibmcloudcom
ibmsecurity
youtubeuseribmsecuritysolutions
Thank you
18
- IBM Security blagdanske novosti
- IBM Security
- QRadar Use Case management
- Central visibility between cloud and on-prem
- Slide Number 5
- Slide Number 6
- 200+ free apps to easily add in new use cases and integrations
- Slide Number 8
- Slide Number 9
- Slide Number 10
- Universal Security Insights
- Slide Number 12
- Security orchestration amp automation ndash integrations
- Security orchestration amp automation (Resilient) ndash workflows for incident handlers
- Visual workflow editor
- KPI amp operational reporting
- Slide Number 17
- Slide Number 18
-
12
Incident responseUse Case
bull Guide and execute investigation and response actions consistently
bull Enable incident responders to interact with the security ecosystem through API integrations
bull Automate manual and repetitive tasks and processes
bull Customize and extend playbooks through visual workflow editor
bull Extensive 3rd party apps and integrations available via X-Force App Exchange ecosystem
IBM Security copy 2019 IBM Corporation
13 IBM Security
Security Orchestration
ampAutomation
Security orchestration amp automation ndash integrations
httpsexchangexforceibmcloudcomhubResilient
14 IBM Security
Security orchestration amp automation (Resilient) ndash workflows for incident handlers
15 IBM Security
Visual workflow editor
16 IBM Security
KPI amp operational reporting
copy Copyright IBM Corporation 2019 All rights reserved The information contained in these materials is provided for informational purposes only and is provided AS IS without warranty of any kind express or implied Any statement of direction represents IBMrsquos current intent is subject to change or withdrawal and represent only goals and objectives IBM the IBM logo and other IBM products and services are trademarks of the International Business Machines Corporation in the United States other countries or both Other company product or service names may be trademarks or service marks of othersStatement of Good Security Practices IT system security involves protecting systems and information through prevention detection and response to improper access from within and outside your enterprise Improper access can result in information being altered destroyed misappropriated or misused or can result in damage to or misuse of your systems including for use in attacks on others No IT system or product should be considered completely secure and no single product service or security measure can be completely effective in preventing improper use or access IBM systems products and services are designed to be part of a lawful comprehensive security approach which will necessarily involve additional operational procedures and may require other systems products or services to be most effective IBM does not warrant that any systems products or services are immune from or will make your enterprise immune from the malicious or illegal conduct of any party
Follow us on
ibmcomsecurity
securityintelligencecom
ibmcomsecuritycommunity
xforceibmcloudcom
ibmsecurity
youtubeuseribmsecuritysolutions
Thank you
18
- IBM Security blagdanske novosti
- IBM Security
- QRadar Use Case management
- Central visibility between cloud and on-prem
- Slide Number 5
- Slide Number 6
- 200+ free apps to easily add in new use cases and integrations
- Slide Number 8
- Slide Number 9
- Slide Number 10
- Universal Security Insights
- Slide Number 12
- Security orchestration amp automation ndash integrations
- Security orchestration amp automation (Resilient) ndash workflows for incident handlers
- Visual workflow editor
- KPI amp operational reporting
- Slide Number 17
- Slide Number 18
-
13 IBM Security
Security Orchestration
ampAutomation
Security orchestration amp automation ndash integrations
httpsexchangexforceibmcloudcomhubResilient
14 IBM Security
Security orchestration amp automation (Resilient) ndash workflows for incident handlers
15 IBM Security
Visual workflow editor
16 IBM Security
KPI amp operational reporting
copy Copyright IBM Corporation 2019 All rights reserved The information contained in these materials is provided for informational purposes only and is provided AS IS without warranty of any kind express or implied Any statement of direction represents IBMrsquos current intent is subject to change or withdrawal and represent only goals and objectives IBM the IBM logo and other IBM products and services are trademarks of the International Business Machines Corporation in the United States other countries or both Other company product or service names may be trademarks or service marks of othersStatement of Good Security Practices IT system security involves protecting systems and information through prevention detection and response to improper access from within and outside your enterprise Improper access can result in information being altered destroyed misappropriated or misused or can result in damage to or misuse of your systems including for use in attacks on others No IT system or product should be considered completely secure and no single product service or security measure can be completely effective in preventing improper use or access IBM systems products and services are designed to be part of a lawful comprehensive security approach which will necessarily involve additional operational procedures and may require other systems products or services to be most effective IBM does not warrant that any systems products or services are immune from or will make your enterprise immune from the malicious or illegal conduct of any party
