ibm security intelligence
DESCRIPTION
Rafforza la sicurezza dei tuoi dati con analisi predittive e reazioni proattiveTRANSCRIPT
![Page 1: IBM Security Intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022051014/54b6f1de4a7959fd608b4580/html5/thumbnails/1.jpg)
IBM Security
IBM Security Intelligence
© 2013 IBM Corporation© 2014 IBM Corporation
Speaker: Alfonso PonticelliSecurity QRadar Technical Sales, Italy
![Page 2: IBM Security Intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022051014/54b6f1de4a7959fd608b4580/html5/thumbnails/2.jpg)
IBM Security Systems
What is Security Intelligence?
Security Intelligence
--noun
1. the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure that impacts the IT security and risk posture of an enterprise
Security Intelligence
© 2014 IBM Corporation2
IT security and risk posture of an enterprise
Security Intelligence provides actionable and comprehensive insight for managing risks and threats from protection and
detection through remediation
![Page 3: IBM Security Intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022051014/54b6f1de4a7959fd608b4580/html5/thumbnails/3.jpg)
IBM Security Systems
Solutions for the full Security Intelligence timeline
IBM Security Intelligence
© 2014 IBM Corporation3
![Page 4: IBM Security Intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022051014/54b6f1de4a7959fd608b4580/html5/thumbnails/4.jpg)
IBM Security Systems
Built upon common foundation of QRadar SIOS
Reporting
EngineWorkflow Rules Engine
Real-Time
Viewer
Security
Intelligence
Solutions
IBM QRadar SIEM Platform
QRadar SIEM
QRadar
Risk
Manager
QRadar
QFlow and
VFlow
QRadar
Vulnerability
Manager
© 2014 IBM Corporation4
Analytics Engine
Warehouse Archival
Security
Intelligence
Operating
System
(SIOS)Normalization
![Page 5: IBM Security Intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022051014/54b6f1de4a7959fd608b4580/html5/thumbnails/5.jpg)
IBM Security Systems
Servers and mainframes
Network and virtual activity
Data activity
Security devices
Structured & Unstructured Data …Suspected Incidents
• Automated data collection, asset discovery and profiling
• Automated, real-time, and integrated analytics
Embedded IntelligenceHighly
Prioritized Security and Operational
Incidents
Highly Prioritized
Security and Operational
Incidents
Automated
Dynamic Threat Environment Requires Security Intelligence
IBM QRadar SIEM Platform
© 2014 IBM Corporation5
Application activity
Configuration information
Vulnerabilities and threats
Users and identities
Global threat intelligence
• Massive data reduction
• Activity baseliningand anomaly detection
• Out-of-the box rules and templates
Automated Offense
Identification
Visibility across organizational security systems to improve response times and incorporate adaptability/flexibility required for early detection of threats or risky behaviors
![Page 6: IBM Security Intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022051014/54b6f1de4a7959fd608b4580/html5/thumbnails/6.jpg)
IBM Security Systems
And continually adding context for increased accuracy
Security Intelligence Feeds
Internet ThreatsGeo Location Vulnerabilities
IBM QRadar SIEM Platform
© 2014 IBM Corporation6
![Page 7: IBM Security Intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022051014/54b6f1de4a7959fd608b4580/html5/thumbnails/7.jpg)
IBM Security Systems
Using fully integrated architecture and interface
IBM QRadar Platform
© 2014 IBM Corporation7
![Page 8: IBM Security Intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022051014/54b6f1de4a7959fd608b4580/html5/thumbnails/8.jpg)
IBM Security Systems
Continued journey towards Total Security Intelligence
IBM QRadar Security Intelligence
© 2014 IBM Corporation8
![Page 9: IBM Security Intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022051014/54b6f1de4a7959fd608b4580/html5/thumbnails/9.jpg)
IBM Security Systems
� Network traffic doesn’t lie. Attackers can stop logging and erase their tracks, but can’t cut off the network (flow data)• Deep packet inspection for Layer 7 flow data
• Pivoting, drill-down and data mining on flow sources for advanced detection and forensics
� Helps detect anomalies that might otherwise get missed
� Enables visibility into attacker communications
Differentiated by network flow analytics
IBM QRadar Platform
© 2014 IBM Corporation9
� Enables visibility into attacker communications
![Page 10: IBM Security Intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022051014/54b6f1de4a7959fd608b4580/html5/thumbnails/10.jpg)
