IBM Security QRadar SIEM and Cisco IronPort IBM QRadar Security Intelligence Platform integrates with Cisco IronPort (WSA and ESA) to help customers with their most challenging use cases. QRadar SIEM provides • Integrated log, threat, compliance management • Asset profiling and flow analytics • Offense management and workflow QRadar SIEM allows single pane troubleshooting of issues to create a Security Operations Center. Its powerful rules engine correlates data, detects anomalies and generates a manageable list of the highest priority risks requiring forensic investigation and remediation. QRadar SIEM derives value by working with best of breed products. Cisco IronPort provides QRadar with a rich source of contextual data that can be correlated with other data sources and used by our out of the box rules and reports. The Cisco Web Security Appliance (WSA) is the first secure web gateway to combine advanced malware protection, application visibility and control, acceptable use policy controls, insightful reporting, and secure mobility on a single platform, helping organizations address the growing challenges of securing and controlling web traffic. The Cisco WSA enables simpler, faster deployment with fewer maintenance requirements, reduced latency, and lower operating costs. “Set and forget” technology frees up staff once initial automated policy settings go live, and automatic security updates are pushed to network devices every three to five minutes. Flexible deployment options and integration with the existing security infrastructure help customers meet demanding business needs. Cisco® Email Security solutions defend mission-critical email systems with appliance, virtual, cloud, and hybrid solutions. The industry leader in email security solutions, according to an Infonetics Research 2013 study, Cisco delivers: ● Fast, comprehensive email protection that blocks spam, malware and other threats while providing protection before, during, and after an attack ● Flexible cloud, virtual, and physical deployment options to meet your ever-changing business needs ● Outbound message control through on-device data loss prevention (DLP), email encryption, and optional integration with the RSA enterprise DLP solution ● One of the lowest total cost of ownership (TCO) email security solutions available Cisco’s all-in-one solution offers simple, fast deployment, with few maintenance requirements, low latency, and low operating costs. Our set-and-forget technology frees your staff after the automated policy settings go live. The solution then automatically IBM Security QRadar SIEM and Cisco IronPort forwards security updates to Cisco’s cloud-based threat intelligence solution. This threat intelligence data is pulled by the Cisco Email Security Appliances (ESAs) every three to five minutes, providing you with industry-leading threat defense hours or days before other vendors. Flexible deployment options and smooth integration with your existing security infrastructure make Cisco Email Security an excellent fit for your business needs. The following use cases are examples of how QRadar can leverage the value of IronPort which customers have already invested and deployed throughout their infrastructure. IBM Security QRadar and Cisco combine to enable customers to reach compliance and security goals, and reduce the risk and severity of security breaches. 1. Malware outbreak prevented A large educational institute is running Cisco ESA, WSA and QRadar. Cisco sends QRadar 3 antivirus warning events from across the campus within a 3 minute period. QRadar correlates this with XForce Reputation data and generates an offense because the source IP address of the virus alerts matches that of a known malware site. The security analyst notified of this offense takes action to modify the WSA policy to prevent future malware attacks. 2. Spam campaign stopped and Personally Identifiable Information leak prevented A province-wide health provider is running Cisco Ironport and QRadar. ESA sends QRadar an alert that Spam has been detected going to the executive team and the Health Records department. When QRadar correlates this activity with a file access alert on the Health Record file share, it generates an offense. The SOC analyst investigates and takes action to ensure the spam is blocked and the file server is protected, preventing loss of patient information 3. Malware blocked and offending site quarantined A national financial services organization is running Cisco ESA, IBM Security Network Protection XGS and QRadar. When their network analyst sees a malware alert come into QRadar from Cisco ESA, she right-clicks on the event and sends the IP address to the XGS appliance so that the site can be quarantined. A short time later, the analyst sees that Cisco ESA is also sending Quarantine events, and she closes the offense. Integrating the Cisco Web Security and Email Security solutions with QRadar enables insight, visibility, and actionable intelligence gleaned through the depth in defense and comprehensive security services for all web and email traffic extended across the enterprise to combat complex security threats. QRadar benefits by getting a rich source of contextual data, enabling QRadar to identify and alert on anomalous behavior and threats, enabling you to reach your compliance and security goals.