Follow us on
ibmcomsecurity
securityintelligencecom
ibmcomsecuritycommunity
xforceibmcloudcom
ibmsecurity
youtubeuseribmsecuritysolutions
Thank you
18
- IBM Security blagdanske novosti
- IBM Security
- QRadar Use Case management
- Central visibility between cloud and on-prem
- Slide Number 5
- Slide Number 6
- 200+ free apps to easily add in new use cases and integrations
- Slide Number 8
- Slide Number 9
- Slide Number 10
- Universal Security Insights
- Slide Number 12
- Security orchestration amp automation ndash integrations
- Security orchestration amp automation (Resilient) ndash workflows for incident handlers
- Visual workflow editor
- KPI amp operational reporting
- Slide Number 17
- Slide Number 18
-
14 IBM Security
Security orchestration amp automation (Resilient) ndash workflows for incident handlers
15 IBM Security
Visual workflow editor
16 IBM Security
KPI amp operational reporting
copy Copyright IBM Corporation 2019 All rights reserved The information contained in these materials is provided for informational purposes only and is provided AS IS without warranty of any kind express or implied Any statement of direction represents IBMrsquos current intent is subject to change or withdrawal and represent only goals and objectives IBM the IBM logo and other IBM products and services are trademarks of the International Business Machines Corporation in the United States other countries or both Other company product or service names may be trademarks or service marks of othersStatement of Good Security Practices IT system security involves protecting systems and information through prevention detection and response to improper access from within and outside your enterprise Improper access can result in information being altered destroyed misappropriated or misused or can result in damage to or misuse of your systems including for use in attacks on others No IT system or product should be considered completely secure and no single product service or security measure can be completely effective in preventing improper use or access IBM systems products and services are designed to be part of a lawful comprehensive security approach which will necessarily involve additional operational procedures and may require other systems products or services to be most effective IBM does not warrant that any systems products or services are immune from or will make your enterprise immune from the malicious or illegal conduct of any party
Follow us on
ibmcomsecurity
securityintelligencecom
ibmcomsecuritycommunity
xforceibmcloudcom
ibmsecurity
youtubeuseribmsecuritysolutions
Thank you
18
- IBM Security blagdanske novosti
- IBM Security
- QRadar Use Case management
- Central visibility between cloud and on-prem
- Slide Number 5
- Slide Number 6
- 200+ free apps to easily add in new use cases and integrations
- Slide Number 8
- Slide Number 9
- Slide Number 10
- Universal Security Insights
- Slide Number 12
- Security orchestration amp automation ndash integrations
- Security orchestration amp automation (Resilient) ndash workflows for incident handlers
- Visual workflow editor
- KPI amp operational reporting
- Slide Number 17
- Slide Number 18
-
15 IBM Security
Visual workflow editor
16 IBM Security
KPI amp operational reporting
copy Copyright IBM Corporation 2019 All rights reserved The information contained in these materials is provided for informational purposes only and is provided AS IS without warranty of any kind express or implied Any statement of direction represents IBMrsquos current intent is subject to change or withdrawal and represent only goals and objectives IBM the IBM logo and other IBM products and services are trademarks of the International Business Machines Corporation in the United States other countries or both Other company product or service names may be trademarks or service marks of othersStatement of Good Security Practices IT system security involves protecting systems and information through prevention detection and response to improper access from within and outside your enterprise Improper access can result in information being altered destroyed misappropriated or misused or can result in damage to or misuse of your systems including for use in attacks on others No IT system or product should be considered completely secure and no single product service or security measure can be completely effective in preventing improper use or access IBM systems products and services are designed to be part of a lawful comprehensive security approach which will necessarily involve additional operational procedures and may require other systems products or services to be most effective IBM does not warrant that any systems products or services are immune from or will make your enterprise immune from the malicious or illegal conduct of any party
Follow us on
ibmcomsecurity
securityintelligencecom
ibmcomsecuritycommunity
xforceibmcloudcom
ibmsecurity
youtubeuseribmsecuritysolutions
Thank you
18
- IBM Security blagdanske novosti
- IBM Security
- QRadar Use Case management
- Central visibility between cloud and on-prem
- Slide Number 5
- Slide Number 6
- 200+ free apps to easily add in new use cases and integrations
- Slide Number 8
- Slide Number 9
- Slide Number 10
- Universal Security Insights
