Professional Documents
Culture Documents
QRadar Family
Providing complete network and security intelligence, delivered simply, for any customer
QRadar SIEM
Overview
QRadar SIEM provides full visibility and actionable insight to protect networks and IT assets from a wide range of advanced threats, while meeting critical compliance mandates. Key Capabilities:
Sophisticated correlation of events, flows, assets, topologies, vulnerabilities and external data to identify & prioritize threats Network flow capture and analysis for deep application insight Workflow management to fully track threats and ensure resolution
QRadar SIEM
Benefits
Reduce the risk and severity of security breaches Remediate security incidents faster and more thoroughly Ensure regulatory and internal policy compliance Reduce manual effort of security intelligence operations
QRadar SIEM
Key Advantages
Real-time activity correlation based on advanced inmemory technology and widest set of contextual data Flow capture and analysis that delivers Layer 7 content visibility and supports deep forensic examination
Intelligent incident analysis that reduces false positives and manual effort
Unique combination of fast free-text search and analysis of normalized data Scalability for worlds largest deployments, using an embedded database and unified data architecture
QRadar SIEM
Market Success
Leader in Gartner SIEM Magic Quadrant
Ranked #1 product for Compliance needs by Gartner Only SIEM product that incorporates network behavior anomaly detection (NBAD)
Industry awards include:
Global Excellence in Surveillance Award from InfoSecurity Products Guide Hot Pick by Information Security magazine
GovernmentVAR 5-Star Award
QRadar SIEM
Customizable dashboards (work spaces) per user Real-time & historical visibility and reporting
Advanced data mining and drill down
QRadar SIEM
Offenses are a complete history of a threat or violation with full context about accompanying network, asset and user identity information
QRadar SIEM
QRadar SIEM
QRadar SIEM
1000s of real-time correlation rules and analysis tests 100s of out-of-the-box searches and views of network activity and log data
Provides quick access to critical information
11
QRadar SIEM
12
QRadar SIEM
13
QRadar SIEM
Extensible to include new regulations and best practices Can leverage existing correlation rules
14
QRadar SIEM
Use Cases
QRadar SIEM excels at the most challenging use cases:
Complex threat detection Malicious activity identification User activity monitoring Compliance monitoring Fraud detection and data loss prevention Network and asset discovery
15
QRadar SIEM
Required Visibility
Normalized event data Asset knowledge Vulnerability context
Network telemetry
16
QRadar SIEM
Network Scan
Detected by QFlow
Buffer Overflow
Exploit attempt seen by Snort
QRadar SIEM
Required Visibility
Distributed detection sensors Pervasive visibility across enterprise Application layer knowledge Content capture for impact analysis
Incomplete forensics
18
QRadar SIEM
19
QRadar SIEM
Required Visibility
Centralized logging and intelligent normalization Correlation of IAM information with machine and IP addresses Automated rules and alerts focused on user activity monitoring
20
QRadar SIEM
Host Compromised
All this followed by a successful login. Automatically detected, no custom tuning required.
21
QRadar SIEM
Required Visibility
Application layer visibility Visibility into network segments where logging is problematic
22
QRadar SIEM
23
QRadar SIEM
Required Visibility
Application layer visibility Visibility into network segments where logging is problematic
24
QRadar SIEM
Who?
An internal user
What?
Oracle data
Where?
Gmail
25
QRadar SIEM
Required Capability
Real-time knowledge of all assets on a network Visibility into asset communication patterns Classification of asset types
26
QRadar SIEM
Correlation on new assets & services Rules can fire when new assets and services come online
Enabled by QRadar QFlow and QRadar VFlow
27
QRadar SIEM
28
QRadar SIEM
Business Challenge
Q1 Labs Solution
More than 40 QRadar appliances deployed Forming a single federated solution covering IDS/IPS, wireless, IAM, databases, servers, core switches and more Monitors SAP and SCADA systems across 1,000 plant locations Deployment seamlessly spans security, network, applications and operations teams
29
QRadar SIEM
Business Challenge
Q1 Labs Solution
30
QRadar SIEM
Distributed architecture Highly scalable Analyze logs, flows, assets and more
31
QRadar SIEM
Summary QRadar SIEM delivers full visibility and actionable insight for Total Security Intelligence.
Broadest Correlation
Greatest Scalability
Providing complete network and security intelligence, delivered simply, for any customer
32