Today’s networks are larger and more complex than ever before, and protecting them against malicious activity is a never-ending task. Organizations seeking to safeguard their intellectual property, protect their customer identities and avoid business disruptions need to do more than monitor logs and network flow data; they need to leverage advanced tools to detect these activities in a consumable manner. To help solve this every-going burden IBM has introduced its QRadar Security Intelligence Event Management (SEIM) solution. IBM Security QRadar is intended to collect security log data from an enterprise, including its devices' operating systems, security technologies and its applications. IBM Security QRadar then analyzes the log data to identify malicious activity so it can be stopped.
The Problem That Most Firms Face:
The security model of five to seven years ago is no longer adequate to meet contemporary challenges, as “Internet hooliganism” has given way to organized criminal activity. The older model is outmoded and does not scale in the face of today’s threats and IT environment. The new model focuses protection on high-risk assets using behavioral-based methodologies and continuous monitoring technology.In an era where employees, partners and customers regularly conduct business on the Internet, cybercriminals are able to exploit new attack vectors and leverage misplaced user trust.
Getting Greater Visibility: QRadar collects Information On The Following:
Security events: Events from firewalls, virtual private networks, intrusion detection systems, intrusion prevention systems and more
Network events: Events from switches, routers, servers, hosts and more
Network activity context: Layer 7 application context from network and application traffic
User or asset context: Contextual data from identity and access-management products and vulnerability scanners
Operating system information: Vendor name and version number specifics for network assets
Application logs: Enterprise resource planning (ERP), work flow, application databases, management platforms and more
DataHub has started its technical certification process on QRadar and hopes to be completed by Mid April 2016. For more information on QRadar, please go to our QRadar page.