- Slide Number 12
- Security orchestration amp automation ndash integrations
- Security orchestration amp automation (Resilient) ndash workflows for incident handlers
- Visual workflow editor
- KPI amp operational reporting
- Slide Number 17
- Slide Number 18
-
16 IBM Security
KPI amp operational reporting
copy Copyright IBM Corporation 2019 All rights reserved The information contained in these materials is provided for informational purposes only and is provided AS IS without warranty of any kind express or implied Any statement of direction represents IBMrsquos current intent is subject to change or withdrawal and represent only goals and objectives IBM the IBM logo and other IBM products and services are trademarks of the International Business Machines Corporation in the United States other countries or both Other company product or service names may be trademarks or service marks of othersStatement of Good Security Practices IT system security involves protecting systems and information through prevention detection and response to improper access from within and outside your enterprise Improper access can result in information being altered destroyed misappropriated or misused or can result in damage to or misuse of your systems including for use in attacks on others No IT system or product should be considered completely secure and no single product service or security measure can be completely effective in preventing improper use or access IBM systems products and services are designed to be part of a lawful comprehensive security approach which will necessarily involve additional operational procedures and may require other systems products or services to be most effective IBM does not warrant that any systems products or services are immune from or will make your enterprise immune from the malicious or illegal conduct of any party
Follow us on
ibmcomsecurity
securityintelligencecom
ibmcomsecuritycommunity
xforceibmcloudcom
ibmsecurity
youtubeuseribmsecuritysolutions
Thank you
18
- IBM Security blagdanske novosti
- IBM Security
- QRadar Use Case management
- Central visibility between cloud and on-prem
- Slide Number 5
- Slide Number 6
- 200+ free apps to easily add in new use cases and integrations
- Slide Number 8
- Slide Number 9
- Slide Number 10
- Universal Security Insights
- Slide Number 12
- Security orchestration amp automation ndash integrations
- Security orchestration amp automation (Resilient) ndash workflows for incident handlers
- Visual workflow editor
- KPI amp operational reporting
- Slide Number 17
- Slide Number 18
-
copy Copyright IBM Corporation 2019 All rights reserved The information contained in these materials is provided for informational purposes only and is provided AS IS without warranty of any kind express or implied Any statement of direction represents IBMrsquos current intent is subject to change or withdrawal and represent only goals and objectives IBM the IBM logo and other IBM products and services are trademarks of the International Business Machines Corporation in the United States other countries or both Other company product or service names may be trademarks or service marks of othersStatement of Good Security Practices IT system security involves protecting systems and information through prevention detection and response to improper access from within and outside your enterprise Improper access can result in information being altered destroyed misappropriated or misused or can result in damage to or misuse of your systems including for use in attacks on others No IT system or product should be considered completely secure and no single product service or security measure can be completely effective in preventing improper use or access IBM systems products and services are designed to be part of a lawful comprehensive security approach which will necessarily involve additional operational procedures and may require other systems products or services to be most effective IBM does not warrant that any systems products or services are immune from or will make your enterprise immune from the malicious or illegal conduct of any party
Follow us on
ibmcomsecurity
securityintelligencecom
ibmcomsecuritycommunity
xforceibmcloudcom
ibmsecurity
youtubeuseribmsecuritysolutions
Thank you
18
- IBM Security blagdanske novosti
- IBM Security
- QRadar Use Case management
- Central visibility between cloud and on-prem
- Slide Number 5
- Slide Number 6
- 200+ free apps to easily add in new use cases and integrations
- Slide Number 8
- Slide Number 9
- Slide Number 10
- Universal Security Insights
- Slide Number 12
- Security orchestration amp automation ndash integrations
- Security orchestration amp automation (Resilient) ndash workflows for incident handlers
- Visual workflow editor
- KPI amp operational reporting
- Slide Number 17
- Slide Number 18
-
18
- IBM Security blagdanske novosti
- IBM Security
- QRadar Use Case management
- Central visibility between cloud and on-prem
- Slide Number 5
- Slide Number 6
- 200+ free apps to easily add in new use cases and integrations
- Slide Number 8
- Slide Number 9
- Slide Number 10
- Universal Security Insights
- Slide Number 12
- Security orchestration amp automation ndash integrations
- Security orchestration amp automation (Resilient) ndash workflows for incident handlers
- Visual workflow editor
- KPI amp operational reporting
- Slide Number 17
- Slide Number 18
-