Health Check Framework for QRadar (HCF for QRadar) is ScienceSoft’s proprietary solution that facilitates SIEM monitoring and enables a deep automated analysis of QRadar deployments (including distributed environments) through 60+ performance metrics and 25 health markers. The tool helps to reveal QRadar’s functional issues and continuously fine-tune a SIEM system to ensure its conformity to a particular IT network and ensure a shellproof security of a corporate IT environment.

1. www.scnsoft.com © 2017 ScienceSoft ®
Health Check Framework
for IBM QRadar SIEM
PRODUCT OVERVIEW

2. www.scnsoft.com © 2017 ScienceSoft ®
“SIEM products are complex and tend to become more so as vendors
extend capabilities. Vendors that are able to provide effective products
that users can successfully deploy, configure and manage with limited
resources will be the most successful in the market.”
Introduction
Gartner Magic Quadrant for Security Information and Event Management, 2016
Dr. Anton Chuvakin, Research VP at Gartner
“Measuring SIEM health and operations is still an emerging art.”

3. www.scnsoft.com © 2017 ScienceSoft ®
Executive Summary
Health Check Framework for QRadar SIEM (HCF) is a monitoring
instrument that allows for quick fine-tuning of QRadar SIEM deployments
Participates in “Ready for IBM Security Intelligence” program and IBM
AppExchange; used by Fortune 500 companies, government agencies,
MSP providers
Provides 60+ QRadar performance metrics and 25+ health markers for
on-the-fly performance assessment and configuration fine-tuning
Makes administration of QRadar SIEM deployments quicker and simpler,
cuts administration time, increases QRadar ROI and user satisfaction

4. www.scnsoft.com © 2017 ScienceSoft ®
HCF for QRadar SIEM
SITUATION: QRadar SIEM deployments suffer from:
 inefficient EPS license capacity utilization
 low log data quality and performance
 security events omission
 misfiring rules
 heavy rules and reports
SOLUTION: HCF for QRadar SIEM
 includes 60+ performance metrics, 25 Health Markers
 enables fast fine-tuning that increases ROI
 ensures that your QRadar SIEM runs efficiently and your
SOC team is available for important tasks
PROBLEM: vulnerable perimeter, costly SIEM administration, low SIEM ROI

5. www.scnsoft.com © 2017 ScienceSoft ®
Automated QRadar SIEM Monitoring
HCF for QRadar analyzes QRadar performance
within its environment and detects deviations
HCF for QRadar generates a detailed report and
notifies your security team about issues to attend to
HCF for QRadar suggests further remediation steps
to restore faultless operability of your SIEM system

6. www.scnsoft.com © 2017 ScienceSoft ®
HCF Report
Each report generated by HCF for QRadar
contains a detailed analysis with the following
performance indicators:
Console summary of the system’s state
(e.g. number of active log sources and
assets, storage and memory available,
top 10 unique offences)
Log sources statistics
Events and rules
EPS and FPM statistics
Data quality, etc.

7. www.scnsoft.com © 2017 ScienceSoft ®
HCF Report: Console Summary
Console Summary provides a dynamic view of the system performance
and enables stakeholders to respond to offenses nearly in real time

8. www.scnsoft.com © 2017 ScienceSoft ®
HCF Report: Log Sources
This report section provides a holistic view of active, inactive, disabled, last
added, deleted, modified log sources and protocol configuration errors

9. www.scnsoft.com © 2017 ScienceSoft ®
HCF Report: Events and Rules
Events and Rules show how fast correlation rules are executed, their
response time, the number of responses per correlation rule, as well as
reveal average and peak EPS from log within a specified timeframe, etc.

