Optimizing IBM QRadar Advisor with Watson
|
|
- Lucy Newton
- 5 years ago
- Views:
Transcription
1 Optimizing IBM QRadar Advisor with Watson IBM SECURITY SUPPORT OPEN MIC #25 Slides and additional dial in numbers: June 8, 2017 NOTICE: BY PARTICIPATING IN THIS CALL, YOU GIVE YOUR IRREVOCABLE CONSENT TO IBM TO RECORD ANY STATEMENTS THAT YOU MAY MAKE DURING THE CALL, AS WELL AS TO IBM S USE OF SUCH RECORDING IN ANY AND ALL MEDIA, INCLUDING FOR VIDEO POSTINGS ON YOUTUBE. IF YOU OBJECT, PLEASE DO NOT CONNECT TO THIS CALL.
2 Panelists Vijay Dheap Program Director: Cognitive, Cloud, Analytics Suzy Deffeyes Security Analytics Architect Cameron Will Threat Intelligence Engineer Christopher Hankins Cybersecurity Specialist Adam Frank Principal Solutions Architect Jonathan Pechta Support Content Lead & Technical Writer 2 IBM Security
3 Agenda
4 Optimizing QRadar Advisor with Watson Agenda 1. Announcements 2. QRadar Tuning Review (See last Open Mic: 3. QRadar Advisor with Watson Pre-requisites 4. QRadar Advisor with Watson Best Practices 5. User Interface 6. Getting Help 7. Questions 4 IBM Security
5 Announcements
6 General Information / Announcements QRadar Patch 7 has been released. Before installing, admins should be aware of the following changes: TLSv1.0 is disabled in QRadar Patch 7, which can impact user interface authentication for anyone using a legacy browser. The Java version is updated in this release to Java 8. We are currently working to schedule an upgrade of the QRadar on Cloud service between 06/12/2017 and 07/12/2017. This upgrade includes a number of important updates that are designed to further enhance the overall extensibility of the service. This will move your current system from the 7.2.x stream to 7.3.x stream. If you have any questions, comments or concerns: sisaasop@ca.ibm.com 6 IBM Security
7 QRadar Pulse App is Now Available (Early Access) Visualize your QRadar offense data and associated events in 3D. See offenses unfold near real time and track your security threats from around the globe. Perfect for a quick overview of your current security situation on large display in a Security Operations Center. The QRadar Pulse app is currently only supported in QRadar V QRadar Pulse will be supported on V very soon. <-- Use this link to get view this app page on the X-Force Exchange. 7 IBM Security
8 QRadar Tuning Replay videos (YouTube) Network Hierarchy: Host Definitions BB/Reference Data: Server Discovery: QRadar Content Extensions: Tuning Methods: False Positive Rule: Gartner Peer Reviews - Share your QRadar Experience & Expertise Gartner Peer Insights is a platform for ratings and reviews of enterprise technology solutions by end-user professionals for end-user professionals. Administrators or users of QRadar SIEM interested in providing a peer review and sharing your expertise and experience with QRadar can now do so online. Your individual review will be published; however, the only information shared is your industry, company size, and role. If you are interested in providing an online review of QRadar, see: 8 IBM Security
9 Tuning QRadar (Review)
10 Why is Tuning QRadar Important for QRadar Advisor? Tuning QRadar is critical to your success in QRadar Advisor with Watson as it reduces the number of offenses being generated and allows you to separate important offenses from noise. The goal is to reduce offenses down from hundreds to a manageable level, detect those important events and send that data to QRadar Advisor with Watson for analysis. Having more than active offenses becomes difficult to manage, the goal for admins should be to tune to reduce work load for the SOC. Submitting relevant Indicators of compromise allows QRadar Advisor to return relevant and useful results to users. 10 IBM Security
11 Network Hierarchy & Defining Your Environment Network Hierarchy defines what address spaces for assets are in your network (Local) and what is outside of your network (Remote). This is done by defining CIDR ranges that allows administrators to segment the network in to logical groups for rules, searches, reports, network anomaly behavior patterns, etc. This list should include both routable and nonroutable addresses for assets you own. QRadar incorporates the idea of context, who they are, who we are and the traffic occurring between your network and the outside world. Qradar has 3 valid contexts. Local2Local Activity within your network. Local2Remote Activity within your network to the outside world. Remote2Local - Activity from the outside world affecting your network. 11 IBM Security
12 The Core Foundations (Review) Host Definitions BB / Reference data
13 HostReference Building Blocks Using Reference Sets In QRadar 7.2 we introduced Reference Sets to QRadar administrators. One of the issues in reference sets is that CIDR values are not supported. We ve recently released a new set of AQL properties that allows administrators to resolve this issue to read CIDR addresses as a string value and convert the CIDR address to IP address. NOTE: This is Early Access! 13 IBM Security
14 Tuning Methodology (Review) Creating a SIEM Tuning Report
