Security Incident and Event Management (SIEM) - Managed and Hosted Solutions for IBM QRadar
6 likes1,289 views
Forsythe offers managed SIEM solutions using IBM QRadar to help Fortune 1000 organizations enhance their cybersecurity posture amidst increasing threats and a growing talent gap in the security workforce. SIEM software analyzes alerts from various technologies to identify potential security threats, allowing security teams to focus on critical investigations while reducing false positives. The document emphasizes the importance of selecting a suitable managed security services partner and outlines best practices for establishing a successful SIEM deployment.
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions for IBM QRadar
- 1. SECURITY INCIDENT AND EVENT MANAGEMENT (SIEM) MANAGED AND HOSTED SOLUTIONS FOR IBM QRADAR
- 2. www.forsythe.com Forsythe is a leading enterprise IT company, providing advisory services, security, hosting and technology solutions for Fortune 1000 organizations. Forsythe helps clients optimize, modernize and innovate their IT to become agile, secure, digital businesses. Sponsored by
- 4. WE’VE ALL SEEN WHO’S BEEN IN THE HEADLINES… Online Properties Automotive Retail Fast Food Healthcare Manufacturing Media & Entertainment Travel Telecommunications
- 5. AND WE’VE ALL HEARD FROM THE EXPERTS “You can’t protect everything equally… we have to find a way to control only what matters.” Earl Perkins, VP, Gartner “Today's security climate is such that enterprises fear becoming victims of the next major cyber attack or cyber extortion." Sean Pike, VP, IDC “…many global enterprises face targeted attacks on a daily basis.” Chris Sherman, Sr. Analyst, Forrester
- 6. Shortage is projected to reach 1.8 million professionals by 2022 MIND THE GAP THE SECURITY TALENT GAP IS GROWING Source: 2017 Global Information Security Workforce Study (GISWS)
- 7. BUT WHERE ARE THE REAL SECURITY THREATS LURKING?
- 8. Firewall Anti-malware Servers Perimeter Proxies Intrusion detection and protection Antivirus Infrastructure devices
- 9. ULTIMATE GOAL IS TO MAKE THE COMPANY MORE SECURE What to do? Limited resources Limited time Limited money
- 10. Ask yourself: a) Finding and retaining skilled security personnel b) Filling a security capability gap c) Getting value from the tools we have d) Keeping up with day to day operations WHAT IS YOUR BIGGEST SECURITY CHALLENGE?
- 11. WHAT IS A SIEM AND WHY DO I NEED ONE?
- 12. Defined, a SIEM stands for Security Information and Event Management and is software that identifies real-time possible security threats by analyzing alerts generated from network and security technologies WHAT IS A SIEM?
- 13. WHAT DOES A SIEM DO? 1. Various technologies are deployed in an IT environment. 2. They throw off alerts recorded in log files.. 3. That are fed into the SIEM software. 4. SIEM is configured with rules and use cases to identify possible threats. 5. SOC team proactively monitors the SIEM and investigates alerts triggered by the SIEM. 6. When threats are identified, remediation actions are taken on the technologies, and.. 7. Where investigated alerts are not deemed to be threats (“false positives”), rules and use cases are updated to suppress future alerting. SIEM 1 2 3 45 6 7
- 14. Reduce the number of people needed to stay on top of alerts Focus staff on threats requiring investigation and remediation Customize unique rules to eliminate ‘false positive’ alerts HOW DOES A SIEM HELP SECURITY POSTURE?
