As the first step in delivering customized services, CarbonHelix uses QRadar to provide full visibility across a customer’s environment, no matter what technologies and platforms the customer uses. “We can deploy QRadar in any form or fashion—on-premises, in air-gapped environments, if we host it, if a customer hosts it, hardware, virtual, AWS, Azure, it doesn't matter. It can live anywhere,” says DeLozier. “And there's nothing that we have come across that we have not been able to integrate into QRadar, including homegrown and third-party applications.” That integration also includes platforms that are often challenging to integrate into security information and event management (SIEM) systems, such as the IBM AS/400 server, IBM AIX® operating system and mainframe systems common in the banking industry. “It’s a level of visibility that we can’t get with other SIEMs,” says DeLozier.
And to continually drive faster, more targeted threat detection and response, CarbonHelix applies the QRadar machine learning (ML) based user behavior analytics (UBA) and network threat analytics (NTA). “The machine learning is able to analyze activity patterns on a scale that no human analyst is capable of,” says DeLozier. “So, it’s really effective at detecting anomalies that the analysts can then decide how best to handle.” Further, by integrating UBA into the IBM QRadar SOAR component, CarbonHelix combines ML driven detection of risky user behavior with automated responses to quickly mitigate threats.
CarbonHelix has had particular success with NTA in the healthcare space, using the technology to support the proper functioning of medical devices and the security of medical data. IT and security teams for hospitals sometimes have zero visibility into devices on their network, but a single infected device can create broader problems that threaten patient care. DeLozier recalls an instance of an infected MRI machine. Normally, the machine would share data with only one desktop, but through ML analysis of flow data, the NTA app detected that the MRI machine had begun reaching out to many other devices in the hospital. Fortunately, the early detection enabled CarbonHelix and the hospital to shut the machine down and then implement a patch for the problem before the hospital suffered any damage.