IBM Qradar Log Manager

How many logs does your system create every day? How do you search and monitor each and every one? It’s impossible to do manually, but with IBM Security QRadar Log Manager, you can process large volumes of data from tons of different sources quickly and efficiently. QRadar Log Manager provides a solid, straightforward foundation for your team through a highly intuitive, centralized user interface. It comes with a default dashboard ready to go, or you can easily customize it to fit your exact needs.

Log Manager is very easy to install and use. You’ll be able to view and manage your events in no time at all. Your default dashboard will allow you to view your events in near real time, or search for specific ones that have already occurred. You can specify your search by picking a certain period of time, searching a log source, searching a source ip or by choosing many other search options. You can easily create rules as well to assist with your log processing. You can use some of the 2,000 prepopulated rules or create your own. You’ll be happy to know that creating rules are also a breeze since you won’t be needing a special language to do so, you just type what you want in plain English and VOILA! You can also customize your dashboard to meet your specific needs as well. Default dashboards are available by function and users can create and customize their own work spaces to monitor specific activities and drill down to a time series view for long-term trending of data. This makes it easier to identify anomalies or possible threats to the organization.

● Generate actionable IT forensics by aggregating and correlating a diverse set of logs and events

●Capture event data from security and network devices, servers, endpoints and applications within a federated repository with a single global view

●Easily perform forensics, application and network troubleshooting across normalized data for simplified searching

●Scale to support hundreds of thousands of events per second, per system

●Help exceed regulatory mandates with rich compliance-reporting capabilities

●Preserve investments by enabling the addition of integrated security information and event management (SIEM) technology

●IBM Security QRadar Log Manager can also help you meet compliance monitoring and reporting requirements.

IBM Security QRadar Log Manager:

  • Captures and processes large volumes of event data from thousands of sources in near real time to provide visibility into developing threats and helps meet continuous compliance-monitoring requirements.
  • Provides rich compliance-reporting capabilities to help meet or exceed regulatory requirements.
  • Scales to support hundreds of thousands of events per second within a single unified database in near real time.
  • Installs in Cloud environments to deliver log management functionality.
  • Offers high-availability and disaster-recovery options to help maintain uninterrupted log source data collection and storage.

Want to learn more about Qradar’s Log Manager? Check out IBM’s case study here !

As always if you have any questions or comments please feel free to email us at sales@metrotsg.com!

IBM’s QRadar Incident Forensics

So what do you do when you actually HAVE a security breach? It’s not one of those things that just might happen, businesses experiences multiple attacks each day – how do you handle these? How do you find out how they got into your system in the first place? How do you track their movements and prevent it from happening again? How LONG does it take your team to complete all these actions? With IBM’s Qradar Incident Forensics you will be able to quickly identify and stop network breaches before they cause real damage. Not only that, but this tool will also help reduce the time spent dealing with each incident.

IBM’s Qradar Incident Forensics is able to raw network data related to the each incident that occurs so that you and your team can form a greater understanding of the event ie: Figure out exactly what happened, when it happened, why it happened, and how to prevent a similar attach from happening in the future. Adding an intelligent analytics tool to your IT Security strategy will greatly reduce your team’s time spent manually looking through all the data. Freeing up their time and expertise to be used elsewhere.

Ever wonder exactly what’s behind a cyber attack? Click here to read IBM’s whitepaper to help you gain insight into what, when and how an enterprise security incident occurs.

IBM QRadar SIEM

Qradar’s SIEM (security information and event management) can help you reduce thousands of security events into a manageable list. It will consolidate your log source event data from thousands of endpoints and applications throughout your network into a common database and shared user interface.  Our networks are larger than and more complex than ever before , how big is your security team? How big would you like to be ? With QRadar’s SIEM you don’t need a 10 person team to get things done. With the consolidation and easy to use interface, you can monitor, detect, track and manage your environment all from your intuitive dashboard. This dashboard is shared across all QRadar family components which will help your IT personnel quickly identify and remediate network attacks by rank, ordering hundreds of alerts and patterns of anomalous activity into a drastically reduced number of offenses warranting further investigation.