IBM Security Systems
QRadar Risk Manager: Visualize network, configurations and risks
� Depicts network topology views and helps visualize current and alternative network traffic patterns
� Identifies active attack paths and assets at risk of exploit
IBM QRadar Risk Manager
© 2014 IBM Corporation10
� Collects network device configuration data to assess vulnerabilities and facilitate analysis and reporting� Discovers firewall configuration errors and improves
performance by eliminating ineffective rules
� Analyzes policy compliance for network traffic, topology and vulnerability exposures
![Page 11: IBM Security Intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022051014/54b6f1de4a7959fd608b4580/html5/thumbnails/11.jpg)
IBM Security Systems
Investigating offense attack path
� Clicking ‘attack path’ button for an offense performs search showing precise path (and all permutations) between involved source and destination IPs
� Firewall rules enabling the attack path can then be quickly analyzed to understand the exposure
IBM QRadar Risk Manager
© 2014 IBM Corporation11
understand the exposure
� Allows “virtual patch” to be applied by quickly showing which firewall rules may be changed to immediately shut down attack path—before patching or other configuration changes can typically be implemented
![Page 12: IBM Security Intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022051014/54b6f1de4a7959fd608b4580/html5/thumbnails/12.jpg)
IBM Security Systems
Strengthened by integrated vulnerability insights
IBM QRadar Vulnerability Manager
© 2014 IBM Corporation12
![Page 13: IBM Security Intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022051014/54b6f1de4a7959fd608b4580/html5/thumbnails/13.jpg)
IBM Security Systems
QVM enables customers to interpret ‘sea’ of vulnerabilities
IBM QRadar Vulnerability Manager
© 2014 IBM Corporation13
![Page 14: IBM Security Intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022051014/54b6f1de4a7959fd608b4580/html5/thumbnails/14.jpg)
IBM Security Systems
QRadar Security Intelligence easily grows with your needs
� Add QRadar Risk Manager • Enables pre-exploit configuration investigations
• Simplifies security policy reviews for compliance tests
� Implement QRadar Vulnerability Manager • Extends pre-exploit analysis - adds integrated,
vulnerability insights
• Reduces magnitude of pre-exploit conditions as QRadar SIEM does for post-exploit conditions
• Helps identify and measure exposures to external threats
IBM QRadar Security Intelligence
© 2014 IBM Corporation14
� Inject IBM X-Force Threat Research Intelligence- Provides intelligence feed to QRadar- Includes vulnerabilities, IP reputations, malware reports
• Simplifies security policy reviews for compliance tests
• Provides network topology depictions and permits attack simulations
� QRadar SIEM • Additional security telemetry data
• Rules-based correlation analysis engine
• Data overload reduction ‘magic’ compressing millions or even billions of daily raw events to manageable list of issues
![Page 15: IBM Security Intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022051014/54b6f1de4a7959fd608b4580/html5/thumbnails/15.jpg)
IBM Security Systems
QRadar Incident Forensics Module Overview
� Seamlessly integratedwith Security Intelligence incident detection and workflow processes
� Full packet capture for complete insight and incident forensics
IBM QRadar Incident Forensics
© 2014 IBM Corporation15
� Deep packet inspection , analytics and searching enabling powerful and intuitive forensics
� Providing unified view of all flow, user, event, and forensic information
![Page 16: IBM Security Intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022051014/54b6f1de4a7959fd608b4580/html5/thumbnails/16.jpg)
IBM Security SystemsOffering Overview
Family Product Appliance Virtual Appliance
Software
SIEM All-in-One 2100 Light 3 / 2100 / 3105 / 3124
3190 21XX Light 3 / 21XX / 31XX
Console 3105 / 3124 3190 31XX
Event Processor 1605 / 1624 1690 16XX
Flow Processor 1705 / 1724 1790 17XX
Como Event/Flow Processor 1805 18XX
Event Collector 5 1501 1590 15XX2
QFlow Collector 1201 / 1202 / 1301 / 1310 VFlow / 1290 12XX
© 2014 IBM Corporation16
QFlow Collector 1201 / 1202 / 1301 / 1310 VFlow / 1290 12XX
Log Manager All-in-1 2100 / 3105 / 3124 3190 21XX / 31XX 1
Console 3105 / 3124 3190 31XX 1
Event Processor 1605 / 1624 1690 16XX 1
QNAD QNAD QNAD
Risk Manager QRM QRM / QRM Light 4 QRM VM3 / QRM Light VM 4
QRM SW3 / QRM Light SW 4
Vulnerability Manager
QVM QVM3 QVM VM3 QVM SW3