IBM QRadar 1) Introduction
※ 한글로 보기
This article will explain about IBM QRadar that belong SIEM(Security Information Event Management) solution.
If you want to know about SIEM, please see below link.
http://justckh.blogspot.kr/2013/09/siemsecurity-information-event.html
Firstly, QRadar is placed on 'leaders' group with HP Arcsight, McAfee from report of Gartner research organization.
※ Source : Gartner
This graph shows you Splunk and LogRhythm are placed on 'leaders' group also.
QRadar was developed from Q1labs for many years, IBM token over Q1labs on 2012.
IBM that have QRadar is trying and planning to place QRadar on top of IBM Security Systems.
So, QRadar is placed on 'Security Intelligence and Analytics' as below image.
It is used for analystic threat and report threat automatically to us about People, Data, Application, Infrastructure fields.
※ Source: IBM
Basic process is same as other SIEM solutions.
※ Source : IBM
'Collecting all logs, Analyze collection, Finding attack / threat'
QRadar show potential threat, practical threat using 'Offense' option'
This Offense are made by Custom Rules.
When QRadar collect log data, QRadar judgement either threat or non-threat using Custom Rules.
It can be level of threat for just one log, It can find offenses after analyse using time relation, and other logs relation.
Offense option is key function in QRadar.
IBM has X-Force security research institute, they work for new security trends, threat to update QRadar Rules.
It means QRadar can find new threat as many of APT(Advanced Persistence Threat) attacks, but You have not to be overcredulous because It can be correctness data.
Offense can be correctness data as other Security solutions.
QRadar makes offense using logs that other solution send message to QRadar, If this message is incorrect, QRadar can't assure accuracy about Offense data.
QRadar has many functions, I will tell you about Flow function in this part.
Flow function is to analyze Network Traffic. QRadar can view Layer 7 data, so It can find threat that be not able to find threat using only log data.
For example, there is one client that drain out company data using network regularly, QRadar can know how many data was out.
And It can show history about usage of network application, usage of traffic for time series.
This function works for advantage to find threat that log data can't find.
Add to this, QRadar can scan vulnerability on Infrastructure to manage vulnerability or Offense.
QRadar don't stop to use vulnerability to use only detect, It is used for managing vulnerability also.
This posting includes introduction of QRadar.
I will post detail function of QRadar next time.
Related Links
IBM QRadar 2) Main feature
This article will explain about IBM QRadar that belong SIEM(Security Information Event Management) solution.
If you want to know about SIEM, please see below link.
http://justckh.blogspot.kr/2013/09/siemsecurity-information-event.html
Firstly, QRadar is placed on 'leaders' group with HP Arcsight, McAfee from report of Gartner research organization.
※ Source : Gartner
This graph shows you Splunk and LogRhythm are placed on 'leaders' group also.
QRadar was developed from Q1labs for many years, IBM token over Q1labs on 2012.
IBM that have QRadar is trying and planning to place QRadar on top of IBM Security Systems.
So, QRadar is placed on 'Security Intelligence and Analytics' as below image.
It is used for analystic threat and report threat automatically to us about People, Data, Application, Infrastructure fields.
Basic process is same as other SIEM solutions.
※ Source : IBM
QRadar show potential threat, practical threat using 'Offense' option'
This Offense are made by Custom Rules.
When QRadar collect log data, QRadar judgement either threat or non-threat using Custom Rules.
It can be level of threat for just one log, It can find offenses after analyse using time relation, and other logs relation.
Offense option is key function in QRadar.
IBM has X-Force security research institute, they work for new security trends, threat to update QRadar Rules.
It means QRadar can find new threat as many of APT(Advanced Persistence Threat) attacks, but You have not to be overcredulous because It can be correctness data.
Offense can be correctness data as other Security solutions.
QRadar makes offense using logs that other solution send message to QRadar, If this message is incorrect, QRadar can't assure accuracy about Offense data.
QRadar has many functions, I will tell you about Flow function in this part.
Flow function is to analyze Network Traffic. QRadar can view Layer 7 data, so It can find threat that be not able to find threat using only log data.
For example, there is one client that drain out company data using network regularly, QRadar can know how many data was out.
And It can show history about usage of network application, usage of traffic for time series.
This function works for advantage to find threat that log data can't find.
Add to this, QRadar can scan vulnerability on Infrastructure to manage vulnerability or Offense.
QRadar don't stop to use vulnerability to use only detect, It is used for managing vulnerability also.
This posting includes introduction of QRadar.
I will post detail function of QRadar next time.
Related Links
IBM QRadar 2) Main feature
Categories:
Security
Thanks for sharing nice information.
ReplyDeleteCCTV security camera suppliers
Thanks for sharing nice information.
ReplyDeleteCCTV security camera suppliers