Add to collection(s) Add to saved
  1. No category
Uploaded by Debanga Singha

QRadar Analyst Workflow

advertisement 
IBM Security Master Skills University
IBM QRadar Analyst Workflow
—
David Chun – Offering Manager
Rick McCaskill – Design Manager
Shane Stewart – Development Lead
September 22, 2020
Agenda
Overview (15 min)
Demo (20 min)
Roadmap (10 min)
Q&A (15 min)
IBM Security / © 2020 IBM Corporation
Rick McCaskill
Shane Stewart
David Chun
Rick, Shane, David
2
IBM QRadar Analyst Workflow
Overview
IBM Security / © 2020 IBM Corporation
3
Introducing IBM QRadar
Analyst Workflow
Streamlined offense management
Accelerate triage processes with easy to
understand insights and deep dives into your
security data.
New modern user interface
Built using IBM Carbon design language with an
emphasis on usability and accessibility.
Consolidated investigation experience
Easily triage, investigate, and search on IOCs from
a single user interface.
IBM Security / © 2020 IBM Corporation
4
How Analyst Workflow fits into the bigger picture
IBM Security / © 2020 IBM Corporation
Builds on existing QRadar
core
Incrementally enhanced
through a continuous
delivery model
Integrates with preexisting apps and other
IBM Security offerings
Used in parallel with
existing “classic” QRadar
UI
5
IBM QRadar Analyst Workflow
Impact of Analyst Workflow on an
investigation scenario
IBM Security / © 2020 IBM Corporation
6
Investigation scenario
QRadar has fired a rule for excessive firewall
connection deny requests for internal-to-external
connections. This is a default out-of-box rule for
QRadar.
The backdrop: An endpoint was infected by
EMOTET through a phishing email, and EMOTET is
trying to get through to its command-and-control
server. The firewall has successfully been blocking
these connection attempts. These connection deny
requests have triggered the rule.
IBM Security / © 2020 IBM Corporation
7
Analyst workflow with “classic” QRadar UI
IBM Security / © 2020 IBM Corporation
8
How Analyst Workflow changes the picture
Analyst Workflow brings key investigation information into the
analyst’s workspace, rather than requiring the analyst to hunt down
the information elsewhere.
What does this mean? The analyst sees threat intelligence, asset
information, rule details, risk indicators, and more without needing to
leave the offense.
IBM Security / © 2020 IBM Corporation
9
IBM QRadar Analyst Workflow
Demo
IBM Security / © 2020 IBM Corporation
10
IBM Cloud Pak for Security
An open multicloud platform to gain security insights, take action faster,
and modernize your architecture
Modular security capabilities
Threat
Management
Data
Security
Identity & Access
Management
Open Security
Ecosystem
Platform services
• Data connection
• Case management
• Automation
• Asset enrichment
• Orchestration
• Development tools
Open and integrated hybrid multicloud platform
SIEM
tools
IBM Security / © 2020 IBM Corporation
EDR
tools
On premise
Cloud
repositories
Data
lakes
Database
protection
Hybrid Cloud
Network
protection
Additional
point solutions
Multicloud
11
Unifying threat management with IBM Security
Visibility
Connect to on-premise and cloud
data sources and customize
dashboards for broad visibility
IBM Security / DRAFT / © 2019 IBM Corporation
Detection
Isolate threats and reduce
false positives
Investigation
Run federated searches and
collaborate through integrated
Case Management
Response
Respond faster with out of the
box playbooks, built-in
orchestration and automation,
including Ansible
12
Thank you
Follow us on:
ibm.com/security
securityintelligence.com
ibm.com/security/community
xforce.ibmcloud.com
@ibmsecurity
youtube.com/ibmsecurity
© Copyright IBM Corporation 2020. All rights reserved. The information contained in these materials is provided for
informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of
direction represents IBM’s current intent, is subject to change or withdrawal, and represent only goals and objectives.
IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines
Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks
or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through
prevention, detection and response to improper access from within and outside your enterprise. Improper access can
result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your
systems, including for use in attacks on others. No IT system or product should be considered completely secure and no
single product, service or security measure can be completely effective in preventing improper use or access. IBM
systems, products and services are designed to be part of a lawful, comprehensive security approach, which will
necessarily involve additional operational procedures, and may require other systems, products or services to be most
effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise
immune from, the malicious or illegal conduct of any party.
Related documents
IBM China/Hong Kong Limited
IBM China/Hong Kong Limited
Exam C1000-026 IBM Security QRadar SIEM V7.3.2 Fundamental Administration
Exam C1000-026 IBM Security QRadar SIEM V7.3.2 Fundamental Administration
IBM - Satya College of Engineering and Technology
IBM - Satya College of Engineering and Technology
Exam C1000-140 IBM Security QRadar SIEM V7.4.3 Deployment
Exam C1000-140 IBM Security QRadar SIEM V7.4.3 Deployment
Lesson 1 - Computer Technology
Lesson 1 - Computer Technology
Exam C1000-043 IBM Blueworks Live and Business Automation Workflow Business Analyst v18
Exam C1000-043 IBM Blueworks Live and Business Automation Workflow Business Analyst v18
T E P :
T E P :
Download
advertisement