Total Security IntelligenceThe next generation of Log Management and SIEM

Dusan MilidragIBM

IBM Security Systems

Intelligence ● Integration ● ExpertiseIntelligence ● Integration ● Expertise

� Only vendor in the market with end-to-end coverage of the security foundation

� $1.8B investment in innovative technologies

� 6K+ security engineers and consultants

� Award-winning X-Force® research

� Largest vulnerability database in the industry

Who are Q1Labs:• Innovative Security Intelligence software

company• Leader in Gartner 2012, 2011, 201o Magic

Quadrant

Award winning solutions:• Family of next-generation Risk Management,

Log Management, SIEM, security intelligence solutions

Executing, growing rapidly:• +2000 customers worldwide• Five-year average revenue growth +70% • North America, EMEA and Asia Pacific

Some of Our European Customers…

� Compliance & Policy

� Billions of logs and records a day

� compliance validation requires logging and

reporting

� New regulations that have implications across

many vertical markets

� Configuration audits, manual processes

• Threats & Security Visibility

– Combating fraud, targeted exploits and cyber warfare requires intelligent visibility

– Telemetry for intelligence is traditionally siloed

– Without broad surveillance and integration, threats will be missed

– Siloed tools to address risk management lifecycle

QRadar: The Most Intelligent, Integrated, Automated Security Intelligence Platform in the Industry

Predict Risk

Detect InsiderFraud

ConsolidateData Silos

ExceedRegulation Mandates

Detect ThreatsOthers

Miss

Q1 Labs Solves Customer Problems with Total Security Intelligence

Was is a „Total Security Intelligence“?

Pre-Exploit Post-Exploit

Prediction/Prevention Phase Reaction/Remediation Pha seVulnerability Exploit Remediation

SIEM, Network/User Anomaly Detection,Log Management

Risk Management , Compliance Management,Vulnerability Management, Configuration Management

First Gen-SIEM

Suspected

Incidents

User correlation and application forensics

enabled fraud detection prior to

exploit completion

2Bn log and event records a day reduced to

25 high priority

Bolted Together Solution

• Scale problems• Disparate reporting, searching• No local decisions• Complex High Availability• Multi-product admin and DBA• Forklift upgrades• Duplicate log repositories• Operational bottleneck

• Highly scalable• Common reporting, searching• Distributed correlation• Integrated High Availability• Unified administration• Seamless expansion• Logs stored once• Total visibility

QRadar: Integration Eliminates False Choice Between Capability & Simplicity

QRadar Integrated Solution

Unified AdministrationTime spent managing security events was reduced by 80% compared to siloed systems

QRadar: Automation Drives Simplicity and Cost Effectiveness

Auto-discovery of log sourcesAuto-discovery of applicationsAuto-discovery of assetsAuto-grouping of assetsCentralized log managementAutomated configuration audits

Auto-tuning Auto-detect threatsThousands of pre-defined rulesEasy-to-use event filteringAdvanced security analytics

Thousands of predefined reportsAsset-based prioritizationAuto-update of threatsAuto-responseDirected remediation

Automation Drives Operations Efficiency“We were pleased with QRadar being extremely automated, equipped with compliance-driven report templates that were very useful out of the box, which spared us the manpower and resources of having to develop them ourselves.”

Efficient, Immediate, Custom

“Where it would take 10 days on our old system to build and test rules, it takes us just 10 minutes in QRadar.”

Fully Integrated Security Intelligence

• Turnkey log management• SME to Enterprise• Upgradeable to enterprise SIEM

• Integrated log, threat, risk & compliance mgmt.• Sophisticated event analytics• Asset profiling and flow analytics• Offense management and workflow

• Predictive threat modeling & simulation• Scalable configuration monitoring and audit• Advanced threat visualization and impact analysis

• Network analytics• Behavior and anomaly detection• Fully integrated with SIEM

• Layer 7 application monitoring• Content capture• Physical and virtual environments

SIEM

Log Management

Risk Management

Network Activity & Anomaly Detection

Network and Application

Visibility

The QRadar Security Intelligence SolutionsDeploy, Expand at Your Pace

• Turnkey log management• SME to Enterprise• Upgradeable to enterprise SIEM

• Integrated log, cyber threat, risk and compliance management

• Sophisticated event analytics• Asset profiling and flow analytics

• Predictive threat modeling & simulation• Scalable configuration monitoring and audit• Advanced threat visualization and impact analysis

Hihg Hihg

• Event Processors• Network Activity Processors• High Availability• Stackable Expansion• Embedded, real-time database

High Availability

VFlow Collector

QFlow Collector • Layer 7 application monitoring

• Content capture• Network Analysis

SIEM/SEM

Log Management

Risk Management

Scale

Visibility/NetworkActivity

One Console Security

HVALA!

dusan.milidrag@rs.ibm.com

IBM SRBIJA