Alex Kioni
IBM Security Systems Technical Consultant
QRadar Family
Intelligent, Integrated, Automated
QRadar
Log
Manager
QRadar
SIEM
QRadar
QFlow
QRadar
VFlow
QRadar
Risk
Manager
Vulnerability
Manager
SIEM
Configuration
& Vulnerability
Management
Network
Activity &
Anomaly
Detection
Network and
Application
Visibility
4
Network analytics
Behavioral anomaly detection
Fully integrated in SIEM
Description
QRadar SIEM
QRadar QFlow
QRadar VFlow
QRadar Risk Manager identifies and reduces security risks through device
configuration monitoring, vulnerability prioritization, and threat simulation
and visualization. It can help prevent many security breaches while
improving operational efficiency and compliance.
SIEM
Configuration
& Vulnerability
Management
Network
Activity &
Anomaly
Detection
Network and
Application
Visibility
6
Network analytics
Behavioral anomaly detection
Fully integrated in SIEM
Security Devices
Servers & Mainframes
True Offense
Event Correlation
Logs
Flows
IP Reputation
Geo Location
Application Activity
Configuration Info
Vulnerability & Threat
User Activity
Database Activity
Application Activity
Network Activity
Credibility
Severity
Relevance
Suspected Incidents
Extensive Data
Sources
Offense Identification
Deep
Intelligence
10
12
13
15
Who was
responsible
?!
Where do I
find them?!
How many
targets
involved?!
How valuable
are the targets
to the
business?!
Are any of
them
vulnerable?!
Where is all
the
evidence?!
16
17
18
19
20
Required Visibility
Vulnerability context
Asset knowledge
Network telemetry
22
Network Scan!
Detected by QFlow !
Buffer Overflow!
Exploit attempt seen by Snort!
Required Visibility
Distributed infrastructure
24
Irrefutable Botnet
Communication!
Layer 7 data contains botnet command and
control instructions.!
25
Required Visibility
26
Host Compromised!
All this followed by a successful
login.!
Automatically detected, no custom
tuning required.!
27
Required Visibility
28
Unencrypted Traffic!
Compliance Simplified!
Out of the box support for all major
compliance and regulatory standards.!
29
Required Visibility
30
Who?!
An internal user!
What?!
Oracle data!
Where?!
Gmail!
31
Required Capability
32
33
Business
Challenge
Q1 Labs
Solution
34
Business
Challenge
Q1 Labs
Solution
35
Business
Challenge
Q1 Labs
Solution
36
Distributed architecture
Highly scalable
Analyze logs, flows,
assets and more
37
Easy deployment
Rapid time to value
Operational efficiency
Deepest Content
Insight
Broadest
Correlation
Greatest
Scalability
ibm.com/security
Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is
provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to,
these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its
suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials
to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities
referenced in these materials may change at any time at IBMs sole discretion based on market opportunities or other factors, and are not intended to be a
commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International
Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of
others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper
access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to
or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure
can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will
2013 IBM Corporation
39 necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT
WARRANT
THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.