Security intelligence for service providers

Similar documents
IBM QRadar SIEM. Detect threats with IBM QRadar Security Information and Event Management (SIEM) Highlights

IBM Cloud Object Storage and CTERA

Insights and analytics by IBM MaaS360 with Watson

IBM Digital Analytics Accelerator

Ensuring progress toward risk management and continuous configuration compliance

Making intelligent decisions about identities and their access

IBM Sterling B2B Integrator

IBM Software IBM Business Process Manager

White paper. Watson Virtual Agent: The Shortcut to Great Customer Service

White Paper. Sales analytics. The path to improving sales effectiveness

Solution Brief. The IBM Explorys Platform. Liberate your healthcare data

White paper. Watson Assistant: The Shortcut to Great Customer Service

Automate, manage and optimize business processes in the cloud

SunTrust Banks. Improving productivity, reducing vulnerability windows. Overview. Gaining control over a highly distributed environment

IBM PureApplication System

IBM MaaS360 Content Suite

IBM Cognos Analytics on Cloud Operate and succeed at a new business speed

IBM Prescriptive Quality on Cloud

The Co- operative Food enhances PCI DSS compliance

Transforming software delivery with cloud

Are You Ready For a New Era in B2B Collaboration?

IBM Planning Analytics

Smarter Commerce for healthcare and life sciences

IBM Intelligent Operations Center for Smarter Cities

IBM Db2 Warehouse. Hybrid data warehousing using a software-defined environment in a private cloud. The evolution of the data warehouse

IBM Business Automation Content Analyzer

WHITE PAPER. The next chapter of enterprise analytics and how payers can prepare

IBM Smarter Cities Public Safety Emergency Management

Cognitive enterprise archive and retrieval

IBM License Metric Tool

IBM Tivoli Endpoint Manager for Software Use Analysis

IBM Analytics Unleash the power of data with Apache Spark

TechnicalPitch Cibersegurança. Rui Barata Ribeiro Security Software Sales da IBM Portugal

IBM Systems Lab Services Systems Consulting. Proven expertise to help leaders design, build, and deliver IT infrastructure for the cognitive era

Increase operational efficiency with intelligent store support. A seamless, wall-to-wall support solution for technology inside the store

IBM Runbook Automation and IBM Alert Notification deliver more agile, automated operations management

IBM United States Software Announcement , dated October 25, 2016

Data Sheet. IBM Financial Transaction Manager. Deliver a fast and agile payments infrastructure

VP SECURITIES A/S cuts costs with modern development tools

IBM i2 Enterprise Insight Analysis

Security solutions White paper. Effectively manage access to systems and information to help optimize integrity and facilitate compliance.

White paper June Managing the tidal wave of data with IBM Tivoli storage management solutions

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Ensuring the health of endpoints in healthcare IT

IBM Data Security Services for activity compliance monitoring and reporting log analysis management

Embracing SaaS: A Blueprint for IT Success

IBM Maximo Asset Management solutions for the oil and gas industry

Industry Leaders Guide to Success in Omni-Channel Order Management

IBM Balanced Warehouse Buyer s Guide. Unlock the potential of data with the right data warehouse solution

2017 IBM Corporation. IBM s Journey to GDPR Readiness

BROCHURE. Explore the CuattroDR Digital Radiography Portfolio

IBM Workload Automation on Cloud delivers selfservice automation and scheduling optimization for hybrid IT

Transforming business processes and information by aligning BPM and MDM

The Top 5 Questions CIOs Ask About Moving to the Cloud

IBM Tivoli Endpoint Manager for Lifecycle Management

IBM Service Management Buyer s guide: purchasing criteria. Choose a service management solution that integrates business and IT innovation.

IBM Algo Managed Data Analytics Service

Oracle Management Cloud. The Next Generation of Systems Management

Adding MRO analytics to your ERP system

IBM Kenexa BrassRing on Cloud

IBM United States Software Announcement , dated March 27, 2018

Tivoli software for the midsize business. Increase efficiency and productivity manage IT with fewer resources.

