In choosing a solution, UFH conducted proofs of concept (POCs) with security offerings from several top vendors. IBM’s security solution, highlighted by IBM Security® QRadar® SIEM, stood out, not only for its capabilities, but for its ease of use.
“We found outstanding strength in IBM’s solution over competing products in the testing stage,” says Chu Chun Peng, Medical Information Security Manager at UFH. “Specifically, with IBM’s solution, we discovered plain-text usernames and passwords in the system, as well as such non-compliant behaviors as sharing accounts among employees.”
Support services for the solution were a must. “We don’t have a large number of security operations and maintenance personnel, and IBM’s value-added services can make up for that,” says Peng. “This is a differentiation from other security vendors, some of whom cannot make the software work optimally because they sell products, but do not provide support and services.”
With IBM Security QRadar SIEM, UFH team members with limited formal security training can view prioritized threats and engage in level-one investigations of them. Centralized log management helps UFH manage compliance with local regulatory requirements using automated reporting capabilities that enable internal and external audit report generation at a moment’s notice.
“Many of the preset built-in rules of QRadar are very comprehensive and can detect more risks, such as strong log management and traffic collection capabilities, high compatibility with log sources and ease in making direct correlation analysis,” says Peng. “Overall, it is efficient, time-saving and labor-saving.”
Taking advantage of those out-of-the-box capabilities for integration and analysis, UFH deployed the SOC solution in less than one month. To identify potential high-risk user behaviors and activities, UFH implemented IBM Security QRadar User Behavior Analytics, a machine-learning add-on application that determines baseline user and peer group behavior to detect suspicious anomalies and send alerts on potential insider threats or compromised hosts. Another add-on, IBM Security QRadar Network Insights, analyzes network traffic to monitor sensitive patient data flow and provides real-time alerts.
A core piece of IBM security technology, IBM Cloud Pak® for Security, is in the process of being implemented and is expected to go into full production in 2023. The unified security management platform integrates with IBM Security QRadar SIEM to bolster security incident detection, investigation and response.