ibm qradar siem · ibm qradar siem augustin anić, system security engineer. agenda • siem leader...
TRANSCRIPT
IBM QRadar SIEM
Augustin Anić, System Security Engineer
Agenda
• SIEM leader• Effective Threat Detection• QRadar in action
– Dashboard– Search– Security incidents– Reports– User behaviour analysis
Gartner Magic Quadrant for SIEM
Open Platform
with hundreds of free integrations and content packs available via IBM Security App Exchange
See Everything
Automate Intelligence
Be Proactive
Effective Threat Detection
See EverythingGain comprehensive visibility into enterprise-wide data from behind a single pane of glass
BUSINESS CONTEXT
USERSCLOUD
APPLICATIONS
ENDPOINT
NETWORK
THREAT INTELLIGENCE
Automate IntelligenceAutomatically track threats as they progress, prioritize critical events and investigate potential incidents
Detect
Known and unknown threats
Connect
Related activity in multi-stage attacks
Prioritize
Business critical events
Investigate
Potential incidents with AI to find root
cause faster
Become Proactive
Hunt threats, respond faster and continuously improve based on lessons learned
Hunt ThreatsWith quick and advanced search
Respond Faster With automated containment and/orIR integration
Continuously ImproveWith closed-loop feedback based on lessons learned to improve automated detection processes
How it works?
QRadar dashboard
QRadar Search
QRadar offense/rules
QRadar reports
QRadar User behavior analysis
Summary
Trenutne prijetnje zahtijevaju konstantno nadziranje i analitiku
Potreba za centralnim sustavom obrade evenata u lokalnoj mreži
Potreba za automatizacijom detekcija sigurnosnih prijetnji i njihove prioritizacije
Proaktivnost i detekrianje prijetnji u ranijoj fazi njihove aktivnosti
Hvala na pažnji!