- 15. LET’S TALK ABOUT AN INDUSTRY- LEADING SIEM TECHNOLOGY…
- 16. IBM QRadar Chris Collard September, 2017 Offering Manager - QRadar
- 17. 17 IBM Security Advanced Threat Detection Insider Threat Securing the Cloud Risk and Vuln Management A cognitive security operations platform for the threats of tomorrow Critical Data Protection Compliance Incident Response Fast to deploy, easy to manage, and focused on your success
- 18. 18 IBM Security Watson for Cyber Security and i2 Enterprise Insight Analysis Core cognitive capability that continuously understands, reasons, and learns the many risk variables across the entire security ecosystem Cyber analysis to hunt for attackers and predict threats IBM QRadar: Continued investment based on client needs Incident Response and Network Insights Integration with Resilient enables building and executing automated incident response plans Network Insights bridges flows and full packet capture, enhancing real-time detection Security Intelligence on Cloud and Apps Deploy as SaaS offering or combine with hybrid cloud and on-prem environments Easily extend QRadar with apps, available on curated IBM App Exchange Network Forensics Incident forensics including full packet capture, storage, indexing, searching and session reconstruction Vulnerability and Risk Management Real-time vulnerability scanning and prioritizations, combined with configuration analysis, policy monitoring, and risk assessment Log Management Identity management, complete log management, and compliance reporting SIEM Combined flows, behavioral analytics, SIM and vulnerabilities into one of the first SIEMs ClientNeeds Flow Visualization and NBAD Anomaly detection and threat resolution plus network visualization Platformevolutionbasedonclientneeds 2002 – 2005 2006 – 2007 2008 – 2009 2010 – 2013 2014 2015 2016 2017
- 19. 19 IBM Security Cognitive Security Starts Here IBM Security Introduces a Revolutionary Shift in Security Operations IBM CONFIDENTIAL • Employs powerful cognitive capabilities to investigate and qualify security incidents and anomalies on behalf of security analysts • Powered by Watson for Cyber Security to tap into vast amounts of security knowledge and deliver insights relevant to specific security incidents • Transforms SOC operations by addressing current challenges that include skills shortages, alert overloads, incident response delays, currency of security information and process risks • Designed to be easily consumable: delivered via IBM Security App Exchange and deployed in minutes NEW! IBM QRadar Advisor with Watson
- 20. 20 IBM Security Revolutionize how security analysts work Automatically uncover new security context and full scope of an incident • 2.3M+ security documents • 10B+ security data elements • 80K+ documents read per day • 250K+ investigations enhanced in just six months IBM QRadar Advisor with Watson
- 21. 21 IBM Security Case Study: An international energy company reduces billions of events per day to find those that should be investigated An international energy firm analyzes 2 billion events per day to find 20-25 potential offenses to investigate Business challenge Reducing huge number of events to find the ones that need to be investigated Automating the process of analyzing security data IBM Security Solutions (QRadar SIEM, QFlow, Risk Manager) Combined analysis of historical data with real-time alerts to gain a ‘big picture’ view and uncover patterns of unusual activity humans miss and immediately block suspected traffic Optimize threat analysis
- 22. Ask yourself: a) Haven’t considered b) Currently evaluating c) Deployed and running smoothly d) Deployed but unmanaged WHERE ARE YOU ON YOUR SIEM “JOURNEY”?
- 24. CONSUMPTION MODELS Deployed SIEM Buy a SIEM and run it Co-Managed SIEM Buy a SIEM and have an MSSP help support it As-a-Service SIEM Full Opex model for SIEM and operations, pay as you go
- 25. IBM QRADAR The backbone of Forsythe’s SIEMaaS Inclusive of hardware, SIEM software, hosting, and support Located in Forsythe’s Uptime Institute certified Tier III hosting facility in Chicago Priced on a per Events Per Second (“EPS”) basis FORSYTHE SIEMAAS
- 26. KEY SERVICE COMPONENTS Event Management Ongoing TuningTechnology Lifecycle Management Incident Management
- 27. WHAT TO LOOK FOR IN A MSSP PARTNERSHIP Setting Expectations A good partner will help you ask the right questions upfront to set appropriate expectations and avoid surprises. Onboarding for Success A successful activation requires upfront tuning of the environment. Make sure the partner offers this. Engineering Expertise Be clear on the level of technical expertise and if the technical team is tasked with identifying and rectifying issues proactively. Ongoing Tuning Work with a partner whose shared goal is your improved security posture and will therefore perform the required tuning. Flexibility Understand that some providers are more flexible than others. Culture and Communication For partnership to work, everyone must be dedicated to problem-solving, effective communication and a sense of teamwork.
- 28. Understand your security mandate1 2 3 4 5 6 7 Determine build-vs-buy consumption model Do not get caught in product comparison paralysis Evaluate staffing limitations and priorities Engage an MSSP where appropriate to add value Identify and incorporate SLAs into contracts Check references GETTING STARTED
- 29. AUTHORS PATRICK ZELTEN Vice President Managed Services Forsythe CHRIS COLLARD Offering Manager QRadar SaaS, Cloud & MSS IBM
- 30. READ RELATED ARTICLES: 5 Steps to Choosing a Managed Hosting and Managed Services Partner http://focus.forsythe.com/articles/346/5-Steps-to-Choosing-a-Managed- Hosting-and-Managed-Services-Partner 7 Steps to a Successful Partnership with a Managed Security Services Provider http://focus.forsythe.com/articles/305/7-Steps-to-a-Successful-Partnership- with-a-Managed-Security-Services-Provider 6 Questions to Help You Find the Right Managed Security Services Provider http://focussecurity.forsythe.com/articles/447/6-Questions-to-Help-You-Find- the-Right-Managed-Security-Services-Provider
- 31. http://focus.forsythe.com OR FIND MORE ARTICLES ABOUT BUSINESS AND TECHNOLOGY SOLUTIONS AT FOCUS ONLINE: