Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

IBM Security Intelligence Platform Integration with FireEye MPS

advertisement 
IBM Security Intelligence Platform Integration with FireEye MPS, eMPS and MA
appliances
The new threat landscape includes advanced malware, zero-day and targets Advanced
Persistent Threats. FireEye’s Malware Protection System (MPS) offers next generation
threat protection that fills the holes left by other solutions, such as firewalls, IPS,
gateways and AV. FireEye is the leader in stopping the new breed of cyber attacks, such
as such as advanced malware, that easily bypass traditional signature-based defenses and
compromise the majority of enterprise networks. FireEye's next-generation threat
protection complements these defenses with the world's only signature-less solution that
protects across all major threat vectors. .
QRadar SIEM provides
• Integrated log, threat, compliance management
• Asset profiling and flow analytics
• Offense management and workflow
QRadar SIEM allows single pane troubleshooting of issues to create a Security
Operations Center. QRadar can leverage the value of best of breed products you have
already invested in throughout your infrastructure and combine that to enable you to
reach compliance and security goals.
Here are some real world examples combining these products together:
1. FireEye is on the inside network, it has no idea who the outside IP address is. Just
leveraving our data gathering ability QRadar SIEM will provide the real IP address of the
threat, lookup the system domain and name, IPS and flow information can tell if that
source is active in any other ways and XForce threat feed will tell if the source is a
known threat.
2. When FireEye finds an attempt to attack a vulnerability, QRadar and QVM/QRM can
immediately see what other critical systems are vulnerable to that active attack and
prioritize the immediate patching or blocking to those systems.
3. FireEye File MPS analyzes a file share and detects weaponized office document and
alerts. QRadar can create an offense and target the person who wrote that file and what
activity they are doing now to determine the reaction.
4. QRadar can report on all threats found to critical servers including threats FireEye
found, by threat level, server importance and over specified time periods
5. When we release support for FireEye JSON format, a more verbose format, QRadar
can analyze across 10 malicious files sent in from different parts of the world and see the
IBM Security Intelligence Platform Integration with FireEye MPS, eMPS and MA
appliances
Adobe overflow vector provided by FireEye is exactly the same across all 10 files
indicating a coordinated attack by the same group or malware authors.
These examples show how QRadar can leverage the value of best of breed products you
have already invested in throughout your infrastructure and combine that to enable you to
reach compliance and security goals.
Integrating FireEye MPS with QRadar enables protection against next generation threats
to be extended across the enterprise. QRadar benefits by getting a great source of data to
better highlight issues and generate offenses.
Related documents
SIEM Based Intrusion Detection
SIEM Based Intrusion Detection
Higher Education Case Study
Higher Education Case Study
Solution Brief for ObserveIT Enterprise
Solution Brief for ObserveIT Enterprise
Investigation Analysis System Data Sheet
Investigation Analysis System Data Sheet
File Content Security Data Sheet
File Content Security Data Sheet
Solution Brief for zScaler Nanolog Streaming Service
Solution Brief for zScaler Nanolog Streaming Service
Solution Brief for Damballa Failsafe
Solution Brief for Damballa Failsafe
Solution Brief for SourceFire Defense Center
Solution Brief for SourceFire Defense Center
Solution Brief for Fidelis XPS
Solution Brief for Fidelis XPS
Solution Brief for Cisco Ironport
Solution Brief for Cisco Ironport
View session overview, activities and output
View session overview, activities and output
SOW Milestone Template
SOW Milestone Template
ex series
ex series
Stress Management - Dr. Fayose
Stress Management - Dr. Fayose
Technology in Action
Technology in Action
Hacking the Street? FIN4 Likely Playing the Market
Hacking the Street? FIN4 Likely Playing the Market
FireEye Network Security Essentials Data Sheet
FireEye Network Security Essentials Data Sheet
C1000-156 QRadar SIEM V7.5 Administrator Sample Test
C1000-156 QRadar SIEM V7.5 Administrator Sample Test
b qradar gs guide
b qradar gs guide
b siem deployment
b siem deployment
Download
advertisement