Solutions

How smart is your cyber security?
Data Security
Network Security
Detect and defend against network security threats with QRadar Sense Analytics.
IBM QRadar Security Intelligence Platform uses an advanced Sense Analytics Engine to detect advanced threats while delivering:

A single architecture for analyzing log events, netflows, network packets, vulnerabilities, user and asset data.

Real-time correlation employing Sense Analytics to identify high-risk threats, attacks and security breaches.

Prioritization of high-priority incidents among billions of daily data points received.

Proactive analysis of existing risks due to device configurational issues and known vulnerabilities.

Automated incident response.

Automated regulatory compliance with data collection, correlation and reporting capabilities.

The IBM QRadar Security Intelligence Platform supports a number of use cases including:
Advanced Threat Detection
   
IBM QRadar aggregates security logs and network flows, and uses its Sense Analytics Engine to help identify advanced threats. Using behavioral-based analytics, it detects anomalies and suspicious activities, performs event aggregation and correlation, assesses severity, and provides security analysts with a manageable list of prioritized offenses requiring investigation.
Insider Threat Identification
   
IBM Sense Analytics performs
automated asset, service, and user discovery and profiling. After
profiling user behavior and determining a baseline, QRadar
detects deviations from normal and generates alerts for items to be
investigated. It then supports quick and easy forensics analysis
and incident response for rapid insider threat resolution.

Compliance Reporting
   
QRadar automatically senses and discovers log sources, network devices, and configurations. It analyzes data collected to help identify conditions that are non-compliant with internal policies and regulations. It includes customizable reports for best practices, internal policies and regulations including
COBIT, SOX, GLBA, NERC, FISMA, PCI, HIPAA, UK GCSx and more.

Securing the Cloud
   
QRadar SIEM can monitor and detect
abnormal use of a wide range of cloud applications such as Microsoft Office 365, Amazon Web Services CloudTrail,
Salesforce.com, Google Cloud Identity & Access Management, and more. QRadar can also help secure infrastructures whether they are deployed on premises, in the cloud, or based on a hybrid model.

Forensics Investigation
   
QRadar can quickly and easily recover the network packets associated with a security offense, and reconstructs the step-by-step actions of an attacker to enable rapid problem investigation and remediation, along with prevention of
future recurrences.

Incidence Response
   
IBM QRadar Security Intelligence senses and discovers advanced threats and initiates the incident response
process. Integration with Resilient Systems enables the automation of response processes, and allows the generation of a playbook that makes security alerts quickly actionable, provides valuable intelligence and incident context, and helps security
teams rapidly take action.

Risk & Vulnerability Management
   
QRadar senses the addition
of new network assets, scans them to detect vulnerabilities, identifies configuration errors and out-of-policy conditions, and generates network topology views that identify potential attack paths. It then prioritizes the vulnerabilities and risks discovered to
help organizations develop corrective action plans.

Safeguard critical data wherever it resides with IBM Guardium.
IBM Security Guardium is a comprehensive data protection solution that provides a full range of data security capabilities, from compliance support to dynamic data masking. The solution helps secure your sensitive data across a full range of environments–including databases, big data platforms, cloud deployments, file systems and more.

Guardium provides automated analysis to quickly uncover internal and external risks to sensitive data. The solution also easily adapts to changes in your IT environment, whether that includes adding new users, requiring more scalability or adding new technologies.


Data breaches happen – but they don't have to

The IBM Guardium use cases include:
Vulnerability Assesment
IBM® Security® Guardium® Vulnerability Assessment scans data infrastructures (databases, datawarehouses and big data environment) to detect vulnerabilities, and suggests remedial actions. The solution identifies exposures such as missing patches, weak passwords, unauthorized changes, misconfigured privileges and other vulnerabilities. Full reports are provided as well as suggestions to address all vulnerabilities. IBM Security Guardium Vulnerability Assessment also detects behavioral vulnerabilities such as account sharing, excessive administrative logins and unusual after-hours activity. IBM Security Guardium Vulnerability Assessment identifies threats and security holes in databases which could be exploited by
intruders and hackers to gain access to sensitive data.

Data Activity Monitor
IBM® Security® Guardium® Vulnerability Assessment scans data infrastructures (databases, datawarehouses and big data environment) to detect vulnerabilities, and suggests remedial actions. The solution identifies exposures such as missing patches, weak passwords, unauthorized changes, misconfigured privileges and other vulnerabilities. Full reports are provided as well as suggestions to address all vulnerabilities. IBM Security Guardium Vulnerability Assessment also detects behavioral vulnerabilities such as account sharing, excessive administrative logins and unusual after-hours activity. IBM Security Guardium Vulnerability Assessment identifies threats and security holes in databases which could be exploited by
intruders and hackers to gain access to sensitive data.

Activity Monitor for File
IBM® Security® Guardium® Activity Monitor for Files prevents unauthorized data access, alerts on changes or leaks to help ensure data integrity, automates compliance controls and protects against internal and external threats. Continuous monitoring and real time security policies protect unstructured data across the enterprise without changes to file systems or applications or performance impact. It provides insight into your document and file contents, and usage patterns. IBM Security Guardium Activity Monitor for Files lets you discover, track, and control access to sensitive files on either local or networked file systems.

IBM Security Guardium Activity Monitor for Files can help you meet compliance obligations and reduce the risks of major data breaches.

Guardium for Applications
IBM Security Guardium for Applications can protect sensitive or confidential data exposed in a web application, without requiring changes to the application itself. The software uses advanced dynamic data masking technology to mask sensitive information. It helps protect information from unauthorized users in accordance with your organization’s compliance mandates or security policies.


Express Activity Monitor for Database
IBM® Security Guardium Express Activity Monitor for Databases enables you to analyze, protect and adapt to support enterprise-level data activity monitoring that addresses compliance requirements for data access mandates. The preconfigured software offers automatic discovery and classification of sensitive data, real-time activity monitoring, provides centralized compliance for database environments, and delivers automated compliance workflow and activity reporting.

Guardium Express Activity Monitory for Databases supports data activity monitoring (DAM) for distributed database repositories. It provides a non-intrusive, transparent and secure way to continuously monitor database activity, trigger pre-set real-time alerts on suspicious activities, and generate detailed audit logs for compliance reporting.