QRadar SIEM has the ability to consolidate and store thousands of events across your network and then perform immediate correlation activities to distinguish the real threats from false positives.  This tool is

IBM Security QRadar SIEM:

  • Provides near real-time visibility for threat detection and prioritization, delivering surveillance throughout the entire IT infrastructure.
  • Reduces and prioritizes alerts to focus investigations on an actionable list of suspected incidents.
  • Enables more effective threat management while producing detailed data access and user activity reports.
  • Delivers security intelligence in cloud environments.
  • Produces detailed data access and user activity reports to help manage compliance.
  • Offers multi-tenancy and a master console to help Managed Service Providers provide security intelligence solutions in a cost-effective manner.

An amazing option along with Qradar SIEM is access to IBM’s X Force.
IBM X-Force Research and Development is one of the most renowned commercial security research and development teams in the world. These security professionals monitor and analyze issues from many different sources, including its database of more than 88,000 computer security vulnerabilities, its global web crawler with over 25 Billion cataloged web pages and urls, international spam collections and millions of malware collected daily. The X Force team helps customers stay ahead of emerging threats by updating them with the latest security risks, informing them how to protect themselves, and publishing their findings on their blog, quarterly report and also on the X Force Exchange. Check them out in more detail here:

Want to learn more? Click here and download 2015 Q4 X Force Threat Intelligence Quarterly report.

 

Security Series

In the past I’ve discussed IBM’s Qradar and its ability to provide a unified architecture for integrating security information and event management (SIEM) but I never addressed each module of the QRadar Platform individually to give you an idea of its seamless security coverage. With all the security threats in today’s connected world, businesses have to be prepared for everything and anything. We have to be prepared to detect threats BEFORE they occur, and this can only be done when you are able to view and analyze all of your data. Whether its network, application, database or user data, with Qradar you will be able to view each and every bit of it to ensure your environment remains safe.

So in this blog series, I will go over each portion of Qradar and exactly how each “piece” contributes to the overall security “pie”. This will include

-Security information and event management (SIEM)

– Incident Forensics

– Log Manager

– QFlow Collector

– Risk Manager

–  V Flow Collector

– Vulnerability Manager

– Data Node and zSecure Adapters

 

Print

At the end of this series you will be able to determine exactly what modules make sense for your specific environment and how Qradar can drastically improve your workflow, decrease overall cost of ownership, improve detection of threats, and of course remain easy to use.

Data Management with IBM Cloud

Are you still trying to manage everything in house? Why? With reliable tech giants like IBM offering cloud services, you would be surprised how much is offered and the security that comes along with it. IBM has a vast portfolio of cloud services, from managing your data in the cloud, to actually hosting an entire database, IBM can do it all. Many of our customers have tons of data, so much data that they aren’t able to pull any value from it. Why not use IBM’s analytics in the cloud to transform all the data into a valuable resource and also make that information accessible across the entire enterprise?

IBM’s Data and Analytics Services can vary from Self-service: IBM DB2, Redis, MongoDB, PostgreSQL and Elasticsearch to Full Service: Cloudant NoSQL DB, Time Series database, SQl Database, Analytics for Apache Hadoop, Dataworks, dashDB, BigInsights for Apache Hadoop, Geospatial Analytics, Predictive Analytics, IBM Insights for Twitter, Apache Spark and Streaming Analytics.

To help you figure out which Data and Analytics Services are the best fit for your need, click here.

Would you like to learn more about each service? Email us at sales@metrotsg.com and we would be happy to schedule an overview and assist you in selecting the best service for your needs.

How Watson can help your hospital from drowning in data

I’ve spoken about IBM’s Watson multiple times. Mostly because I am astonished each and every day at how ground breaking this technology is, and also because this is only the beginning. IBM Watson Health is able to apply the advanced capabilities of Watson’s cognitive system to stream line tasks to help doctors not only come up with treatment plans faster, but eventually will even find better plans than that of which a group of doctors would’ve suggested.

When an individual is diagnosed with a disease such as cancer, a personalized care plan is developed for their specific case. Each case of cancer is different so these plans take time to create, and I’m not talking about 15 minutes. Each single patient’s genome represents more than 100 gb of data, and doctors have to go through  that data along with electronic medical records, journal studies and clinical trial information. This can take weeks and in “cancer time” that’s just too long.

The goal is for organizations such as University of North Carolina’s Lineberger Comprehensive Cancer Center to be able to implement Watson’s cognitive system allowing doctors to analyze, interpret and also suggest evidence- based treatment plans… in minutes rather than weeks.

