IBM Security QRadar SIEM and Zscaler Nanolog Streaming Service Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Zscaler ‘s Nanolog Streaming Service (NSS). QRadar SIEM provides • Integrated log, threat, compliance management • Asset profiling and flow analytics • Offense management and workflow QRadar SIEM allows single pane troubleshooting of issues to create a Security Operations Center. Its powerful rules engine correlates data, detects anomalies and generates a manageable list of the highest priority risks requiring forensic investigation and remediation. QRadar SIEM derives value by working with best of breed products. Here are some real world examples combining these products together: Zscaler’s Direct-to-Cloud Network securely enables the productivity benefits of cloud, mobile and social technologies without the cost and complexity of traditional on-premise appliances and software. Zscaler complements the deep analysis capabilities of IBM’s Qradar SIEM solution by providing a comprehensive view into user activity. Nanolog Streaming Service (NSS) logs add deeper data analysis encompassing all users, across all devices and locations. NSS is provided as a virtual machine installed within the customer’s network. NSS connects to the cloud Nanologs and streams out all logs for a company in real time to the corporate SIEM or other storage devices. The following use cases are examples of how QRadar can leverage the value of NSS, which customers have already invested in. IBM Security QRadar and Zscaler combine to enable customers to reach compliance and security goals. 1. Potential botnet activity detected QRadar running at an international financial services organization receives 3 Zscaler NSS events indicating possible botnet command and control traffic, which generates an offense. The magnitude of the offense is increased to 10, when QRadar flow traffic confirms that multiple clients have regularly connected to the same set of external IP addresses over a period of 2 days. 2. Phishing threat detected Zscaler NSS sends 3 events to QRadar warning that a website containing potential phishing content has been contacted by 3 executives. QRadar generates a high magnitude offense when these events are correlated with XForce data that identifies that site as a phishing site. The SOC analyst changes the corporate Zscaler policy to block that phishing site in the future 3. Social network site allowed for privileged mobile users IBM Security QRadar SIEM and Zscaler Nanolog Streaming Service The severity of an event cautioning the use of a social network site is lowered when QRadar compares the user who generated the event with a reference set of mobile users who are permitted to use the site. A false positive is avoided. These examples show how QRadar can leverage the value of best of breed products your organization has already invested in, and combine that to enable you to reach compliance and security goals. Integrating Zscaler NSS with QRadar enables Zscaler customers to ensure compliance with regulatory mandates, to correlate logs from multiple devices to identify difficult to detect threats and conduct historical web log, flow and vulnerability analysis.