Rather than tackling the task of choosing and implementing an enterprise-wide SIEM solution on its own, the insurance company turned to IBM Platinum Business Partner Sirius (link resides outside of ibm.com) for help. The company had an existing relationship with Sirius, and Sirius was already approved to work within its IT environment—both factors that positioned the IT solutions provider to help address the company’s need for speed.
“Step one was selecting the SIEM tool that would meet this client’s current needs and, more importantly, provide a strategic platform for taking the company into the future,” says Brian Reichart, Sirius Managed Services Solutions Sales Specialist, who led the engagement. Sirius recommended IBM QRadar SIEM, which was one of the tools already in use at the company.
“The newly appointed CISO did grill us very intensively as to why we thought QRadar was the product to go with. We also had a long discussion about the value of an on-premises deployment versus the cloud. After working through their strategic imperatives around security, and considering the company’s expected 10% to 15% year-over-year growth, we really felt that a dedicated on-premises QRadar solution was correct for this client.”
Among the differentiating features that contributed to the selection of QRadar over other SIEM platforms under consideration is the extensive set of standard reports included as well as the flexibility of reporting. That means little customization was required to set up the security software. The log manager platform provides fast access to data for operational review and enables analysis of activity in subsets of the environment.
The insurance company’s CISO also appreciated the opportunity to add functionality through the IBM Security App Exchange, an ecosystem of developers offering apps and add-ons for QRadar and other security solutions.
With just over six months until the company’s “go live” target date, Sirius went to work architecting the scalable QRadar solution and installing collectors and consoles across the insurer’s three major data centers plus several remote locations. The Sirius solution includes correlation rules that filter out false positives and are critical to the efficiency of any SIEM solution, notes Reichart: “In addition to the correlation rules recommended by IBM, Sirius has developed its own set of correlations that we add. This tuning helps to significantly reduce the number of alerts that the system generates.”