15 Step 1: SIEM Tuning Report When building this report remember that we build this using the custom log source and Group By using the Event Name. Each Processer for Qradar has its own Custom Rules Engine so if the administrator has a distributed deployment, use Operator = is any of and select the multiple CRE log sources. 15 IBM Security
16 Modifying Rule Tests & Thresholds (Continued) Add/remove rule tests to tune for data you care about or restructure the order: Only to a specific country Only from a critical network Working hours Assets w/vulnerabilities Adjust the existing rule tests: Source bytes greater than 2M 30 min window instead of 12 Create a note about changed made to the rule for audit purposes, if required in your work flow. 16 IBM Security
17 QRadar Advisor with Watson Pre-requisites
18 Configuration Pre-Requisites QRadar (any patch level) is required. QRadar Support recommends all QRadar Advisor w/watson users install QRadar Patch 4. You must Enable X-Force Threat Intelligence Feed in QRadar in your QRadar System Settings. You must generate an authorized service token in QRadar for the application. Internet access is required. A secure proxy can be configured (if required) Submit an IBM X-Force Exchange authorization key for the QRadar Advisor with Watson app. Create an authorized and limited access service token for the QRadar Advisor with Watson application. Map custom properties from QRadar to the QRadar Advisor with Watson application property names. 18 IBM Security
19 QRadar Advisor Best Practices
20 Best Practices for tuning Advisor Data sources matter! L2R and R2L data is awesome. Examples: Egress boundary firewall, proxy, IPS logs Priority 1: Proxy, Firewall, Anti-Virus, VPN, User Logon (RADIUS, LDAP), Endpoint, DNS Priority 2: DHCP, IDS, Windows Advisor also loves hashes. Examples: endpoint agents like AV that include File hashes Implement and map Custom properties Every environment is different, help Advisor know what is what in your environment. Network Hierarchy is accurate An inaccurate hierarch causes Advisor to incorrectly data mine Observables from your event logs Use on Offenses that are L2R, R2L, or contain File hashes. Examples: Suspicious File Found (hash), Communication with known botnet, Large data leaving egress boundary Less help with: Suspicious login or other Offenses firing on local to local activity. Known False Positive Offenses tuned out If you are regularly ignoring Offenses because you know they aren t a problem or they are something you need to tweak in CRE rules, don t send them to Watson. Don t run Watson on Offenses that have been open for over a month. 20 IBM Security
21 Custom Properties Adding custom properties will improve the quality of Watson results. Configure regex for: Remote IPs, remote domains, remote URLs, hashes Ensure custom properties are working properly Advisor will not pull data out of raw payloads, data that Advisor uses must be parsed out into custom properties. Add regex for any missing custom properties in QRadar s custom property UI, and verify it is working before mapping in Advisor s admin wizard Ex: If endpoint logs have file hashes in them, but no custom property for File hashes is parsing them out of the logs, Advisor won t see them. 21 IBM Security
22 Advisor Property Mapping Process Mapping your properties correctly will improve Advisor results. Don t skip adding Advisor Properties Mappings when installing Advisor, ensure SIEM admin configures them in Advisor admin wizard. Don t count on it working with default Observable mapping. Map properties in Advisor, define your Canonical Observable Types Ensure Canonical types are correct These types are sent to Watson: Src/Dst IP Hash Domain URL Some types are used locally only Less important to configure, but can help Username AVSignature Filename Username 22 IBM Security
23 Example of a QRadar Advisor with Watson Analysis After you submit an incident (offense) to Watson for investigation, the knowledge graph provides a view into relationships of the entities and observables for your incident. Where do I start? 1. Offenses triggered from endpoint event logs that reference a file hash (Malware events) 2. Offenses triggered from events from external facing firewalls, proxies, antivirus or DNS logs (Suspicious Activity) 23 IBM Security
24 The Observables (IoCs) in Your Data are Important On the Analyzer page, you can view the resulting knowledge graph. The graph uses colors to illustrate the following information: 1. Yellow highlighted objects are the knowledge graph root node. 2. Observables that are deemed malicious are represented by red icons. 3. Clustered nodes are shown in blue with the number of nodes indicated next to the icon. 24 IBM Security
25 Observables: Data Used by QRadar Advisor Observables: a set of elements that are collected from an offense and sent by QRadar Advisor for Watson for local analysis and external research. Observable Type Source IP Destination IP File Hash Description External Source IPs that appear in an offense enforced by respecting the Network Hierarchy defined in QRadar External Destination IPs that appear in an offense enforced by respecting the Network Hierarchy defined in QRadar Hash value of a file that is deemed suspicious Core indicator Yes Yes Yes URL External URLs that appear in an offense Yes Domain User name AV Signature Destination Port User Agent External Domains that appear in an offense Aliases that may attempt to access critical internal infrastructure Malware signatures identified by antivirus solutions Destination Ports belonging to Destination IPs The user agent identified by a browser or HTTP application Yes Yes Yes No No Observable Type Description File Name Names of suspicious files No Source Port Source Ports belonging to Source IPs No Destination ASN Source ASN Destination Country Source Country Low Level Category High Level Category Autonomous System Number of a destination IP address (from a DNS) Autonomous System Number of a source IP address (from a DNS) Name of the destination country of outbound communications Name of source country of inbound communications Low level QRadar offense category High level QRadar offense category Direction Direction of communication No Address addresses associated with suspicious s Core indicator No No No No No No No 25 IBM Security
26 Tuning and install process Study your data sources Ensure L2R, R2L, file hashes are there, and parsed out using QRadar custom props If your data is all L2L system logs or internal facing HTTP server logs, Watson won t help as much, consider adding additional log sources to get better visibility as well as improve Watson results Install and Configure Advisor Include mapping custom properties from your environment in Advisor admin mapping process Iterate to see if additional tuning helps QRadar Admin needs to get feedback from Advisor end users Examine: Event payload for events in an Offense, any missed custom property Advisor could use? Incorrect Canonical type, Advisor data mining can fail Network hierarchy incorrect, Advisor data mining can miss important data 26 IBM Security
27 QRadar Advisor with Watson User Interface
28 QRadar Advisor User Interface and Key Insights (Version 1.3.0) Version Added quota indicators to Watson Insights that show the percentage of daily investigations available. 2. Moved reputation and category nodes from the graph display to the property details of the related node. 3. Enhanced performance and speed for displaying graphs. 4. Fixed an issue that caused the graph to resize frequently. 5. Fixed an issue that caused disconnected nodes on the Stage 2 graph. 28 IBM Security
29 QRadar Advisor User Interface and Key Insights (Stage 1) 29 IBM Security
30 QRadar Advisor User Interface and Key Insights (Stage 2) 30 IBM Security
31 Getting Help
32 dwanswers Getting Help for QRadar Advisor with Watson URL: Resolves to: NOTE: If you do not use a URL, your search tag in the forums is: qradar-watson. 32 IBM Security
33 Questions?
34 THANK YOU FOLLOW US ON: QRadar Forums: securityintelligence.com xforce.ibmcloud.com Copyright IBM Corporation All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
Let s Talk About Threat Intelligence
Let s Talk About Threat Intelligence IBM SECURITY SUPPORT OPEN MIC #20 Slides and additional dial in numbers: http://ibm.biz/openmic20 January 26, 2017 NOTICE: BY PARTICIPATING IN THIS CALL, YOU GIVE YOUR
More informationIBM Security Support Open Mic
IBM Security Support Open Mic LET S TALK ABOUT QRADAR 7.2.8 FEATURES Connect to WebEx Audio by selecting an option in the Audio Connection dialog or by accessing the Communicate > Audio Connection menu
More informationQRadar Feature Discussion IBM SECURITY SUPPORT OPEN MIC
QRadar 7.2.7 Feature Discussion IBM SECURITY SUPPORT OPEN MIC Reminder: You must dial-in to the phone conference to listen to the panelists. The web cast does not include audio. USA toll-free: 866-803-2141
More informationQRadar Open Mic: Custom Properties
November 29, 2017 QRadar Open Mic: Custom Properties IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection
More informationMay the (IBM) X-Force Be With You
Ann Arbor, Michigan July 23-25 May the (IBM) X-Force Be With You A QUICK PEEK INTO ONE OF THE MOST RENOWNED SECURITY TEAMS IN THE WORLD Marlon Machado Worldwide Standardization Leader, Application Security
More informationIntegrated, Intelligence driven Cyber Threat Hunting
Integrated, Intelligence driven Cyber Threat Hunting THREAT INVESTIGATION AND RESPONSE PLATFORM Zsolt Kocsis IBM Security Technical Executive, CEE zsolt.kocsis@hu.ibm.com 6th Nov 2018 Build an integrated
More informationIBM Threat Protection System: XGS - QRadar Integration
IBM Security Network Protection Support Open Mic - Wednesday, 25 May 2016 IBM Threat Protection System: XGS - QRadar Integration Panelists Tanmay Shah - Presenter Level 2 Support Product Lead Danitza Villaran-Rokovich,
More informationIBM Security Network Protection Open Mic - Thursday, 31 March 2016
IBM Security Network Protection Open Mic - Thursday, 31 March 2016 Application Control and IP Reputation on the XGS Demystified Panelists Tanmay Shah, Presenter IPS/Network Protection Product Lead Bill
More informationHow AppScan explores applications with ABE and RBE
How AppScan explores applications with ABE and RBE IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection
More informationWhat's new in AppScan Standard/Enterprise/Source version
What's new in AppScan Standard/Enterprise/Source version 9.0.3.4 support Open Mic Reminder: You must dial-in to the phone conference to listen to the panelists. The web cast does not include audio. USA
More informationIBM Security Network Protection
IBM Security Network Protection XGS 5.3.3 firmware release Features and Enhancements IBM SECURITY SUPPORT OPEN MIC Reminder: You must dial-in to the phone conference to listen to the panelists. The web
More informationDeploying BigFix Patches for Red Hat
Deploying BigFix Patches for Red Hat IBM SECURITY SUPPORT OPEN MIC Reminder: You must dial-in to the phone conference to listen to the panelists. The web cast does not include audio. USA toll-free: 866-803-2141
More informationSecuring global enterprise with innovation
IBM Cybersecurity Securing global enterprise with innovation Shamla Naidoo VP, IBM Global CISO August 2018 Topics 01 02 03 Securing Large Complex Enterprise Accelerating With Artificial Intelligence And
More informationAnalyzing Hardware Inventory report and hardware scan files
Analyzing Hardware Inventory report and hardware scan files IBM LICENSE METRIC TOOL AND BIGFIX INVENTORY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by
More informationIBM Security Identity Manager New Features in 6.0 and 7.0
IBM Security Identity Manager New Features in 6.0 and 7.0 IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection
More informationBigFix Query Unleashed!
BigFix Query Unleashed! Lee Wei IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by accessing the Communicate > Audio Connection menu option. To
More informationIntroduction to IBM Security Network Protection Manager
Introduction to IBM Security Network Protection Manager IBM SECURITY SUPPORT OPEN MIC Slides are at: https://ibm.biz/bdscvz NOTICE: BY PARTICIPATING IN THIS CALL, YOU GIVE YOUR IRREVOCABLE CONSENT TO IBM
More informationLet s talk about QRadar 7.2.5
QRadar Open Mic Webcast #9 June 10, 2015 Let s talk about QRadar 7.2.5 Panelists Dwight Spencer Principal Solutions Architect & Co-founder of Q1 Labs Adam Frank Principal Solutions Architect Jeremy Mathews
More informationHTTP Transformation Rules with IBM Security Access Manager
HTTP Transformation Rules with IBM Security Access Manager IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection
More informationWhat's new in AppScan Standard version
What's new in AppScan Standard version 9.0.3.5 IBM Audio Security Connection support dialog by Open access Mic the Slides and more information: http://www.ibm.com/support/docview.wss?uid=swg27049311 February
More informationUsing Buffer Usage Monitor Report & Sniffer must_gather for troubleshooting
Using Buffer Usage Monitor Report & Sniffer must_gather for troubleshooting IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate
More informationCybersecurity. You have been breached; What Happens Next THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY
Cybersecurity THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY Gary Meshell World Wide Leader Financial Services Industry IBM Security March 21 2019 You have been breached; What Happens Next 2 IBM Security
More informationThreat Intelligence to enhance Cyber Resiliency KEVIN ALBANO GLOBAL THREAT INTELLIGENCE LEAD IBM X-FORCE INCIDENT RESPONSE AND INTELLIGENCE SERVICES
Threat Intelligence to enhance Cyber Resiliency KEVIN ALBANO GLOBAL THREAT INTELLIGENCE LEAD IBM X-FORCE INCIDENT RESPONSE AND INTELLIGENCE SERVICES Agenda Welcome Threat Intelligence EcoSystem Cyber Resiliency
More informationBe effective in protecting against the cybercrime
Be effective in protecting against the cybercrime INTEGRATED SECURITY FOR A NEW ERA Domenico Raguseo Domenico Scardicchio Luca Bizzotto Simone Riccetti Technical Sales Manager, Europe Software Procdut
More informationIBM Security Access Manager Single Sign-on with Federation
IBM Security Access Manager Single Sign-on with Federation IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection
More informationXGS: Making use of Logs and Captures
IBM Security Network Protection XGS Open Mic webcast #6 June 24, 2015 XGS: Making use of Logs and Captures Panelists Bill Klauke (Presenter) Product Lead L2 Support Maxime Turlot Product Lead L2 Support
More informationIBM Security QRadar SIEM Version Getting Started Guide
IBM Security QRadar SIEM Version 7.2.0 Getting Started Guide Note: Before using this information and the product that it supports, read the information in Notices and Trademarks on page 35. Copyright IBM
More informationRemote Syslog Shipping IBM Security Guardium
Remote Syslog Shipping IBM Security Guardium IBM Security support Open Mic To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection menu
More informationConfiguring your policy to prevent appliance problems
Configuring your policy to prevent appliance problems IBM Security Guardium IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate
More informationIBM Security Guardium: : Sniffer restart & High CPU correlation alerts
IBM Security Guardium: : Sniffer restart & High CPU correlation alerts IBM SECURITY SUPPORT OPEN MIC, presented by Lisette Contreras, Guardium Support To hear the WebEx audio, select an option in the Audio
More informationMSS VSOC Portal Single Sign-On Using IBM id IBM Corporation
MSS VSOC Portal Single Sign-On Using IBM id Changes to VSOC Portal Sign In Page Users can continue to use the existing Client Sign In on the left and enter their existing Portal username and password.
More informationXGS Administration - Post Deployment Tasks
IBM Security Network Protection Support Open Mic - 18 November 2015 XGS Administration - Post Deployment Tasks Panelists Tanmay Shah XGS Product Lead, L2 Support (Presenter) Thomas Gray L2 Support Manager
More informationIBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT
IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT NOTICE Clients are responsible for ensuring their own compliance with various laws and regulations, including the
More informationSecurity Support Open Mic: ISNP High Availability and Bypass
Panelists Ed Leisure Knowledge Engineer, Presenter Andrew Sallaway SWAT Consultant Kenji Hamahata L2 Engineer (Japan) Maxime Turlot Product Lead Arthur Testa Product Lead Jeff Dicostanzo Advanced Value
More informationMore on relevance checks in ILMT and BFI
More on relevance checks in ILMT and BFI IBM LICENSE METRIC TOOL AND BIGFIX INVENTORY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by accessing the Communicate
More informationUnderstanding scan coverage in AppScan Standard
IBM Security AppScan Standard Open Mic Webcast January 27, 2015 Understanding scan coverage in AppScan Standard Panelists Shahar Sperling Software Architect at Application Security AppScan Tal Rabinovitch
More informationJunction SSL Debugging With Wireshark
Junction SSL Debugging With Wireshark IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection menu option.
More informationThe New Era of Cognitive Security
The New Era of Cognitive Security IBM WATSON SUMMIT KANOKSAK RATCHAPAT Senior Technical Sales 1 Today s security challenges ACTORS TARGETS VECTORS REALITY Organized Crime Healthcare Ransomware Cloud, mobile,
More informationXGS & QRadar Integration
IBM Security Support Open Mic - January 28, 2015 XGS & QRadar Integration Advanced Threat Protection Integration Options Panelists Wes Davis Advanced Threat Support Group Engineer (Presenter) Thomas Gray
More informationIBM BigFix Relays Part 1
IBM BigFix Relays Part 1 IBM SECURITY SUPPORT OPEN MIC November 19, 2015 Revised March 2, 2018 NOTICE: BY PARTICIPATING IN THIS CALL, YOU GIVE YOUR IRREVOCABLE CONSENT TO IBM TO RECORD ANY STATEMENTS THAT
More informationISAM Advanced Access Control
ISAM Advanced Access Control CONFIGURING TIME-BASED ONE TIME PASSWORD Nicholas J. Hasten ISAM L2 Support Tuesday, November 1, 2016 One Time Password OTP is a password that is valid for only one login session
More informationIBM Security QRadar Version Architecture and Deployment Guide IBM
IBM Security QRadar Version 7.3.1 Architecture and Deployment Guide IBM Note Before you use this information and the product that it supports, read the information in Notices on page 41. Product information
More informationInterpreting relevance conditions in commonly used ILMT/BFI fixlets
Interpreting relevance conditions in commonly used ILMT/BFI fixlets IBM LICENSE METRIC TOOL AND BIGFIX INVENTORY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog
More informationFabrizio Patriarca. Come creare valore dalla GDPR
Fabrizio Patriarca Come creare valore dalla GDPR Disclaimer Notice: Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data
More informationIBM Security. Endpoint Manager- BigFix. Daniel Joksch Security Sales IBM Corporation
IBM Security Endpoint Manager- BigFix Daniel Joksch Security Sales Establish security as an immune system Malware protection Incident and threat management Identity management Device management Data monitoring
More informationIBM BigFix Client Reporting: Process, Configuration, and Troubleshooting
IBM BigFix Client Reporting: Process, Configuration, and Troubleshooting IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate
More informationConfiguring zsecure To Send Data to QRadar
Configuring zsecure To Send Data to QRadar CONFIGURATION, SETUP, AND EXAMPLES Reminder: You must dial-in to the phone conference to listen to the panelists. The web cast does not include audio. USA toll-free:
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationLet's talk about QRadar Apps: Development & Troubleshooting IBM SECURITY SUPPORT OPEN MIC
Let's talk about QRadar Apps: Development & Troubleshooting IBM SECURITY SUPPORT OPEN MIC Slides and additional dial in numbers: http://ibm.biz/joinqradaropenmic August 23, 2017 NOTICE: BY PARTICIPATING
More informationIBM Security Network Protection Solutions
Systems IBM Security IBM Security Network Protection Solutions Pre-emptive protection to keep you Ahead of the Threat Tanmay Shah Product Lead Network Protection Appliances IBM Security Systems 1 IBM Security
More informationHow to Secure Your Cloud with...a Cloud?
A New Era of Thinking How to Secure Your Cloud with...a Cloud? Eitan Worcel Offering Manager - Application Security on Cloud IBM Security 1 2016 IBM Corporation 1 A New Era of Thinking Agenda IBM Cloud
More informationIBM Security Access Manager v8.x Kerberos Part 2
IBM Security Access Manager open mic webcast - Oct 27, 2015 IBM Security Access Manager v8.x Kerberos Part 2 Kerberos Single Sign On using Constrained Delegation Panelists Gianluca Gargaro L2 Support Engineer
More informationThe McGill University Health Centre (MUHC)
The McGill University Health Centre (MUHC) Strengthening its security posture with in- depth global intelligence Overview The need MUHC security staff wanted to more quickly identify and assess potential
More informationManaged Security Services - Endpoint Managed Security on Cloud
Services Description Managed Security Services - Endpoint Managed Security on Cloud The services described herein are governed by the terms and conditions of the agreement specified in the Order Document
More informationLe sfide di oggi, l evoluzione e le nuove opportunità: il punto di vista e la strategia IBM per la Sicurezza
Le sfide di oggi, l evoluzione e le nuove opportunità: il punto di vista e la strategia IBM per la Sicurezza Giulia Caliari IT Architect, IBM Security #IBMSecurity Attackers break through conventional
More informationNotice on Names and Logos Used in This Presentation
Notice on Names and Logos Used in This Presentation NON-IBM PRODUCT AND SERVICE NAMES, LOGOS, AND BRANDS ARE PROPERTY OF THEIR RESPECTIVE OWNERS. ALL COMPANY, PRODUCT AND SERVICE NAMES USED IN THIS WEBSITE
More informationDeep Security Integration with Sumo Logic
A Trend Micro White Paper I May 2016 Install, Integrate and Analyze» This paper is aimed at information security and solution architects looking to integrate the Trend Micro Deep Security with Sumo Logic.
More informationIBM Guardium Data Encryption
IBM Guardium Data Encryption RELEASE TAXONOMY FOR LINUX/AIX/WINDOWS 10-October-2018 GDE Taxonomy Version V.0.0.0 Major V.R.0.0 Mod V.R.M.0 SSE V.R.M.F Fixpack V.R.M.F Cadence 36-48 Months 12-15 Months
More informationISAM Federation STANDARDS AND MAPPINGS. Gabriel Bell IBM Security L2 Support Jack Yarborough IBM Security L2 Support.
ISAM Federation STANDARDS AND MAPPINGS Gabriel Bell IBM Security L2 Support Jack Yarborough IBM Security L2 Support July 19, 2017 Agenda ISAM Federation Introduction Standards and Protocols Attribute Sources
More informationMcAfee Network Security Platform Administration Course
McAfee Network Security Platform Administration Course Education Services administration course The McAfee Network Security Platform Administration course from McAfee Education Services is an essential
More informationJuniper Secure Analytics Patch Release Notes
Juniper Secure Analytics Patch Release Notes 2014.8 January 2018 2014.8.r12.20171213225424 patch resolves several known issues in Juniper Secure Analytics (JSA). Contents Installing 2014.8.r12 Patch.............................................
