IBM CloudPak for Security

Overview and Pricing

IBM Qradar
MVS Pricing

Hrvoje Pavicic, IBM SEE Security Leader

hrvoje.pavicic@hr.ibm.com
Cloud Paks – Pre-integrated for cloud use cases

Cloud Pak for Cloud Pak for Cloud Pak for Cloud Pak for Cloud Pak for Cloud Pak for
Applications Data Integration Automation Multicloud Security
Management
Transform
Build, deploy, Collect, Integrate business Multicloud Connect security
and run organize, and applications, processes, visibility, data, tools and
applications analyze data data, and APIs decisions, governance, and workflows
and content automation

IBM containerized IBM containerized IBM containerized IBM containerized IBM containerized IBM containerized
software software software software software software

Container Container Container Container Container Container

platform and platform and platform and platform and platform and platform and
operational services operational services operational services operational services operational services operational services

IBM AWS Microsoft Google Private IBM Z End points

public cloud Azure Cloud IBM LinuxOne
IBM Power Systems

2
Cloud Pak for
Security
Unified Interface
Threat Intelligence Data Explorer: Resilient SOAR: QRadar
Insights: Prioritized, Federated Incident response and • Event Analytics
Security capabilities
actionable threat search for team collaboration • Flow Analytics
intelligence investigation

Core platform services Universal data insights | Security orchestration & automation | Development framework

Open Hybrid Multicloud Platform

Hybrid multicloud
architecture
˝ AWS Microsoft Google
Azure Cloud

Open integration with

existing security detection QRadar Guardium
tools and data sources
IBM Security / © 2019 IBM Corporation

*Available post-GA
 Cloud Pak for Security - Threat Intelligence Insights

Prioritized, actionable threat intelligence

• Prioritize threats with X-Force

Threat Score, an adaptive score,
calculated based on your
relevance, severity, penetration,
impact and actual environmental
sightings

• Identify threats active in your

environment with Am I Affected,
which runs continuous and
automated searches across
connected data sources

IBM Security / © 2020 IBM Corporation

 Cloud Pak for Security - Data Explorer

Federated search & investigation

• Run queries and find
insights against multiple
data sources without
moving your data

• Investigate from a single,

unified interface to
search threats and IOCs
• Immediately see the
attributes in a log and
pivot to discover
statistically relevant
attributes

10

IBM Security / © 2020 IBM Corporation

 Cloud Pak for Security - Case Management

Orchestration, automation, and response

• Reduce time to respond to and
remediate complex cyber threats
by automating Incident Response
processes with robust case
management and tasks

• Streamline and automate manual

and repetitive tasks such as IOC
enrichment
• Prioritize analyst workload on high-
value investigation and response
activities by guiding analyst
response

11

IBM Security / © 2020 IBM Corporation

 How IBM Cloud Pak for Security connects data and workflows
Run anywhere Gain security insights Take action faster

Unified Federated Streamline

Security
Interface Investigation Remediation
Analyst

Threat Intelligence Data Explorer Cases Resilient*

Insights
STIX translation to Data sources search
invoked in parallel Offers context to
natural source
the investigation

Native results Results translated Red Hat

Data Sources sent back
Data
back to STIX
Universal Asset Ansible
Security Tools Connector Data Search Database
SIEM
EDR
Data Privacy
Assets, risks and vulnerabilities
Analytics Platforms normalized and organized

Data sources run

search natively

IBM Security / © 2020 IBM Corporation

* May 2020
How is Cloud Pak for Security Licensed
We only count Protected
Physical, Virtual and
Cloud Servers in your
organization.

End User machines

Cloud Pak WebSphere Line of AWS Line HR
Business Exchange
for Data of Business Application
Application Server
Application Network devices
Firewalls Routers
IBM Security / © 2019 IBM Corporation
Switches POS 13
How is Cloud Pak for Security Licensed
Cloud Pak for Security Gen 2
– ADD PACKAGES

Resilient* Threat
Unified Interface Intelligence
VM Standard (Free) D27Q1LL
Data Cases Threat
Intelligence
Incident Response IBM Cloud Pak for Security (Gen 2) 100
Explorer Threat
Managed Virtual Server License + SW
(Security Orchestration &
Insights Automation)
(TII)
Intelligence
Resilient (SOAR)
Advanced Subscription & Support 12 Months
QRadar
NEW
VM IBM Security
Expert on
3.300 - 4.100 EUR
Open Hybrid Multicloud Platform
Demand

Ratio Table
CP4S Components Metric # of MVS Licenses
Data Explorer (DE) MVS 1
Total number of servers in Company SOAR (Resilient) MVS 10
Threat Intel Insight (TII) MVS 1
Exceptionally can exclude servers based on:
Qradar: MVS
• Geography (i.e. servers in different country) • Event Analytics 12
• Flow Analytics 7
• Business Unit (i.e. servers in R&D, ...) Total MVS 31
Qradar MVS licensing

• What does it mean – unlimited?

• For licensed number of servers – unlimited Events Processing
• For licensed number of servers – unlimited Flows processing
• When to offer:
• New Qradar deployments
• When present Qradar deployment has to be upgraded with new
capacity
Pricing example – New deployment

Total number of servers = 300 servers

• QRadar Event Analytics = 300 x 12 = 3.600 MVS
• QRadar Flow Analytics = 300 x 7 = 2.100 MVS
• Total CP4S = 5.700 MVS

57x D27Q1LL IBM Cloud Pak for Security (Gen 2) 100 Managed
Virtual Server License + SW Subscription & Support
12 Months
IBM Security / © 2019 IBM Corporation 16
Pricing example – Trade-up from present deployment

• Qradar Today (S&S) => Install lic, 2.5k EPS, 40k FPM, 1 Node
• Total number of servers = 500 servers
After Trade-up process
• Trade-up MVS licenses = 7.200 MVS (11k EUR cost)
• Total CP4S needed = 500 x 12 + 500 x 7 = 9.500 MVS
• Additional license to buy = 9.500 – 7.200 = 2.300 MVS

23x D27Q1LL IBM Cloud Pak for Security (Gen 2) 100 Managed Virtual
Server License + SW Subscription & Support 12 Months
(92k EUR LP)
IBM Security / © 2019 IBM Corporation 17
Thank you

Follow us on: © Copyright IBM Corporation 2020. All rights reserved. The information contained in these materials is provided for
informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of
direction represents IBM’s current intent, is subject to change or withdrawal, and represent only goals and objectives.
ibm.com/security IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines
Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks
or service marks of others.
securityintelligence.com Statement of Good Security Practices: IT system security involves protecting systems and information through
prevention, detection and response to improper access from within and outside your enterprise. Improper access can
result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your
ibm.com/security/community systems, including for use in attacks on others. No IT system or product should be considered completely secure and no
single product, service or security measure can be completely effective in preventing improper use or access. IBM
systems, products and services are designed to be part of a lawful, comprehensive security approach, which will
xforce.ibmcloud.com necessarily involve additional operational procedures, and may require other systems, products or services to be most
effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise
immune from, the malicious or illegal conduct of any party.
@ibmsecurity
youtube.com/ibmsecurity