Savvius and Splunk: Network Insights for Operational Intelligence

IBM Smarter systems for a smarter planet IBM workload optimized systems

IBM Global Business Services Microsoft Dynamics AX solutions from IBM

Dramatically improve the way work gets done with IBM Business Process Manager

The Cognitive Bank: Redefining banks and banking

IBM Cognos Controller Standard Reports

IBM Service Management solutions To support your IT objectives. Create and manage value throughout the entire service management life cycle.

Robotic process automation

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

IBM Marketing Cloud introduces IBM Real Time Personalization to enable marketers to deliver optimized content, tailored to each individual

Jaguar Land Rover cuts software validation time by up to 90 percent

Building smart products: best practices for multicore software development

SIEM Buyer s Guide. The Security Challenge Today

Adaptive work environments

Manage more data, meet healthcare regulations and improve availability

IBM _` iseries systems Retail

Predictive Analytics for Donor Management

IBM SPSS Statistics: What s New

Ford Motor Company keeps drivers connected

MANAGEMENT CLOUD. Manage the Modern Cloud with Oracle Management Cloud

Planning for the General Data Protection Regulation

Successful healthcare analytics begin with the right data blueprint

IBM MobileFirst Device Procurement and Deployment Services

Agilisys revolutionizes the way it delivers services to customers

IBM Sterling B2B Integrator for B2B Collaboration

IBM and SAS: The Intelligence to Grow

Oracle Management Cloud

Coca-Cola Bottling Co. Consolidated maximizes profitability

Technical White Paper. Metadata management. Ontologies, measures, registries, and patient attribution

Teradyne Corporation. Saving millions of dollars through integrated workplace management. Smart is...

IBM Cloud White Paper. How to get the benefits of cloud behind your firewall: IBM Cloud Private

IBM United States Software Announcement , dated August 21, 2018

IBM Tivoli Service Desk

Understanding Managed IT. Zyxel s Nebula Cloud-enabled Management Solution Brief for SMB s and Enterprise

Service management solutions White paper. Integrate systems management and predictive intelligence with IBM Service Management solutions.

THE MAROPOST GUIDE TO MARKETING AUTOMATION PLATFORMS

ORACLE FUSION FINANCIALS CLOUD SERVICE

IBM Cloud Resiliency Orchestration

Transcription:

Security Thought Leadership White Paper July 2015 Security intelligence for service providers Expanded capabilities for IBM Security QRadar including multi-tenancy, unified management and SaaS

2 Security intelligence for service providers Introduction The world is full of get rich quick schemes, but there are also some solid business opportunities. Case in point: the opportunity to provide Internet cyber-security solutions for midsized organizations. Weekly almost daily the headlines are about yet another massive security breach involving large and well-known companies or government agencies. The threat is real and there simply aren t enough skilled individuals to protect smaller businesses and public organizations against sophisticated cybercriminals. Midsized organizations in particular are rapidly recognizing significant barriers to detecting and responding to attacks, and they commonly suffer from a lack of trained resources that can safeguard their intellectual property or private customer data. Now, with the availability of cloud-based security solutions, a growing number of organizations are looking to managed service providers (MSPs) as the most effective and cost-efficient path to monitoring, detecting and remediating threats. However, MSPs face several challenges providing cloud-based security intelligence to their customer organizations. This quickly evolving market space requires: Flexibility to address a wide variety of customer needs and sizes, from small organizations to large enterprises Scalability to grow as needed, with the ability to easily add new customers and infrastructure as required Cost-effectiveness to be competitive in a rapidly growing market segment, and to improve margins by constantly increasing productivity Evaluating security intelligence platforms what to look for As an MSP deploying a security intelligence platform for your enterprise customers data, you want to offer a market-leading technology capable of detecting malicious activities and anomalous behaviors before any data is lost. It also should not require a small army to deploy and maintain it. IBM QRadar Security Intelligence Platform was designed from the ground up to address these requirements using automation, intelligence and integration. Plus, it includes multi-tenancy and a master management console to further improve your security and operations management capabilities. How QRadar Security Intelligence Platform can help QRadar Security Intelligence Platform delivers security and compliance benefits that are invaluable for businesses that today are collecting, processing, using and storing more information than ever before. This suite of IBM Security QRadar solutions provides a unified architecture for integrating security information and event management (SIEM), log management, anomaly detection, incident forensics and configuration and vulnerability management. By analyzing more types of data and using more analytics techniques, QRadar technology can provide network visibility that other solutions cannot often detecting threats that those solutions miss. QRadar uses real-time correlation and behavioral anomaly detection to identify advanced threats, allowing solutions to identify high-priority incidents among billions of data points.

