Becamex QRadar Presentation IBM Qradar SIEM.pptx
ssuserb804d61
168 views
41 slides
Jun 13, 2024
Slide 1 of 41
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
About This Presentation
IBM Qradar SIEM
Slide Content
IBM QRadar SIEM Becamex Do Nhat Tan - HPT Cyber Security
Solution overview Product Demo Deployment & sizing 1 2 3 Contents HPT competency 4
Solution oveview 1
The importance of event logs
Challenges without SIEM No long term storage Disparate information Lack of correlation
What is SIEM? Security Information and Event Management Collects events Detects threats Alerts to SOC Search & investigate
SIEM in regulations International: NIST, PCI DSS, HIPAA, FISMA, GDPR, ISO 27000... Vietnam: TT 09-NHNN, NĐ 85-CP...
SIEM functions Collects and parses events Correlates and alerts Dashboards for monitoring Escalates incident Compliance
SIEM requirements Variety in protocols Automation Data enrichment Compress and index Distributed processing Open platform
IBM QRadar SIEM
QRadar SIEM Integrated, Intelligence and Automation Collect : Multiple type of informations logs, flows, configurations, vulnerabilities and threat intelligence Analysis : Multiple built-in engine and rules (CRE and ADE), integration with cognitive (Watson Advisor) Response : Security incidents detection and response, continous monitoring, compliance reports IBM QRadar SIEM
Interop & customize Open platform : Single collaboration platform for rapidly delivery new apps and contents (UBA) Theat and risk management : Risk from pre-exploit (VM) and post-exploit (SIEM & IRP) with cognitive Out-of-Box rules & reports : Built-in many rules & reports, and updates from AppExchange QRadar Capabilities
QRadar Capabilities Data parsing & normalization
QRadar Capabilities Data collection: supports many protocols 71 protocols 381 log source types Custom log source types
QRadar Capabilities Searching & investigation
QRadar Capabilities Dashboards
QRadar Capabilities Deep flow visibility with QNI Session reconstruction and application analysis Extraction of key metadata and content Full payload and application content analysis QRadar Network Insights Real-time analysis of network traffic Intrinsic Suspect Content detection
QRadar Capabilities Response & automation
QRadar Capabilities Compliance
QRadar Capabilities Compression and indexing
QRadar Capabilities Enrichment and CTI integration
QRadar Capabilities AI based investigation enrichment with Watson
QRadar Capabilities DNS Analyzer
QRadar Capabilities Machine learning based User Behavior Analysis
QRadar Capabilities SOAR integration Prioritized incidents Incident identification Extensive data collection, storage, and analysis Real-time correlation and threat intelligence Automatic asset, service and user discovery and profiling Activity baselining and anomaly detection Embedded Intelligence QRadar Sense Analytics Servers and mainframes Data activity Network and virtual activity Application activity Configuration information Security devices Users and identities Vulnerabilities and threats Global threat intelligence EXTENSIVE DATA SOURCES
QRadar Capabilities Distributed processing
Product Demo 2
Demo highlights Monitoring with dasboards Basic SIEM functionalities: Parsing (DSM & custom), normalization Searching & investigating Correlation Asset & vulnerability management Threat Intelligence Incident Response integration
Deployment & sizing 3
QRadar Components
Expansion with data node
QRadar distributed processing
QRadar Communications QRadar All-in-one appliance
QRadar Appliances Appliance (M6) Max EPS Max FPM CPU RAM HDD xx01 Event Collector 1201 30,000 1xSilver 4216 16C 64G 2.4TB (4x0.6) 10K Raid10 Flow Collector 1501 xx05 Event Processor 1605 20,000 2xSilver 4210 10C 64G 12TB (10x1.2) 7.2K Raid6 Flow Processor 1705 1,200,000 Both Processor 1805 5,000 200,000 AIO 3105 5,000 200,000 xx29 Event Processor 1629 40,000 2xSilver 4214 12C 256G 96TB (12x8) 7.2K Raid6 Flow Processor 1729 2,400,000 Both Processor 1829 15,000 300,000 AIO 3129 15,000 300,000 xx48 Event Processor 1648 80,000 2xGold 6230 20C 22MB 256G 24TB (6x3.84) SSD Raid6 Flow Processor 1748 3,600,000 Both Processor 1848 30,000 1,200,000 AIO 3148 30,000 1,200,000
QRadar storage sizing Typical data disk: 25TB Type Data rate Space required per day (GB ) Days / store (GB) Free 20 % (GB) Data HDD (GB) Records Payloads EPS 3,500 21 17 365 15,048 18,810 23,513 FPM 15,000 0.3 0.1 30 158 198 248
QRadar Licensing Part Number Part Description IBM QRadar Base License D1RNCLL IBM QRadar Software Install License D1RS8LL IBM QRadar Disaster Recovery Software Install License QRadar SW Node License D1S2JLL IBM QRadar Software Node Install License D1RS0LL IBM QRadar High Availability Software Install License - HA EPS Capacity Upgrade D1RP3LL IBM QRadar Event Capacity 2.5K Events Per Second License D1RNXLL IBM QRadar Event Capacity 1K Events Per Second License D1RNRLL IBM QRadar Event Capacity 500 Events Per Second License D1RNKLL IBM QRadar Event Capacity 100 Events per Second License FPM Capacity Upgrade D1RQALL IBM QRadar Flows Capacity 10K Flows Per Minute License D1RQMLL IBM QRadar Flows Capacity 50K Flows Per Minute License D1RQTLL IBM QRadar Flows Capacity 100K Flows Per Minute License
HPT Competency 4
Staff capabilities First QRadar project: 2014 QRadar experts: 04 Skills Consultant & design Implementation Maintain, support & troubleshoot Healthcheck & optimize
Project experience BFSI : Foreign : Industry :
Q&A
Thank You!
Tags
Categories
MarketingDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 168
- Slides 41
- Age 536 days
Related Slideshows
83
The Ins and Outs of Sports Sponsorship: What Characterizes the Best Deals and Activations
NeilHorowitz
35 views
50
Commerce at the Limit - Marketecture - October 2025_v5.pptx
EricSeufert
369 views
13
Marketing Environment and navigating changes
neetinaag
29 views
34
FAMILY_PLANNING_METHODS available for women
Isaiah47
26 views
8
himani .8.pptx this is about marketing presentation that how marketing control works
sakshi287109
28 views
54
GAT NEW.pptxfgjjkkkbhhhjjjjiiiuuuuuu8uy4rr
SirajudinAkmel1
25 views