IBM Security QRadar SIEM and Fidelis Security Systems, Fidelis
XPS
Introducing new functionality for IBM’s QRadar Security Intelligence Platform: IBM
Security QRadar SIEM now integrates with Fidelis Security Systems’ Fidelis XPS.
IBM Security QRadar SIEM provides
• Integrated log, threat, compliance management
• Asset profiling and flow analytics
• Offense management and workflow
QRadar SIEM allows single pane troubleshooting of issues to create a Security
Operations Center (SOC). Its powerful rules engine correlates data, detects anomalies
and generates a manageable list of the highest priority risks requiring investigation and
remediation. Here are some real world examples of the benefits customers see when
combining these products together.
Fidelis XPS™ is the industry’s only network security appliance with the power to deliver
network visibility, analysis, and control over all ports and all channels in real-time, to
defend against advanced threats and prevent the possibility of a data breach on multigigabit-speed networks. Fidelis XPS provides visibility and control over the entire
lifecycle of the threat, over malware and non-malware based threats, and over ports and
protocols. Threats are identified using a combination of deep, real-time inspection of all
applications and content traversing the network.
The following use cases are examples of how QRadar can leverage the value of best of
breed products, such as Fidelis XPS, which customers have already invested and
deployed throughout their infrastructure. QRadar and Fidelis Security Systems combine
to enable customers to reach compliance and security goals.
1. Advanced threat defense
Fidelis Security Systems’ Fidelis XPS analyzes network traffic and activity and sends
QRadar SIEM events that are generated as a result of policy violations. Violations
result in actions such as alert, alert and prevent, alert and throttle, alert and quarantine
and alert and reroute, depending on the policies customers set up. QRadar SIEM may
receive an event such as an alert that a malware executable was detected on a critical
server running SAP. When combined with flows identifying that traffic came from
China, and an identified vulnerability on the SAP server, customers have the forensic
details enabling them to remediate the threat.
IBM Security QRadar SIEM and Fidelis Security Systems, Fidelis
XPS
2. Data Breach Prevention
Fidelis XPS can also send events that alert on policy violations relating to employee
use of network applications and extrusion of corporate digital assets. In this use case,
Fidelis XPS can alert when an employee has been using a peer-to-peer application
and confidential information flagged by XPS has been accessed. When combined
with QRadar SIEM’s confirmation from QFlow data that the P2P application has
been used by the employee on several occasions after hours and that a file containing
confidential information was transmitted to users outside the corporate network, a
SOC staff member can further investigate the activities of the employee.
3. Identify a false positive
Fidelis XPS sends an event that alerts of Malware with a low priority, due to
encrypted PDF files being received. A look at flows indicate that this activity occurs
every two weeks at the same time and that the IP address is from India. An
investigation of the QRadar asset database indicates that the server receiving these
files belongs to the documentation team. A partner is based in India and so the
system can be tuned to recognize this as a false positive.
Integrating Fidelis XPS with QRadar enables advance threat defense and data breach
prevention to be extended across the enterprise to meet complex security threats.
QRadar benefits by getting a great source of data to better highlight issues with offenses.