IBM delivers state of the art SIEM Cyber-security solutions with Watson integration

Share this post:

During the 1st world war the generals understood that gathering data was crucial to winning the war. At that time their tools were runners, flashlights and dogs. The data was all about the enemy, where they attacked, where their troops were and what was the current state of troops and supplies. When under attack the general needed information more than ever and if being attacked on several fronts even more so. Information was a key deciding factor of the outcome of the war.

We are now engaged in a new kind of war where the enemy is invisible, there are no clearly defined fronts and the attacks can come from anyone and anywhere with a range of different weapons.

The generals of this war sit in a new kind of command control centre but are still gathering data to ensure the best defence and protection against attacks. This new control and command centre is called The SOC or SIOC, Security Operation Centre or Security Intelligence Operation Centre.

The heart of the SOC is a SIEM (Security Information and Event Management) and the current leading SIEM for many consecutive years is Qradar from IBM. With the IBM SIEM we can gather millions of events from our infrastructure security logs and thereby get a clear overview of what is going on. Qradar will automatically open an offence, this offence is based on a collation of information from the logs that have sent a message that something is wrong. Now the general can act and take the decision whether he has to fix the hole in the wall (patch management), close the gate (close the firewall and access to the system), or remove attacking troops within the walls (should he remove an attacking virus).

The general also has to work to understand what is false data or false positives. If we were to react to all alerts the volumes would be crippling and each SOC would have a huge personnel requirement so it is crucial that the alarms received are very real threats and not just false alarms. Many decisions have to be taking rapidly and without necessarily a complete set of data. These decisions can however have very grave impacts on business.

Both IBM and the other players in the security world have recognized that competence is maybe the greatest issue we have solving the world of Cybersecurity. IBM Qradar is a very powerful tool which provides users with all the necessary threat information to combat cyber attacks. Combined with IBMs resolution solutions such as X-force, Resilient (our emergency response tool) and Watson for Cybersecurity IBM is taking the war on cybercrime very seriously and delivering the markets’ first cognitive cyber solution.

Using QRadar Advisor with Watson investigations which could normally take several weeks are now completed in a matter of minutes. Also less skilled analysts are supported in understanding more complex issues.

In lots of ways things haven’t changed we are still building forts and castles to keep the enemy out and making attacks difficult. Attacks are relentless and we need to minimize both the damage and the recovery time in order to ultimately protect the business, the personal data and the of course the “crown jewels” of the company.

When is my business ready for SIEM and how can I get started.

Whenever we meet customers there is often the perception that a SIEM is not suitable, both the infrastructure and the people to run it are not in place and it will all most likely be very expensive. Whilst it can be complicated and yes you do need skills to successfully manage a SIEM solution yourself there are several options that can help you get started now. Not doing anything is no longer really an option something some companies have learnt to their detriment.

IBM delivers SIEM in the cloud and we can be up running in a short while with the support from IBM

IBM also has partners who can provide a SIEM/SOC solution and have you up and running in a matter of a few short weeks. This way you would have world class Cybersecurity personal at your disposal to support you in being both secure and compliant.

You can also implement your own SOC and IBM have a large team of software services personal or partners that can support you. We understand that this is more than a piece of software and we can ensure that we also deliver governance, risk and compliance consulting, systems integration and managed security services if needed.

If you have any questions, do not hesitate to contact me at NBA@dk.ibm.com.