10. www.scnsoft.com © 2017 ScienceSoft ®
HCF Report: EPS and FPM Statistics
EPS and FPM Statistics reflect the amount of events and flows processed
over a certain period of time, thus alerting security specialists when the
enabled licenses don’t match the real incoming amount of log data

11. www.scnsoft.com © 2017 ScienceSoft ®
HCF Report: Data Quality
Data Quality reports the quality of data received from various device
types / log sources and the amount of log events that are collected but are
not properly normalized and parsed by QRadar

12. www.scnsoft.com © 2017 ScienceSoft ®
Health Markers
HCF for QRadar summarizes the status of all the important QRadar metrics in
the form of 25 Health Markers. In case a marker shows Failed, HCF for
QRadar sends an automatic warning with the description and basic
recommendations for fixing the issue

13. www.scnsoft.com © 2017 ScienceSoft ®
Challenges Solved with HCF for QRadar
Unsupported and
uncategorized security events
Misconfigured, unsupported
or unidentified log sources
Inadequate/unsatisfactory
log and event data quality
Improperly fine-tuned
correlation rules
SIEM system overload
Ineffective EPS capacity
utilization
!
!
!
!
!
!

14. www.scnsoft.com © 2017 ScienceSoft ®
HCF Value for Security Teams
Better control of
QRadar deployments
Increased log
data quality
Improved EPS license
capacity utilization
Less manual
routine work
Host overload
protection
Prompt diagnostics of
security attacks and threats

15. www.scnsoft.com © 2017 ScienceSoft ®
HCF Value for Security Decision Makers
Improved visibility of security
events
Less time, efforts, budget spent on
QRadar maintenance/ tuning
Improved effectiveness of security
teams and SOCs
Efficient planning and management
of QRadar investments
Higher ROI from QRadar
SIEM

16. www.scnsoft.com © 2017 ScienceSoft ®
HCF Value for IBM Business Partners
Improved
performance of
QRadar consultants
Increased customer
satisfaction and reduced
customer attrition
New upsell
and cross-sell
opportunities

17. www.scnsoft.com © 2017 ScienceSoft ®
Integration into QRadar Console
To ensure a flexible setup and tuning of your HCF for QRadar, we created
Health Check Framework Manager
DOWNLOAD
The application is
validated by IBM and
available for download at
IBM Security App
Exchange

18. www.scnsoft.com © 2017 ScienceSoft ®
The plugin brings you information that
you would need to spend hours trying to
find in the complicated QRadar log files
A super-useful set of reports and
metrics for QRadar SIEM
What Our Customers & Partners Say
Dr. Anton Chuvakin,
Research VP at Gartner
“
Ricardo Reimao,
Cybersecurity specialist at QRadar Insights
“
“ “

19. www.scnsoft.com © 2017 ScienceSoft ®
More Information on HCF for QRadar
HCF for QRadar at IBM Security
App Exchange
Detailed description and sample
reports of HCF for QRadar
HCF for QRadar installation guide
HCF for QRadar on QRadar
Insights

20. www.scnsoft.com © 2017 ScienceSoft ®
Success Story
Customer
Solution
Tools & Technologies
One of the largest banks in North America providing
services to 15+ million clients. The company is in the
top 100 on the 2016 Forbes Global 2000 list
HCF for a Major North American Bank
ScienceSoft implemented Health Check Framework for
QRadar with the following characteristics:
• 40+ hosts
• 40,000+ log sources
• 2,500,000+ assets
• 15,000+ average EPS
• 60+ QRadar users

21. www.scnsoft.com © 2017 ScienceSoft ®
Key Facts about ScienceSoft
ScienceSoft is an IBM Silver Business Partner that has been working in the
Security Intelligence area since 2004 and has over 30 IBM QRadar projects
behind its belt
450+
employees
Customers in 30+ countries,
including Fortune 500 companies
13 years in Information Security,
28 years in the IT market

22. www.scnsoft.com © 2017 ScienceSoft ®
Contact Us
SCIENCESOFT Finland
Myyrmäenraitti 2
01600 Vantaa, Finland
Phone: +358 92 3163070
Email: contact@scnsoft.fi
Web: www.scnsoft.com
SCIENCESOFT USA
5900 S. Lake Forest Dr., Suite 300
McKinney, TX 75070, USA
Phone: +1 214 306 68 37
Email: contact@scnsoft.com
Web: www.scnsoft.com