IBM Security

IBM Security

IBM Security’s QRadar SIEM technology provides log management, event management, reporting and

behavioral analysis for networks and applications. QRadar can be deployed as appliance or software

(running on Red Hat Enterprise Linux Server appliances) in an all­in­one solution for smaller

environments, or it can be horizontally scaled in larger environments using specialized event collection,

processing and console appliances. A distinguishing characteristic of the technology is the collection and

processing of NetFlow data, DPI, full packet capture, and behavior analysis for all supported event

sources.

Enhancements to QRadar during the past 12 months included the introduction of QRadar Incident

Forensics, which extends flow analysis, adding DPI and full packet capture capabilities. In addition, IBM

Security introduced integrated vulnerability scanning via QRadar Vulnerability Manager (using technology

licensed from Critical Watch), as well as new graphing/charting capabilities, improved search performance

and API enhancements. IBM has developed two­way integration between QRadar and IBM’s InfoSphere

BigInsights, and also with IBM’s analytics and data visualization technologies. IBM also provides additional

connectors to Hadoop instances.

IBM offers a co­managed service option for QRadar, which combines an on­premises QRadar deployment

with remote monitoring from IBM’s managed security services operations centers. QRadar is a good fit for

midsize and large enterprises that need general SIEM capabilities, and also for use cases that require

behavior analysis, NetFlow analysis and full packet capture.

Strengths

QRadar provides an integrated view of the threat environment using NetFlow DPI and full packet

capture in combination with log data, configuration data and vulnerability data from monitored

sources.

Customer feedback indicates that the technology is relatively straightforward to deploy and maintain

in both modest and large environments.

QRadar provides behavior analysis capabilities for NetFlow and log events.

 

Cautions

QRadar provides less­granular role definitions for workflow assignment compared with competitors’

products.

QRadar’s multitenant support requires a master console in combination with distributed QRadar

instances. The number of third­party service providers that offer QRadar­based monitoring services

is limited when compared with vendors that lead in this area.

Link: https://scadahacker.com/library/Documents/White_Papers/Gartner%20-%20Magic%20Quadrant%20for%20SIEM%20-%202014.pdf

 

  • Security information and event management (SIEM)technology supports threat detection and security incident response through the real-time collection and historical analysis of security events from a wide variety of event and contextual data sources. It also supports compliance reporting and incident investigation through analysis of historical data from these sources. The core capabilities of SIEM technology are a broad scope of event collection and the ability to correlate and analyze events across disparate sources.

Link: http://www.gartner.com/it-glossary/security-information-and-event-management-siem

 

 

  • The Five Pillars of Information Security

Link: http://cf.rims.org/Magazine/PrintTemplate.cfm?AID=2409

 

Place this order or similar order and get an amazing discount. USE Discount code “GWEXDDSRGCF10” for 10% discount