IBM Security QRadar SIEM and Damballa Failsafe IBM QRadar Security Intelligence Platform integrates with Damballa Failsafe to help customers with their most challenging use cases. QRadar SIEM provides • Integrated log, threat, compliance management • Asset profiling and flow analytics • Offense management and workflow QRadar SIEM allows single pane troubleshooting of issues to create a Security Operations Center. Its powerful rules engine correlates data, detects anomalies and generates a manageable list of the highest priority risks requiring forensic investigation and remediation. QRadar SIEM derives value by working with best of breed products. Damballa Failsafe provides QRadar with a rich source of contextual data that can be correlated with other data sources and used by our out of the box rules and reports. Here are some real world examples combining these products together: Today’s threats evolve constantly. Prevention tools, like anti-virus, firewalls and sandboxes, can’t stop infections they haven’t seen before. Damballa Failsafe fills the gap between failed prevention and your incident response. Damballa Failsafe is an automatic breach defense system that detects successful infections with certainty, terminates their activity and gives responders the ammunition needed to rapidly prevent loss. The following use cases are examples of how QRadar can leverage the value of Failsafe which customers have already invested and deployed throughout their infrastructure. IBM Security QRadar and Cisco combine to enable customers to reach compliance and security goals, and reduce the risk and severity security breaches. 1. Identify Infected devices with certainty One of the region’s top 10 banks is running Damballa Failsafe and IBM Security QRadar SIEM. Failsafe sends QRadar an event confirming that a malicious file was executed on one of the bank’s on-line banking servers. QRadar sees that the server is one of the bank’s critical assets. QRadar immediately sends an alert to the bank’s incident response team member responsible for the host, notifying them that a magnitude 10 offense occurred. That individual takes action to clean the infected host. 2. Prioritize remediation based on the highest risk devices A leading retailer’s QRadar SIEM receives Failsafe events indicating that multiple hosts receiving POS data have connected to a Command and Control server. At the same time QRadar sees network traffic that these hosts are IBM Security QRadar SIEM and Damballa Failsafe exhibiting behavior indicative of automated activity, and issued an HTTP request to potentially harmful site. QVM shows that 2 of these hosts have vulnerabilities. QRadar generates an offense and the Retailer’s SOC analyst knows that those 2 hosts must be patched immediately. 3. Reduce magnitude of offense due to remediation. QRadar running at a mid-sized manufacturing company receives a Failsafe event at 2:00 am indicating their server hosting new product plans has been infected by malware. QRadar sends an email to the security analyst. An hour later, Failsafe reports that the asset has been remediated. QRadar reduces the magnitude of the offense and sends another email to the analyst so they are aware no action is required. These examples show how QRadar can leverage the value of best of breed products customers have already invested in throughout their infrastructure and combine that to enable them to reach compliance and security goals. Integrating Failsafe with QRadar enables customers to Detect, Respond and Recover rapidly across the enterprise.