Security

IBM delivers state of the art SIEM Cyber-security solutions with Watson integration

Share this post:

During the 1st world war the generals understood that gathering data was crucial to winning the war. At that time their tools were runners, flashlights and dogs. The data was all about the enemy, where they attacked, where their troops were and what was the current state of troops and supplies. When under attack the general needed information more than ever and if being attacked on several fronts even more so. Information was a key deciding factor of the outcome of the war.

We are now engaged in a new kind of war where the enemy is invisible, there are no clearly defined fronts and the attacks can come from anyone and anywhere with a range of different weapons.

The generals of this war sit in a new kind of command control centre but are still gathering data to ensure the best defence and protection against attacks. This new control and command centre is called The SOC or SIOC, Security Operation Centre or Security Intelligence Operation Centre.

 

 

 

The heart of the SOC is a SIEM (Security Information and Event Management) and the current leading SIEM for many consecutive years is Qradar from IBM. With the IBM SIEM we can gather millions of events from our infrastructure security logs and thereby get a clear overview of what is going on. Qradar will automatically open an offence, this offence is based on a collation of information from the logs that have sent a message that something is wrong. Now the general can act and take the decision whether he has to fix the hole in the wall (patch management), close the gate (close the firewall and access to the system), or remove attacking troops within the walls (should he remove an attacking virus).

The general also has to work to understand what is false data or false positives. If we were to react to all alerts the volumes would be crippling and each SOC would have a huge personnel requirement so it is crucial that the alarms received are very real threats and not just false alarms. Many decisions have to be taking rapidly and without necessarily a complete set of data. These decisions can however have very grave impacts on business.

Both IBM and the other players in the security world have recognized that competence is maybe the greatest issue we have solving the world of Cybersecurity. IBM Qradar is a very powerful tool which provides users with all the necessary threat information to combat cyber attacks. Combined with IBMs resolution solutions such as X-force, Resilient (our emergency response tool) and Watson for Cybersecurity IBM is taking the war on cybercrime very seriously and delivering the markets’ first cognitive cyber solution.

Using QRadar Advisor with Watson investigations which could normally take several weeks are now completed in a matter of minutes. Also less skilled analysts are supported in understanding more complex issues.

In lots of ways things haven’t changed we are still building forts and castles to keep the enemy out and making attacks difficult. Attacks are relentless and we need to minimize both the damage and the recovery time in order to ultimately protect the business, the personal data and the of course the “crown jewels” of the company.

When is my business ready for SIEM and how can I get started.

Whenever we meet customers there is often the perception that a SIEM is not suitable, both the infrastructure and the people to run it are not in place and it will all most likely be very expensive. Whilst it can be complicated and yes you do need skills to successfully manage a SIEM solution yourself there are several options that can help you get started now. Not doing anything is no longer really an option something some companies have learnt to their detriment.

IBM delivers SIEM in the cloud and we can be up running in a short while with the support from IBM

IBM also has partners who can provide a SIEM/SOC solution and have you up and running in a matter of a few short weeks. This way you would have world class Cybersecurity personal at your disposal to support you in being both secure and compliant.

You can also implement your own SOC and IBM have a large team of software services personal or partners that can support you. We understand that this is more than a piece of software and we can ensure that we also deliver governance, risk and compliance consulting, systems integration and managed security services if needed.

If you have any questions, do not hesitate to contact me at NBA@dk.ibm.com.

 

The following links will help you with gather further information regarding the subject.

The following links will help you with gather further  information regarding the subject.

Qradar Watson for Cybersecurity: https://www.youtube.com/watch?v=MYZOIdK4o1M

How to choose a security intelligence platform : https://www.youtube.com/watch?v=mNBzkmQlN4I

IBM X-force command center: https://www.youtube.com/watch?v=sHrgVqKW1RQ

IBM Resilient: https://www.youtube.com/watch?v=dIf3OShChrE

 

 

 

Sales Lead Nordic Security Intelligence IBM Software Sales

More Security stories

Data Democratization – making data available

One of the trending buzzwords of the last years in my world is “Data Democratization”. Which this year seems to have been complemented by “Data Fabric” and “Data Mesh”. What it is really about the long-standing challenge of making data available. It is another one of these topics that often gets the reaction “How hard […]

Continue reading

How to act in the new regulation of financial sector

Our world is changing. Because of that regulators around the world are taking ambitious steps to improve the sustainability of the financial sector and guide capital towards sustainable economic activity. Especially in EU we are seeing a high level of regulations. These regulatory interventions present complex and sensitive legal challenges for financial sector firms, which […]

Continue reading

Private cloud or public cloud? New server technology offers more choice

In September, we launched the new IBM Power E1080 high-end server, for corporate use based on the  new Power10 architecture, the Power E1080. The server can – among many other things – handle a large number of applications and workloads securely, at scale and with highest availability. Going into the spring of 2022, we will […]

Continue reading