Scribd Logo
Upload

Welcome to Scribd!

  • 4 views

    W3 Activity IAAS312

    Uploaded by

    Dazai Osamu

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    W3 Activity IAAS312

    Uploaded by

    Dazai Osamu
    4 views2 pages

    Original Title

    W3_Activity_IAAS312

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    4 views2 pages

    W3 Activity IAAS312

    Uploaded by

    Dazai Osamu

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 2

    Manuntag, Miles Ian 02/26/22

    BSIT 3Y-2

    IBM Security QRadar

    IBM Security® QRadar® Security Information and Event Management (SIEM) helps security
    teams detect, prioritize and respond to threats across the enterprise. As an integral part of your
    zero trust strategy, it automatically analyzes and aggregates log and flow data from thousands of
    devices, endpoints and apps across your network, providing single alerts to speed incident
    analysis and remediation. QRadar SIEM is available for on-prem and cloud environments.

    Its function is:

    1.) Intelligent insights across environments - Provides visibility and applies context to on-
    prem and cloud-based resources; leverages continuous monitoring for a zero trust
    approach to security.
    2.) Built-in analytics to accurately detect threats - Analyzes network, endpoint, asset,
    user, risk and threat data to uncover known and unknown threats; speeds time to value.
    3.) Correlation of related activities - Identifies and tracks related activities throughout the
    kill chain; provides end-to-end visibility into a potential incident from a single screen.
    4.) Automatic parsing and normalizing of logs - Automatically makes sense of data from
    disparate sources; provides an easy-to-use editor to quickly onboard custom log sources
    for analysis.
    5.) Threat intelligence and support for STIX/TAXII - Includes threat intelligence from
    IBM Security™ X-Force®; enables clients to integrate additional threat intelligence
    feeds via STIX/TAXII.
    6.) Out-of-the-box integration with 450 solutions - Provides over 450 integrations, APIs
    and an SDK to speed data ingestion, drive deeper insights and extend the value of
    existing solutions.
    7.) Multiple deployment options - Offers flexible architecture for varied deployment and
    scaling needs; can be delivered as hardware, software or VM for on-prem or IaaS
    environments.
    8.) Highly scalable, self-managing database - Streamlines management so teams can focus
    on operations; no dedicated database admins required, even at scale; helps reduce total
    cost of ownership.

    Disadvantages of IBM Security QRadar:

    1.) Very slow product built on older technology. Collecting logs from Windows is very
    painful and archaic.
    2.) This is not the case where you can point-and-click a few things and have a system that
    alerts you properly when attacks are taking place.
    3.) The correlation was difficult with IBM QRadar. Even we bought the number one SIEM
    in the industry, we need to do the correlation part to fine-tune the SIEM to get the
    valuable output. So, the correlation was difficult with IBM QRadar.
    4.) Sometime uses more resources. The user manual can be more detailed.

    Reference:

    https://www.ibm.com/qradar/security-qradar-siem
    https://www.ibm.com/qradar/security-qradar-siem/features

    You might also like