Security 3 With a common application platform, database and user interface, QRadar technology delivers massive scalability without compromising the real-time intelligence of SIEM and network behavior analytics. It provides a common solution for searching, correlation, anomaly detection and reporting functions. A single, intuitive user interface provides seamless access to all log management, flow analysis, incident management, configuration and vulnerability management, risk management, forensics analysis, dashboard and reporting functions. IBM Security QRadar: Architected to meet the security needs of service providers MSPs can also take advantage of IBM Security Intelligence on Cloud, which is a security software-as-a-service (SaaS) offering. This enables the MSP to offer a SIEM solution for its clients and outsource the deployment and management infrastructure to IBM. It can scale up to meet dynamically changing business needs, removes the need for additional technical resources to monitor and manage the solution infrastructure, and allows the MSP to pay based on an operating expenditures model rather than making large capital investments. With QRadar, an MSP has the flexibility to manage security for a customer in the cloud, in an environment hosted by IBM, or on-premises at the client s location. Scalable appliance architecture Shared modular infrastructure Giving security analysts a management advantage QRadar solutions are simple to deploy and manage, offering extensive out-of-the-box integration modules and more than 700 pre-defined correlation rules based on known patterns of malicious behaviors to help identify attacks and potential network breaches. Upon implementation, these rules immediately find security issues, enabling service providers to take quick action by banning IP addresses and disreputable URLs, and by closing ports that would permit unauthorized traffic. Rules can also be shared across clients with similar characteristics for example, those in a particular industry vastly reducing the need for tuning on a client-by-client basis. Multi-tenant Scalable Automated enables secure, rapid and costeffective delivery of security intelligence services scales from smallest to largest customers with centralized management of single and multi-tenanted systems drives simplicity and accelerates time-to-value for service providers By automating many asset discovery, data normalization and tuning functions, while providing rules and reports, QRadar can dramatically reduce the time to value and complexities that can cripple other products. With QRadar automation, administrators can focus on delivering more accurate security monitoring for the entire organization.

4 Security intelligence for service providers Multi-tenancy for flexibility, scalability and economy A significant challenge to providing cloud-based security intelligence to midsized organizations is that one formula doesn t fit all. With QRadar, however, MSPs gain the flexibility to offer single-tenant deployments for clients that require their own dedicated instances of QRadar solutions, while still offering multi-tenant deployments for others. This gives providers the power to optimize their delivery infrastructure based on their customers needs. Another critical issue is data separation. Until recently, singletenant architectures guaranteed dedicated infrastructure resources and data separation to each supervised environment. Increasingly, MSPs now are rapidly adopting cost-efficient, multi-tenant environments that allow infrastructure to be shared while still separating data much as virtualization divides a single physical server into multiple isolated virtual environments. Broadening the market reach with scalability is also a concern. QRadar enables service providers to add multi-tenant customers with ease by using templated configurations and then to serve them more quickly and effectively with standardized security checks without having to add infrastructure to accommodate the growing business. But most importantly, there is the need to overcome the economic squeeze felt by many providers. If they can t amortize infrastructure cost across large numbers of customers, MSPs struggle to control costs. The multi-tenancy capability of QRadar enables them to either lower prices, increase profitability or both. This helps bring cloud-based security services within the reach of more prospective clients while freeing budgets so providers can deploy best-in-class security solutions. Domain segregation, the enabler of multi-tenant deployments The muti-tenancy capability in QRadar is based on the use of domains. QRadar employs domains to help recognize which IP addresses are associated with which customers. Domains also allow service providers to support each customer s unique security concerns and risks. Domains can be defined at three different levels: Collector level. A service provider can have a dedicated QRadar event or flow collector assigned to a particular customer, which allows that customer s events to be automatically assigned to a domain. Source level. A service provider can also assign logs and flows to a client s domain based on data source. For example, if client A and client B are sharing the same QRadar infrastructure, logs and flows originating from Client A can be assigned to a domain dedicated only to Client A. Similarly, Client B would have its own domain. If a log or flow source is detected that has no domain assignment, this data can be assigned to a default domain and later placed in the proper domain by an administrator. Properties level. For added flexibility, if a service provider has an infrastructure shared by multiple customers, or is aggregating data sources, the MSP can use properties to associate that data with a domain. For example, an MSP may have a single intrusion prevention system (IPS) supporting multiple customers, so there may be a property in the IPS log that denotes which network segment (and customer) an alert applies to.

