Upload
fernando-m-imperiale
View
36
Download
0
Embed Size (px)
Citation preview
© 2013 IBM Corporation
IBM Security
© 2014 IBM Corporation
Security Intelligence Implementando una plataforma de inteligencia de Seguridad en PYMES
Fernando M. ImperialeSecurity Advisor - ArgentinaNoviembre 2015
Qué es Security Intelligence?
Security IntelligenceInformación accionable, derivada del análisis de todas las fuentes de datos de Seguridad disponibles de una
organización.
Por que Security Intelligence es Esencial?
Escalating Threats Increasing Complexity Resource Constraints
• Increasingly sophisticated attack methods
• Disappearing perimeters
• Accelerating security breaches
• Constantly changing infrastructure
• Too many products from multiple vendors; costly to configure and manage
• Inadequate antivirus products
• Struggling security teams
• Too much data with limited manpower and skills to manage it all
Spear Phishing
Persistence
Backdoors
Designer Malware
Sorry, no applicants found
ITSecurityJobs.com
El equipo de Seguridad ve ruido
La forma mas rápida, integrada y automática posible para alcanzar Security Intelligence:
AUTOMATION
INTEGRATION
IBM QRadarSecurity Intelligence Platform
Correlation, analysis and massive data reduction
Driving simplicity and accelerating time-to-value
Unified architecture delivered in a single console
INTELLIGENCE
Security Intelligence platform that enables security optimization through advanced threat detection, meet compliance and policy demands and eliminating data silos
Portfolio Overview
QRadar Log Manager• Turnkey log management for SMB and Enterprises• Upgradeable to enterprise SIEM
QRadar SIEM• Integrated log, flow, threat, compliance mgmt• Asset profiling and flow analytics• Offense management and workflow
Network Activity Collectors (QFlow)• Network analytics, behavior and anomaly detection• Layer 7 application monitoring
QRadar Risk Manager• Predictive threat modeling & simulation• Scalable configuration monitoring and audit• Advanced threat and impact analysis
QRadar Vulnerability Manager• Integrated Network Scanning & Workflow• Leverage SIEM, Threat, Risk to prioritize
vulnerabilities
QRadar Incident Forensics• Reconstruct raw network packets to original format• Determine root cause of security incidents and help
prevent recurrences
QRadar Product Portfolio
Intelligence: Embedded intelligence to find true offenses
Servers and mainframes
Network and virtual activity
Application activity
Data activity
Configuration information
Vulnerabilities and threats
Users and identities
Global threat intelligence
Security devices
Extensive Data Sources …Suspected Incidents
• Automated data collection, asset discovery and profiling
• Automated, real-time, and integrated analytics
• Massive data reduction
• Activity baseliningand anomaly detection
• Out-of-the box rules and templates
Embedded Intelligence
True Offenses
Automated
Offense
Identification
Automático: Simplicidad y aceleración al valor para el negocio
Descubre components de RED
Proactive vulnerability scans, configuration comparisons,
and policy compliance checks
Implementación Simple
Automated configurationof log data sources
and asset databases
Actualiza Automaticamente
Stay current with latest threats,
vulnerabilities,and protocols
Reglas y Reportes de
fabricaReduce incident
investigations and meet compliance
mandates
SIEM / LM Virtual ApplianceModel Initial Capacity Capacity Increase1
SIEM All-in-1 Virtual Appliance 3190
100 EPS15K Flows
100 EPS incremental increase to 500, then to 1,000, and then to 2500 or 5000 EPS
Flow increase to 25K, 50K, 100K, 200K Flows
SIEM Console Virtual Appliance 3190
Not applicable Not applicable
SIEM Event Processor Virtual Appliance 1690
100 EPS 100 EPS incremental increase to 500, then to 1,000, 2500, and then 2500 EPS incremental increase, up to 10,000 EPS
SIEM Flow Processor Virtual Appliance 1790
15K Flows to 25K, 50K, then 100K Flow incremental increase, up to 600K Flows
SIEM Event Collector Virtual Appliance 1590
Not applicable Not applicable
SIEM QFlow Collector Virtual Appliance 1290
Not applicable Not applicable
SIEM Data Node Virtual Appliance 14904
Not applicable Not applicable
Log Manager All-in-1 Virtual Appliance 3190
100 EPS 100 EPS incremental increase to 500, then to 1000, then to 2500 or 5000 EPS
Log Manager Console Virtual Appliance 3190
Not applicable Not applicable
Log Manager Event Processor Virtual Appliance 1690
100 EPS 100 EPS incremental increase to 500, then to 1,000, 2500, and then 2500 EPS incremental increase, up to 10,000 EPS
© 2013 IBM Corporation
IBM Security
© 2014 IBM Corporation
PREGUNTAS?
GRACIAS !
Fernando M. ImperialeSecurity Advisor - ArgentinaNoviembre 2015