Q1 labs total security intelligence dusan milidrag
-
date post
19-Oct-2014 -
Category
Technology
-
view
815 -
download
1
description
Transcript of Q1 labs total security intelligence dusan milidrag
Total Security IntelligenceThe next generation of Log Management and SIEM
Dusan MilidragIBM
IBM Security Systems
Intelligence ● Integration ● ExpertiseIntelligence ● Integration ● Expertise
� Only vendor in the market with end-to-end coverage of the security foundation
� $1.8B investment in innovative technologies
� 6K+ security engineers and consultants
� Award-winning X-Force® research
� Largest vulnerability database in the industry
Who are Q1Labs:• Innovative Security Intelligence software
company• Leader in Gartner 2012, 2011, 201o Magic
Quadrant
Award winning solutions:• Family of next-generation Risk Management,
Log Management, SIEM, security intelligence solutions
Executing, growing rapidly:• +2000 customers worldwide• Five-year average revenue growth +70% • North America, EMEA and Asia Pacific
Some of Our European Customers…
� Compliance & Policy
� Billions of logs and records a day
� compliance validation requires logging and
reporting
� New regulations that have implications across
many vertical markets
� Configuration audits, manual processes
• Threats & Security Visibility
– Combating fraud, targeted exploits and cyber warfare requires intelligent visibility
– Telemetry for intelligence is traditionally siloed
– Without broad surveillance and integration, threats will be missed
– Siloed tools to address risk management lifecycle
QRadar: The Most Intelligent, Integrated, Automated Security Intelligence Platform in the Industry
Predict Risk
Detect InsiderFraud
ConsolidateData Silos
ExceedRegulation Mandates
Detect ThreatsOthers
Miss
Q1 Labs Solves Customer Problems with Total Security Intelligence
Was is a „Total Security Intelligence“?
Pre-Exploit Post-Exploit
Prediction/Prevention Phase Reaction/Remediation Pha seVulnerability Exploit Remediation
SIEM, Network/User Anomaly Detection,Log Management
Risk Management , Compliance Management,Vulnerability Management, Configuration Management
First Gen-SIEM
Suspected
Incidents
User correlation and application forensics
enabled fraud detection prior to
exploit completion
2Bn log and event records a day reduced to
25 high priority
Bolted Together Solution
• Scale problems• Disparate reporting, searching• No local decisions• Complex High Availability• Multi-product admin and DBA• Forklift upgrades• Duplicate log repositories• Operational bottleneck
• Highly scalable• Common reporting, searching• Distributed correlation• Integrated High Availability• Unified administration• Seamless expansion• Logs stored once• Total visibility
QRadar: Integration Eliminates False Choice Between Capability & Simplicity
QRadar Integrated Solution
Unified AdministrationTime spent managing security events was reduced by 80% compared to siloed systems
QRadar: Automation Drives Simplicity and Cost Effectiveness
Auto-discovery of log sourcesAuto-discovery of applicationsAuto-discovery of assetsAuto-grouping of assetsCentralized log managementAutomated configuration audits
Auto-tuning Auto-detect threatsThousands of pre-defined rulesEasy-to-use event filteringAdvanced security analytics
Thousands of predefined reportsAsset-based prioritizationAuto-update of threatsAuto-responseDirected remediation
Automation Drives Operations Efficiency“We were pleased with QRadar being extremely automated, equipped with compliance-driven report templates that were very useful out of the box, which spared us the manpower and resources of having to develop them ourselves.”
Efficient, Immediate, Custom
“Where it would take 10 days on our old system to build and test rules, it takes us just 10 minutes in QRadar.”
Fully Integrated Security Intelligence
• Turnkey log management• SME to Enterprise• Upgradeable to enterprise SIEM
• Integrated log, threat, risk & compliance mgmt.• Sophisticated event analytics• Asset profiling and flow analytics• Offense management and workflow
• Predictive threat modeling & simulation• Scalable configuration monitoring and audit• Advanced threat visualization and impact analysis
• Network analytics• Behavior and anomaly detection• Fully integrated with SIEM
• Layer 7 application monitoring• Content capture• Physical and virtual environments
SIEM
Log Management
Risk Management
Network Activity & Anomaly Detection
Network and Application
Visibility
The QRadar Security Intelligence SolutionsDeploy, Expand at Your Pace
• Turnkey log management• SME to Enterprise• Upgradeable to enterprise SIEM
• Integrated log, cyber threat, risk and compliance management
• Sophisticated event analytics• Asset profiling and flow analytics
• Predictive threat modeling & simulation• Scalable configuration monitoring and audit• Advanced threat visualization and impact analysis
Hihg Hihg
• Event Processors• Network Activity Processors• High Availability• Stackable Expansion• Embedded, real-time database
High Availability
VFlow Collector
QFlow Collector • Layer 7 application monitoring
• Content capture• Network Analysis
SIEM/SEM
Log Management
Risk Management
Scale
Visibility/NetworkActivity
One Console Security