Security 5 The building blocks of IBM Security QRadar multi-tenancy Collector level Source level Properties level QRadar QRadar QRadar Domain A Domain B Domain A Source 1 Source 2 Domain B Source 3 Log source 4 Domain A Property i Domain B Property ii Property iii Once domains have been defined and associated with a customer, QRadar enables the service provider to create a security profile for those domains. This allows customers to have individual access to their own domains, and it supports onboarding new users, giving them appropriate access to their data. Master console, a unified view for efficiency and responsiveness Until recently, prevailing technology has forced providers to use a one customer/one console/one analyst model. To serve multiple customers, however, this approach requires multiple consoles and involves higher costs. With the QRadar master console, MSPs gain the advantage of a single view across multiple QRadar deployments, giving them a 360-degree view of all their customers from just one console regardless of whether a customer is utilizing a single- or multi-tenancy deployment.

6 Security intelligence for service providers Master console: A single view across IBM Security QRadar deployments QRadar QRadar QRadar IBM Security Intelligence on Cloud Network A Network B Network C Network D Network E Serving as an aggregation point, the console provides centralized health and system monitoring, as well as a centralized way to view and manage offenses. The single view can help providers understand and standardize on the common threat detection capabilities that may be required to serve their customers. Using an established remediation plan, analysts can then quickly push remediation actions out to multiple customers. This not only speeds response, but also reduces risk while requiring fewer resources to handle the exploit. The master console can create dramatic cost efficiencies by reducing the number of skilled analysts required to monitor and manage the customer portfolio. With only one console acting as an aggregation point, a single analyst can manage many clients simultaneously.

Security 7 Master console: System functions monitored together Master console: Management capabilities displayed together Log management Security intelligence Network activity monitoring Risk management Vulnerability management Network forensics

Flexible pricing and snap-on horizontal scalability The need for large capital expenditures adds complexity and can hinder growth. To relieve this pressure, QRadar enables service providers to make fixed monthly payments that make budgeting easier and conserve scarce resources. To scale, providers simply turn on the licensing key to add capabilities. Adding new instances of QRadar is easy as well with true snap-on horizontal scalability. Conclusion When selecting a platform for security intelligence services, service providers must consider several critical capabilities. A mixed-tenancy environment that supports both single- and multi-tenant clients can help optimize infrastructure, lower costs, increase profits and provide greater flexibility. In addition, a unified console that allows a single analyst to manage multiple clients can simultaneously reduce costs and make management more efficient. Other critical features include rule-based security, robust reporting, flexible pricing, snap-on horizontal scalability and a wide range of device integration and APIs. QRadar solutions are ideal for service providers. Easy to deploy and use, QRadar provides a broad set of integrated capabilities, including log management, next-generation SIEM, vulnerability management, advanced network activity monitoring, risk management and forensics analysis. QRadar provides a growth-ready platform that can easily scale to meet the needs of MSPs for the long term. For more information To learn more about QRadar, please contact your IBM representative or IBM Business Partner, or visit: ibm.com/software/products/en/category/security-intelligence Copyright IBM Corporation 2015 IBM Security Route 100 Somers, NY 10589 Produced in the United States of America July 2015 IBM, the IBM logo, ibm.com, QRadar, and X-Force are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at Copyright and trademark information at ibm.com/legal/copytrade.shtml This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED AS IS WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. Please Recycle WGW03127-USEN-00

Worksmarter AtInsight,we lhelpyousolvechalengesandimprove performancewithinteligenttechnologysolutions. Learnmore

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback