Gartner: By 2023, 90% of SIEM will be delivered through cloud

As analyst Gartner projects, 90% of SIEM solutions will have capabilities like log storage, analytics or incident management that are only delivered through the cloud, a leap from the current 20%. With hybrid, multicloud adoption growing so rapidly, organizations need to extend their security approach to their workloads in the cloud.

Yet security teams often lack the baseline visibility needed to protect assets in these environments. Without this visibility, you may be unable to take the critical first steps to protect cloud assets, minimize risks and defend against threats. 

keyframe for the video

Watch the video (05:19)

Extend enterprise security to hybrid multicloud environments

To provide analysts with a comprehensive view of risks and threats, IBM® Security QRadar® extends visibility to cloud solutions and platforms by collecting normalizing and analyzing events. Deep integration with cloud services such as Amazon Web Service (AWS), Azure, SalesForce.com and Office 365, as well as with and traditional on-premises infrastructure, helps security teams better detect and respond to threats regardless of where they occur.

The solution also helps detect misconfigurations, such as those common in AWS S3 Buckets and Azure Blob storage, that could unintentionally expose data. It can also provide insight into the use of shadow IT and expose which users use unsanctioned tools such as Google Drive or Dropbox.

Secure your AWS deployments with IBM Security QRadar

Integrations to get your AWS data into QRadar

 

IBM QRadar Content Extension for AWS

The QRadar content extension for AWS adds rules, reports and saved searches to build on the existing QRadar event parsing capabilities for AWS deployments.

 

IBM QRadar Cloud Visibility app

QRadar can detect potential problems in AWS environments and address security use cases. The app includes:

  • Simplified log source management
  • Identity and access management for accounts, users and IAM roles
  • Auto-population of QRadar Network Hierarchy
  • Amazon VPC flow log visualization
  • Integration with AWS Security Hub and Amazon Detective

Secure your Microsoft Azure deployments with IBM Security QRadar

Integrations to get your Azure data into QRadar

QRadar Content Extension for Azure

Adds rules, reports, and saved searches to build on the existing QRadar event parsing capabilities for Azure deployments. This content extension is specifically aimed at network security management, Security Rules modification and Virtual Network management.

QRadar Cloud Visibility app

QRadar can detect potential problems in Azure environments and address security use cases. Once offenses are created, Cloud Visibility app then helps users manage these offenses in the Azure Offense Overview dashboard.

Secure your Google Cloud Platform deployments with IBM Security QRadar

Integrations to get your Google Cloud data into QRadar

Google Cloud Audit Logs DSM. Bring Google Cloud Audit logs into QRadar to monitor and secure what’s happening in your infrastructure. This integration supports :

  • Google Compute Engine
  • Google Cloud Identity and Access Management
  • Identity Platform
  • Cloud Storage

Google G Suite activity reports

Google G Suite Activity Reports DSM. Bring in data from Google G Suite reports to monitor usage, examine potential security risks and auditing tasks. Activity reports list information for activities in a specific G Suite service, for example:

  • Admin activity reports: show admin activities in the Admin console.
  • Google Drive activity reports: summarize how users edit and view their Drive documents.
  • Login activity report: summarize when users login and logout.