More informationIBM Security Access Manager What s in the box : InfoMap Authentication Mechanism IBM SECURITY SUPPORT OPEN MIC. 13 Dec 2017
IBM Security Access Manager What s in the box : InfoMap Authentication Mechanism IBM SECURITY SUPPORT OPEN MIC 13 Dec 2017 IBM Security Learning Academy www.securitylearningacademy.com New content published
More informationSecurity Support Open Mic Build Your Own POC Setup
IBM Security Access Manager 08/25/2015 Security Support Open Mic Build Your Own POC Setup Panelists Reagan Knowles Level II Engineer Nick Lloyd Level II Support Engineer Kathy Hansen Level II Support Manager
More informationIBM Security QRadar SIEM Version Getting Started Guide IBM
IBM Security QRadar SIEM Version 7.3.1 Getting Started Guide IBM Note Before you use this information and the product that it supports, read the information in Notices on page 21. Product information This
More informationIBM MaaS360 Kiosk Mode Settings
IBM MaaS360 Kiosk Mode Settings Configuration Settings for Kiosk Mode Operation IBM Security September 2017 Android Kiosk Mode IBM MaaS360 provides a range of Android device management including Samsung
More informationIBM Security Network Protection v Enhancements
IBM Security Network Protection v5.3.3.1 Enhancements IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationIBM Security QRadar SIEM V7.2.7 Deployment
IBM Security QRadar SIEM V7.2.7 Deployment Dumps Available Here at: /ibm-exam/c2150-614-dumps.html Enrolling now you will get access to 60 questions in a unique set of C2150-614 dumps Question 1 A client
More informationSymantec & Blue Coat Technical Update Webinar 29. Juni 2017
Avantec Blue Coat/Symantec Webinar Jean Marc Edder Senior Systems Engineer The Global Leader in Cyber Network + + Cloud Global market leader in Endpoint, Email, Data Loss Prevention and Website, User Authentication
More informationDisk Space Management of ISAM Appliance
IBM Security Access Manager Tuesday, 5/3/16 Disk Space Management of ISAM Appliance Panelists David Shen Level 2 Support Engineer Steve Hughes Level 2 Support Engineer Nicholas Hasten Level 2 Support Engineer
More informationPCI DSS v3.2 Mapping 1.4. Kaspersky Endpoint Security. Kaspersky Enterprise Cybersecurity
Kaspersky Enterprise Cybersecurity Kaspersky Endpoint Security v3.2 Mapping 3.2 regulates many technical security requirements and settings for systems operating with credit card data. Sub-points 1.4,
More informationBigFix 101- Server Pricing
BigFix 101- Server Pricing Licensing in a Nutshell BigFix is included with AIX Enterprise Edition (AIX EE). If you have AIX EE on a system, all the cores on that system are covered and any LPAR running
More informationPredators are lurking in the Dark Web - is your network vulnerable?
Predators are lurking in the Dark Web - is your network vulnerable? Venkatesh Sadayappan (Venky) Security Portfolio Marketing Leader IBM Security - Central & Eastern Europe Venky.iss@cz.ibm.com @IBMSecurityCEE
More informationCisco ISE pxgrid App 1.0 for IBM QRadar SIEM. Author: John Eppich
Cisco ISE pxgrid App 1.0 for IBM QRadar SIEM Author: John Eppich Table of Contents About This Document... 4 Solution Overview... 5 Technical Details... 6 Cisco ISE pxgrid Installation... 7 Generating the
More informationHow to properly deploy, configure and upgrade the NAB
Panelists Jeff DiCostanzo, Presenter AVP Team Lead Bill Klauke - Level 2 Product Lead Maxime Turlot - Level 2 Product Lead Ryan Andersen - Level 2 Senior Engineer Edward A Romero - Level 3 Network Security
More informationIBM QRadar User Behavior Analytics (UBA) app Version 2 Release 7. User Guide IBM
IBM QRadar User Behavior Analytics (UBA) app Version 2 Release 7 User Guide IBM Note Before you use this information and the product that it supports, read the information in Notices on page 149. Product
More informationJuniper Sky Advanced Threat Prevention
Juniper Sky Advanced Threat Prevention Product Overview Juniper Sky Advanced Threat Prevention is a cloud-based service that provides complete advanced malware protection. Integrated with SRX Series Services
More informationModern Realities of Securing Active Directory & the Need for AI
Modern Realities of Securing Active Directory & the Need for AI Our Mission: Hacking Anything to Secure Everything 7 Feb 2019 Presenters: Dustin Heywood (EvilMog), Senior Managing Consultant, X-Force Red
More informationIBM QRadar User Behavior Analytics (UBA) app Version 2 Release 5. User Guide IBM
IBM QRadar User Behavior Analytics (UBA) app Version 2 Release 5 User Guide IBM Note Before you use this information and the product that it supports, read the information in Notices on page 111. Product
More informationIBM Security Access Manager v8.x Kerberos Part 1 Desktop Single Sign-on Solutions
