SIEM

Solutions by IBM

IBM is one of the largest companies in the fields of research, development and implementation of security tools.

QRadar SIEM

It is a part of the products belonging to the IBM Security portfolio The QRadar SIEM architecture is variable according tot he organisation’s needs in the form of hardware, software and virtualised integrated solutions.

Main characteristics:

  • Immediate normalisation and correlation of events
  • Correlation of weak sports in the system security with event data and network data
  • Help when determining safety incident priorities
  • Modular system regarding both performance and data storage
  • Integration with hundreds of IBM and non-IBM products
  • Available as on-premise license or cloud solution

QRadar contains the following main platforms:

Log Management is capable of log collection from many classes of the IT infrastructure’s devices, security information, vulnerability information, and so on. This data can be archived according to several retention politics, accessed repeatedly and subject to performance of advanced security analysis.

QRadar QFlow is a module used for the collection of data flow records. Collected flow information is processed in the Network Behaviour Anomaly module and the acquired events can then be correlated with the collected logs from systems and applications.

QRadar Risk Management is used to identify the most vulnerable elements of the network. It can immediately generate a notification once such elements are involved in a potentially dangerous activity.

QRadar Incident Forensics is primarily used for advanced analysis of detected anomalies and incidents within the framework of the Incident Response workflow. It allows analysts to overview the events in the context of both time and frequency, history, commotion vector (internal/external) and originator/victim. It enables the capture of data packets (Native Packet Capture (PCAP) for investigations conceived in such a way to acquire the deepest possible view of the Customer’s infrastructure.

QRadar API enables safe and controlled access of third-party products to SIEM information. Access via QRADAR API is audited by the SIEM internal mechanism.

Generally, the process can be expressed using the following scheme in the IBM Security QRadar SIEM system.

It is equally important to be aware that in the Czech Republic, this area is subject to Act No. 181/2014 Coll. on cybernetic safety, which regulates the implementation of specific technical measures, such as:

  • Section 11 – Controlled a access and safe user behaviour
  • Section 21 – Tool used to record activities of critical information infrastructure and significant information systems, their users and administrators
  • Section 22 – Tool used to detect cybernetic security events
  • Section 23 – Tool used to collect and evaluate cybernetic security events

We will help you familiarise you with the problem in order to meet the appropriate legal or legislative requirements, while also preventing security incidents that could influence your business.

Success Story

One of our complex communication and information security service clients happens to be in TOP 20 in Czech Republic in the Industry segment. The first step in this case was a comprehensive risk analysis, which was used as a basis for appropriate security policies and an implementation plan draft. Afterwards, adequate security technologies were built in the “bottom up” fashion:

  • Physical security (integration of EZS, EPS, IP video surveillance)
  • Perimeter information security (next-generation firewall)
  • Internal information security (identity management)
  • Integrated security management (SIEM)

It is above all the security management integration that presents the significant benefit for the customer. The customer is then capable to see security as an integral part of a business-wide ICT rather than as a “mere” set of security technologies.