Security Monitoring (SIEM) – IBM QRadar
IBM Security QRadar is an open platform for collecting and evaluating security events. The solution enables security analysts to effectively respond to security incidents, or to anticipate and prevent these incidents. Nowadays, simple log management is not sufficient anymore, but it is necessary to put information into a broader context along with information about network flow, vulnerabilities and the level of risk for a given segment or device. QRadar solution provides log management, event management, reporting, and behavioral analysis for networks and applications or users.
- Intelligent alert creation – correlation of a large number of items into a single incident, as opposed to creating multiple incidents,
- Out-of-the-box content – The QRadar system contains hundreds of correlation rules that implement the most common Use cases, including pre-built reports, dashboards, etc.
- High level of customization – whether it is graphical editing, creation of own dashboards, rules, reports, etc., as well as simple editing or adding new data sources.
- Wide support for data sources
- Forensic analysis – QRadar Incident Forensics – step-by-step analysis of the attack and clear identification of compromised parts of the network; Reduces the time it takes for a security team to review attack records.
- User Behavior Analysis – analyzes user behavior to detect suspicious behavior; it adds, for example, user information to the context of logs and vulnerabilities.
- Network Behavioral Analysis – anomaly detection for events and network flows – the system learns what are the usual event rates (events per second) for each IP or device and can identify sudden changes; It also detects anomalies in network communication.
- AI engagement – AI enables security analysts to investigate consistently and accelerate and escalate incidents more decisively, comparing and exploring local information along with external ones.
- Support for multi-tenancy – supports the ability to separate infrastructure elements for self-management of network parts, for example for child organizations
Fulfillment of domains of Act No. 69/2018 Coll. on cybersecurity
- Security in the operation of information systems and networks,
- Protection against malicious code,
- Event recording and monitoring
- Vulnerability assessments and security updates
- Management of cybersecurity incidents.
- Security Intelligence platform – enables a comprehensive understanding of various sources and relevant security information (as a framework to support future expansion and integration with third-party solutions)
- Modular solution – from detection of potential vulnerabilities, detection of incidents to behavioral investigation,
- Integration to hundreds of hundreds of different devices across suppliers (QRadar provides two-way APIs)
- Pre-prepared correlation rules and reports easily modifiable by client’s needs and rules
- Fulfillment of the requirements of Act No. 69/2018 Coll. on cybersecurity