IBM Security Access Manager open mic webcast July 14, 2015 IBM Security Access Manager v8.x Kerberos Part 1 Desktop Single Sign-on Solutions Panelists Gianluca Gargaro L2 Support Engineer Darren Pond L2
More informationIBM Cloud Lessons Learned: VMware Cloud Foundation on IBM Cloud VMworld 2017 We are a cognitive solutions and cloud platform company that leverages th
LHC3384BUS Lessons Learned: VMware Cloud Foundation on IBM Cloud VMworld 2017 Content: Not for publication #VMworld #LHC3384BUS IBM Cloud Lessons Learned: VMware Cloud Foundation on IBM Cloud VMworld 2017
More informationSWD & SSA Updates 2018
SWD & SSA Updates 2018 Stephen Hull STSM, BigFix Development 04/09/2018 Latest SWD & SSA features What s shiny and new? SWD Support multiple tasks for a software pkg Install, Update, Uninstall, etc Export/Import
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationJoe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office
More informationMcAfee Network Security Platform 8.3
8.3.7.86-8.3.7.56 Manager-Virtual IPS Release Notes McAfee Network Security Platform 8.3 Revision C Contents About this release New features Enhancements Resolved issues Installation instructions Known
More informationIncident Play Book: Phishing
Incident Play Book: Phishing Issue: 1.0 Issue Date: September 12, 2017 Copyright 2017 Independent Electricity System Operator. Some Rights Reserved. The following work is licensed under the Creative Commons
More informationCIS Controls Measures and Metrics for Version 7
Level One Level Two Level Three Level Four Level Five Level Six 1.1 Utilize an Active Discovery Tool Utilize an active discovery tool to identify devices connected to the organization's network and update
More informationIBM Security Guardium: Troubleshooting No Traffic Issues
IBM Security Guardium: Troubleshooting No Traffic Issues IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection
More informationCisco & IBM Security SECURING THE THREATS OF TOMORROW, TODAY, TOGETHER
Cisco & IBM Security SECURING THE THREATS OF TOMORROW, TODAY, TOGETHER Nicky Choo Head, Routes to Market & Business Partners, Asia Pacific, IBM Security & Cloud Jul 2018 Disconnected security capabilities
More informationCIS Controls Measures and Metrics for Version 7
Level 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.3 Use DHCP Logging to Update Asset Inventory 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information
More informationMcAfee MVISION Cloud. Data Security for the Cloud Era
McAfee MVISION Cloud Data Security for the Cloud Era McAfee MVISION Cloud protects data where it lives today, with a solution that was built natively in the cloud, for the cloud. It s cloud-native data
More informationJUNIPER SKY ADVANCED THREAT PREVENTION
Data Sheet JUNIPER SKY ADVANCED THREAT PREVENTION Product Overview Juniper Sky Advanced Threat Prevention is a cloud-based service that provides complete advanced malware protection. Integrated with SRX
More informationIBM BigFix Relays Part 2
IBM BigFix Relays Part 2 IBM SECURITY SUPPORT OPEN MIC December 17, 2015 NOTICE: BY PARTICIPATING IN THIS CALL, YOU GIVE YOUR IRREVOCABLE CONSENT TO IBM TO RECORD ANY STATEMENTS THAT YOU MAY MAKE DURING
More informationSecurity Support Open Mic Client Certificate Authentication
IBM Security Access Manager, Tuesday, December 8, 2015 Security Support Open Mic Client Certificate Authentication Panelists Jack Yarborough ISAM Level II Nick Lloyd ISAM Level II Scott Stough ISAM Level
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationDetect Cyber Threats with Securonix Proxy Traffic Analyzer
Detect Cyber Threats with Securonix Proxy Traffic Analyzer Introduction Many organizations encounter an extremely high volume of proxy data on a daily basis. The volume of proxy data can range from 100
More informationBehavioral Analytics A Closer Look
SESSION ID: GPS2-F03 Behavioral Analytics A Closer Look Mike Huckaby VP, Global Systems Engineering RSA The world is full of obvious things which nobody by any chance ever observes. Sherlock Holmes 2 Patterns
More informationWITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE Protecting your business assets and sensitive data requires regular vulnerability assessment,
More informationProduct Guide Revision B. McAfee Cloud Workload Security 5.0.0
Product Guide Revision B McAfee Cloud Workload Security 5.0.0 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee
More informationSOLUTION MANAGEMENT GROUP
InterScan Messaging Security Virtual Appliance 8.0 Reviewer s Guide February 2011 Trend Micro, Inc. 10101 N. De Anza Blvd. Cupertino, CA 95014 T 800.228.5651 / 408.257.1500 F 408.257.2003 www.trendmicro.com
More information