Cisco and IBM have extended their security technology relationship with the introduction of a new context information-sharing framework called Platform Exchange Grid (pxGrid); at the heart of pxGrid is the Cisco Identity Services Engine (ISE), an enterprise policy control platform that provides policy-based, context-aware security for Cisco networks. ISE forms the pxGrid controller component which orchestrates connections between platforms and authorizes what contextual information is shared. IBM Security QRadar SIEM is now integrated with Cisco ISE. QRadar SIEM:
- Consolidates log source event data from thousands of devices endpoints and applications distributed throughout a network.
- Performs immediate normalization and correlation activities on raw data to distinguish real threats from false positives.
- Correlates system vulnerabilities with event and network data, helping to prioritize security incidents.
- Can incorporate IBM Security X-Force Threat Intelligence which supplies a list of potentially malicious IP addresses including malware hosts, spam sources, and other threats.
In other words, the integration brings a broader range of contextual information -- about users, identities, privilege levels, device types, network conditions and events -- to QRadar SIEM's security intelligence capabilities. The Investigating with QRadar forum is an active discussion about using QRadar in day-to-day operations, investigations, and analysis of network activity.
You can learn more about QRadar Security Intelligence: The platform applies real-time correlation and anomaly detection across a distributed and scalable repository of security information. Big data analytics enable more accurate security monitoring and better visibility. Solutions within the package offer SIEM (security information and event management), log management, configuration and vulnerability management, and behavioral analysis and anomaly detection capabilities.