Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Product Overview
QRadar QRadar
QRadar QRadar QRadar
Log Risk
SIEM QFlow VFlow
Manager Manager
2
QRadar SIEM
Overview
Key Capabilities:
• Sophisticated correlation of events, flows, assets, topologies,
vulnerabilities and external data to identify & prioritize threats
• Network flow capture and analysis for deep application insight
• Workflow management to fully track threats and ensure resolution
• Scalable architecture to support the largest deployments
3
QRadar SIEM
Benefits
4
QRadar SIEM
Key Advantages
5
QRadar SIEM
Market Success
6
QRadar SIEM
Product Tour: Integrated Console
• Single browser-based UI
• Role-based access to
information & functions
• Customizable dashboards
(work spaces) per user
• Real-time & historical
visibility and reporting
• Advanced data mining and drill down
• Easy to use rules engine with out-of-the-box security intelligence
7
QRadar SIEM
Product Tour: Data Reduction & Prioritization
8
QRadar SIEM
Product Tour: Intelligent Offense Scoring
9
QRadar SIEM
Product Tour: Offense Management
Clear, concise and comprehensive delivery of relevant information:
What was
the attack?
Was it
Who was successful?
responsible?
Where do I
find them? How valuable
How many are the targets to
targets the business?
involved?
Where is all
the evidence?
10
QRadar SIEM
Product Tour: Out-of-the-Box Rules & Searches
Default log queries/views
1000’s of real-time correlation
rules and analysis tests
11
QRadar SIEM
Product Tour: Flows for Network Intelligence
12
QRadar SIEM
Product Tour: Flows for Application Visibility
13
QRadar SIEM
Product Tour: Compliance Rules and Reports
14
QRadar SIEM
Use Cases
Compliance monitoring
15
QRadar SIEM
Use Case: Complex Threat Detection
16
QRadar SIEM
Use Case: Complex Threat Detection
Sounds Nasty…
But how do we know this?
The evidence is a single click
away.
17
QRadar SIEM
Use Case: Malicious Activity Identification
18
QRadar SIEM
Use Case: Malicious Activity Identification
19
QRadar SIEM
Use Case: User Activity Monitoring
20
QRadar SIEM
Use Case: User Activity Monitoring
Authentication Failures
Perhaps a user who forgot his/her
password?
Host Compromised
All this followed by a successful login.
Automatically detected, no custom
tuning required.
21
QRadar SIEM
Use Case: Compliance Monitoring
22
QRadar SIEM
Use Case: Compliance Monitoring
PCI Compliance
at Risk?
Unencrypted Traffic
Compliance Simplified QFlow saw a cleartext service running on the
Out of the box support for all major Accounting server.
compliance and regulatory standards.
PCI Requirement 4 states: Encrypt transmission
of cardholder data across open, public networks
23
QRadar SIEM
Use Case: Fraud & Data Loss Prevention
24
QRadar SIEM
Use Case: Fraud & Data Loss Prevention
Potential Data Loss?
Who? What? Where?
Who?
An internal user
What?
Oracle data
Where?
Gmail
25
QRadar SIEM
Use Case: Network and Asset Discovery
26
QRadar SIEM
Use Case: Network and Asset Discovery
Server Discovery
Identifies & classifies server infrastructure
based on these asset profiles
28
QRadar SIEM
Case Study: $100B US Manufacturer
29
QRadar SIEM
Case Study: Fortune 5 Energy Company
Q1 Labs
• 30 QRadar systems deployed globally as a federated solution
Solution
• Identify 25-50 high priority offenses out of 2 billion daily events
• Protect 10,000 network devices, 10,000 servers and 80,000
user endpoints
• Monitor 6 million card swipes per day for PCI compliance
• Ensure security of SCADA systems for NERC compliance
30
QRadar SIEM
Intelligent, Integrated and Automated
• Distributed architecture
• Easy deployment
• Highly scalable
• Rapid time to value
• Analyze logs, flows,
• Operational efficiency
assets and more
31
QRadar SIEM
Summary
32