Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Sqrrl and IBM: Threat Hunting for QRadar Users

866 Aufrufe

Veröffentlicht am

This joint webinar, in collaboration with IBM, offers a look at the industry leading Threat Hunting App for IBM QRadar. By combining the threat detection capabilities of QRadar and Sqrrl, security analysts are armed with advanced analytics and visualization to hunt for unknown threats and more efficiently investigate known incidents.

Watch the training with audio here: http://info.sqrrl.com/sqrrl-ibm-threat-hunting-for-qradar-users

Veröffentlicht in: Software
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Sqrrl and IBM: Threat Hunting for QRadar Users

  1. 1. Threat Hunting for IBM QRADAR October 2016 | Target. Hunt. Disrupt.
  2. 2. © 2016 Sqrrl Data, Inc. All rights reserved. 2 Presenters Luis Maldonado VP Products, Sqrrl RussWarren Manager ofTechnologies Alliances, IBM
  3. 3. 3 Are you prepared? What was the impact to the organization? What security incidents are happening right now? Are we configured to protect against advanced threats? What are the major risks and vulnerabilities? Security Intelligence with IBM Sense Analytics Leverage behavior and anomaly detection to sense changes and detect threats early • Gain visibility and identity security gaps • Detect deviations from the norm (i.e. APTs) • Prioritize vulnerabilities and close critical exposures before exploit • Automatically detect and prioritize threats • Gather full situational awareness • Perform forensic investigations; develop and execute incident response plans Exploit Remediation REACTION / REMEDIATION PHASE Post-ExploitVulnerability Pre-Exploit PREDICTION / PREVENTION PHASE
  4. 4. 4 Sense Analytics Threat Detection One Platform, Unified Visibility The Power to Act – at Scale  Behavioral  Contextual  Temporal  Extensible  Scalable  Easily deployed  Prioritization  Collaboration of threat data  Automated response Sense and act on cyberthreats IBM QRadar: Security Intelligence with Sense Analytics
  5. 5. 5 Prioritized incidents Incident identification • Extensive data collection, storage, and analysis • Real-time correlation and threat intelligence • Automatic asset, service and user discovery and profiling • Activity baselining and anomaly detection Embedded Intelligence QRadar Sense Analytics Servers and mainframes Data activity Network and virtual activity Application activity Configuration information Security devices Users and identities Vulnerabilities and threats Global threat intelligence EXTENSIVE DATA SOURCES IBM Sense Analytics Advanced analytics for threat prevention, detection, and response
  6. 6. 6 Answering questions to help prevent and remediate attacks
  7. 7. 7 MILLION unfilled security positions by 2020 1.585security tools from 45vendors PERCENT of CEOs are reluctant to share incident information externally 68 Traditional security practices are unsustainable
  8. 8. 8 Complexity Cost Agility Effectiveness Number of products over time Cost and complexity rise
  9. 9. 9 Security Analytics Threat Intelligence Mobile Cloud Mobile Cloud Security Analytics Threat Intelligence Security Analytics Indicators of compromise Firewalls Incident and threat management Virtual patching Sandboxing Network visibility Access management Entitlements and roles Identity management Workload protection Cloud access security broker Privileged identity management Data access control Application security management Application scanning Data monitoring Transaction protection Device management Content security IP reputation Threat sharing Criminal detection Fraud protection Endpoint patching and management Malware protection Antivirus Anomaly detection Vulnerability management Incident response Log, flow, data analysis Threat hunting An integrated and intelligent security immune system
  10. 10. 10 IBM Security Application Exchange
  11. 11. SQRRLTHREAT HUNTING FOR QRADAR
  12. 12. © 2016 Sqrrl Data, Inc. All rights reserved. 12 What isThreat Hunting? Iterative Human-driven Analytical Proactive
  13. 13. © 2016 Sqrrl Data, Inc. All rights reserved. 13 Threat Hunting Maturity Model
  14. 14. © 2016 Sqrrl Data, Inc. All rights reserved. 14 Threat Hunting Process UEBA and Risk Scores Behavior Graph and Linked Data
  15. 15. © 2016 Sqrrl Data, Inc. All rights reserved. 15 Sqrrl Behavior Graph KEY CAPABILITIES: • Linked data models • Visualization, exploration, search • Adversarial behavior analytics • Big data elastic scalability Unique approach to security data
  16. 16. © 2016 Sqrrl Data, Inc. All rights reserved. 16 Threat Hunting Use Cases and Capabilities WORK- FLOW
  17. 17. © 2016 Sqrrl Data, Inc. All rights reserved. 17 The SqrrlThreat Hunting Platform SECURITY DATA NETWORK DATA ENDPOINT/IDENTITY DATA Firewall / IDS Threat Intel Processes HR Bro SIEM Alerts NetflowProxy Authentication BEHAVIOR GRAPH
  18. 18. © 2016 Sqrrl Data, Inc. All rights reserved. 18 QRadar / Sqrrl Reference Architecture QRadar Console Sqrrl Console Event Collector 1 Sqrrl Enterprise Event Processor(s) AnalyticsData, Offenses Pivot for hunting and investigations Event Collector 2 QRadar Event Collectors Event Collector n © 2016 Sqrrl Data, Inc. All rights reserved.
  19. 19. DEMONSTRATION
  20. 20. © 2016 Sqrrl Data, Inc. All rights reserved. 20 ThankYou! HowTo Learn More? Go to the IBM SecurityApp Exchange (https://exchange.xforce.ibmcloud.com/) to… • Download the SqrrlThreat Hunting Solution datasheet • Sign up for software access • View the solution demo Go to sqrrl.com to… • Download Sqrrl’sThreat Hunting eBook • Download Sqrrl’sThreat Hunting White Paper • Reach out to us at info@sqrrl.com © 2016 Sqrrl Data, Inc. All rights reserved.

×