Unboxing Use Cases with IBM Security QRadar

Protecting
Critical Data

Protecting critical data is at the core of a security protocol. It’s a multifaceted endeavor and takes a multilayered approach.

  • Critical data protection
  • Critical asset protection
  • Data exfiltration
  • Phishing attacks

Critical data
protection


Scenario

Protecting critical data is at the core of a security protocol. It’s a multifaceted endeavor and takes a multilayered approach.


Solution

  • Generates alerts and offenses based on the following:
    • Suspicious activity on confidential data detected
    • Payload deleted or modified
    • Email containing sensitive file sent to potentially hostile or external host
    • Sensitive file shared with a guest user or group
    • Sensitive file uploaded to a publicly accessible folder
    • Sensitive file permissions allow public access
    • Potential sensitive file modification
    • Files deleted from sensitive file directories
    • GDPR: personal data processed for objected users or transferred to third countries/regions

Continue scrolling for next section

Critical asset
protection


Scenario

Not all assets are of equal value in an organization. The ones holding high value data or having access to high value systems are prime targets for many attackers.

Network configuration changes in complex networks can expose previously protected systems without alert. Network misconfigurations often stay undetected until an attack occurs, leaving high value assets vulnerable.


Solution

  • Gains visibility and understanding of network topology and attack paths
  • Simulates attacks and impacted assets
  • Sets and monitors policies to ensure compliance to various regimes, and alert when misconfigurations leave the organization exposed
  • Contextualizes vulnerability information to prioritize remediations of assets most vulnerable to outsider and insider threats

Continue scrolling for next section

Data
exfiltration


Scenario

The goal of many attacks is to gain access to sensitive or personal information. To do so, data must be exfiltrated out of an organization, usually over the network, and this act can be hidden within what appears to be normal communications.

Visibility to all network communications is important to avoid blind spots. Traffic transmitting data to unauthorized or unknown parties or malicious targets must be detected


Solution

  • Generates alerts and offenses based on the following:
    • Abnormal data volume to external domain
    • Data exfiltration with files in sensitive directories
    • Data exfiltration by print, removable media or cloud services
    • Data exfiltration detected from personal data server
    • Suspicious access followed by data exfiltration
    • Large outbound data transfer to a file storage host, malicious host or IP or by a high risk user
    • Email containing sensitive file sent to potentially hostile host
    • Detection of sensitive data being transferred within documents, e-mails or text messages

Continue scrolling for next section

Phishing
attacks


Scenario

Phishing is often used to gain a foothold in corporate or governmental networks as a part of a larger attack. Threats hide in normal application traffic: DNS, web, email and file transfers and evades antivirus and steal user data, including login credentials and credit card numbers.


Solution

  • Identifies malicious content, including those hidden in data transmissions, SSL certificate violations, protocol obfuscation, file tags and suspicious network flows
  • Detects and extracts suspicious email subject lines, content and attachments
  • Determines who was phished, how they responded and who is compromised
  • Records application activities, captures artifacts and identify assets, applications and users participating in network communications