ee it All, Secure it All: How SIEM Strengthens Your Business
Syncsort
36 views
25 slides
Jul 15, 2024
Slide 1 of 25
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
About This Presentation
A critical element of your company’s IT resilience is having an effective security posture. In today's ever-evolving threat landscape, traditional security solutions often struggle to keep pace with increasingly sophisticated cyberattacks. Security Incident and Event Management (SIEM solutions...
Slide Content
See it All, Secure it All How SIEM Strengthens Your Business Ian Hartley | Senior Director, Product Management Arianna Valentini | Director, Product Marketing
Internal Restricted 2 WHAT A critical element of your company’s IT resilience is having an effective security posture. In today's ever-evolving threat landscape, traditional security solutions often struggle to keep pace with increasingly sophisticated cyberattacks. Security Incident and Event Management (SIEM solutions) can be a critical tool to address this challenge. Unfortunately, many organizations are operating with blind spots, leaving them vulnerable to hidden threats. One of the biggest challenges for effective SIEM solutions is having all your systems included within the view of your security experts. IBM Z and IBM i are powerful and secure systems still widely used in critical business functions across various industries like finance, healthcare, and government. Including them in security monitoring is crucial but native support for these platforms in SIEM solutions can be limited. Join us for this webcast to hear about: Why cybersecurity is a top priority for the C-suite The benefits of an effective SIEM solution A guide to how to get IBM Z and IBM i including in a SIEM environment
Today’s Topics Cybersecurity + C-Suite Benefits of an effective SIEM A guide to including IBM i and IBM Z in your SIEM environment Bringing it all together: Ironstream and QRadar 3
Cybersecurity + C-Suite
Disruptions come in many forms Generative AI Decentralized technology ecosystems TECHNOLOGICAL Business units bound to different requirements Security not being built into company culture ORGANIZATIONAL Non-malicious human errors Rise of extortion-based incidents HUMAN 5 Customer and employee trust Market standing REPUTATION
We must manage for resilience and performance 6 Source: Top Trends in Cybersecurity for 2024, Gartner, January 2024
7 You’re on an IT resiliency journey
Where do stop on this journey? 8 Improve visibility Understand ownership Clear a remediation path
Actions to take to move forward… 9 Get visibility into exposures – align and understand the impact of lack of visibility on critical operations Validate ownership – leverage exposure assessment tools to understand where and who will feel impacts first Do the prework – get traction with pro-active monitoring and discussions across departments on remediation and prevention requirements
Benefits of effective SIEM
11
SIEM is great but what about real-time impacts? 12
Benefits of an effective SIEM… 13 Automates threat detection…. Leverages intelligence… Enables data collection from a variety of sources….
A guide to including IBM i and IBM Z in your SIEM environment
1. Understand the data contained in your IBM i or IBM Z 15 Primary sources of information logged on IBM i System Audit Journal Operator Messages – QSYSOPR Message Queue System and Application Messages – QSYSMSG Message Queue Accounting Journal QHST History Log Collection Services and Logs for Performance Data EXAMPLE: IBM i Data can be used for… Invalid login (sign-on) attempts Command usage by specific users Creation, movement, restoration, and deletion of objects (including database files) Changes to system values and user profiles Authority failures FTP and ODBC network transaction details Profile swapping activity
2. Know how you want IBM i or IBM Z to inform SIEM What do I want/need to monitor? What will be my alert categories? Privileged users Access to failures Customer data Users Groups Data Do I understand the business priorities? What is the baseline for my company? Departmental needs Company requirements External regulations HIPPA NIST PCI DSS 16
17 3. Create a connection between IBM i or IBM Z and SIEM
Bringing it all together: Ironstream and QRadar
Send IBM i log data to QRadar for advanced threat detection, threat hunting, and compliance. 19 IBM i Target Ironstream Source
QRadar Architecture Three Steps Collect the data Process/parse the data Use and present the data Source: https://www.ibm.com/docs/en/qsip/7.5?topic=deployment- qradar -architecture-overview
IBM Z or IBM i LPAR Windows or Linux (or container) High-level Architecture Ironstream Agent Ironstream Hub Configuration determines Agent collection 21 Sources Processes Targets IBM Z IBM i Sources Targets MIMIX HealthLink
IBM Z or IBM i LPAR Windows or Linux (or container) High-level Architecture Ironstream Agent Ironstream Hub Configuration determines Agent collection 22 Sources Processes Targets IBM Z IBM i Sources Targets MIMIX HealthLink 1 2 3
Example: IBM i to QRadar 23 Easy setup via Ironstream Hub LEEF data format Auto-parses data via Cilasoft parser
Example: IBM i to QRadar 24 Easy setup via Ironstream Hub LEEF data format Auto-parses data via Cilasoft parser
Q&A
Tags
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 36
- Slides 25
- Age 504 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
28 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
30 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
28 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
26 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
27 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
29 views