IBM Security QRadar SIEM and Zscaler Nanolog Streaming Service
Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with
Zscaler ‘s Nanolog Streaming Service (NSS).
QRadar SIEM provides
• Integrated log, threat, compliance management
• Asset profiling and flow analytics
• Offense management and workflow
QRadar SIEM allows single pane troubleshooting of issues to create a Security Operations
Center. Its powerful rules engine correlates data, detects anomalies and generates a manageable
list of the highest priority risks requiring forensic investigation and remediation. QRadar SIEM
derives value by working with best of breed products. Here are some real world examples
combining these products together:
Zscaler’s Direct-to-Cloud Network securely enables the productivity benefits of cloud, mobile
and social technologies without the cost and complexity of traditional on-premise appliances
and software. Zscaler complements the deep analysis capabilities of IBM’s Qradar SIEM
solution by providing a comprehensive view into user activity. Nanolog Streaming Service
(NSS) logs add deeper data analysis encompassing all users, across all devices and locations.
NSS is provided as a virtual machine installed within the customer’s network. NSS connects to
the cloud Nanologs and streams out all logs for a company in real time to the corporate SIEM or
other storage devices.
The following use cases are examples of how QRadar can leverage the value of NSS, which
customers have already invested in. IBM Security QRadar and Zscaler combine to enable
customers to reach compliance and security goals.
1. Potential botnet activity detected
QRadar running at an international financial services organization receives 3 Zscaler NSS
events indicating possible botnet command and control traffic, which generates an
offense. The magnitude of the offense is increased to 10, when QRadar flow traffic
confirms that multiple clients have regularly connected to the same set of external IP
addresses over a period of 2 days.
2. Phishing threat detected
Zscaler NSS sends 3 events to QRadar warning that a website containing potential
phishing content has been contacted by 3 executives. QRadar generates a high magnitude
offense when these events are correlated with XForce data that identifies that site as a
phishing site. The SOC analyst changes the corporate Zscaler policy to block that
phishing site in the future
3. Social network site allowed for privileged mobile users
IBM Security QRadar SIEM and Zscaler Nanolog Streaming Service
The severity of an event cautioning the use of a social network site is lowered when
QRadar compares the user who generated the event with a reference set of mobile users
who are permitted to use the site. A false positive is avoided.
These examples show how QRadar can leverage the value of best of breed products your
organization has already invested in, and combine that to enable you to reach compliance and
security goals.
Integrating Zscaler NSS with QRadar enables Zscaler customers to ensure compliance with
regulatory mandates, to correlate logs from multiple devices to identify difficult to detect threats
and conduct historical web log, flow and vulnerability analysis.