Can you imagine how ground breaking this will be? Watson technology is available today and if you haven’t checked it out yet, I urge you to do so.

Watson is the type of technology that tomorrow is made of, its game changing and you can become a part of that today.

Questions? Comments? Email us sales@metrotsg.com

Accelerate your Storage Environment with IBM’s V9000

How’s your storage system? Does it leave much to be desired? Does it exceed your performance expectations? Then take a look at the new IBM V9000. It’s a comprehensive all flash enterprise storage solution that offers cutting edge features all at the speed of Flash. IBM Flashsystem V9000 performs better, costs less and integrates more easily than any other enterprise storage system.  With the V9000 you can easily tailor your storage solution to fit your unique application workloads, gain economical advantages of virtualized flash for less than the cost of disk and also accelerate your time to value with its agile integration capabilities.

Why the V9000?

  • Accelerate critical applications with the scalable performance of IBM FlashCore technology
  • Deploy all-flash storage for less than the cost of hard-disk drives (HDDs) with IBM Real-time Compression.
  • Harness the power of data using storage virtualization powered by the ultra-low response times of IBM MicroLatency.
  • Accelerate time to value with agile, easy-to-implement, fully-integrated system.
  • Protect your data with a full suite of disaster-recovery tools including snapshots, clones and replication.
  • Achieve advanced virtualization, provisioning and performance management with IBM Virtual Storage Center.

Want to learn more? Download the datasheet and contact us today! sales@metrotsg.com

What makes Lenovo servers different?

Since IBM System X was purchased by Lenovo – clients have been asking just exactly what differentiates Lenovo from all the other server manufactures and why they should move forward with their products.

Well, we’ve discovered that working with Lenovo has a ton of benefits. First of all, their cost is a nice surprise, along with their impeccable customer service and large product base. They are efficient and innovative with leadership in both power and cooling design and have been voted #1 in both Security ( Trusted Platform Assurance) and Reliability (#1 reliability of all x86 servers per ITIC survey). Lenovo also possesses industry leading security features and practices that secures the hardware and firmware, creating a solid foundation for your workloads and also protects both the system and management subsystem from potential attacks with their Trusted Platform Module 2.0 .

Lenovo’s server line also has a bunch of other advantages over x86 competitors such as Dell. For instance, they offer 20% more storage than Dell, more memory and more I/O for faster performance.

Read the full report on how Lenovo beat out top competitors Dell and HP on customer satisfaction here and also Check out their line up below!

Our first priority at Metrotech is to fit our clients with the perfect product to fit their wants, needs, and budget and with a company like Lenovo, we can do just that. Questions? Comments? Email us sales@metrotsg.com

Security : How are you protecting your company?

Security is always important, but how many different products are protecting your data? How are you monitoring EVERYTHING? Better yet, how many people are monitoring your SIEM, log management, incident forensics, vulnerability management and anomaly detection programs? Do you have enough people to even think about deploying all of these important functions? With IBM QRadar, IBM wraps all these priceless products up into one and offer a greater ease of use by allowing you to manage it all under one system.

IBM QRadar Security Intelligence Platform products deliver:

  • A single architecture for analyzing log, flow, vulnerability, user and asset data.
  • Near real-time correlation and behavioral anomaly detection to identify high-risk threats.
  • High-priority incident detection among billions of data points.
  • Full visibility into network, application and user activity.
  • Automated regulatory compliance with collection, correlation and reporting capabilities.

Just take a look at IBM QRadar in action:

Right now we at Metrotech are also offering a free security assessment for all those interested in seeing exactly what is going currently occurring in their environment. Interested? Sign up today ! 

Splunk. What is it and why does your business NEED it?

Everyone is always talking about data and what they are doing to collect it in every way possible. From sensors and cameras to mobile apps, more data is being collected now than ever before. But how are you managing all that data?  For this you will need a product that offers Operational Intelligence and we’ve got just the thing. Splunk . There is no “one sentence” explanation for what Splunk is and all that it can offer. But what it started out as, was a sort of “Google for Logfiles.” Log processing is still at the product’s core, but its ability to look into machine data and find what others have never seen before is unprecedented. These insights can help make your company more productive, profitable, competitive and secure.

Splunk collects, indexes, and harnesses machine data generated by any IT system and infrastructure—whether it’s physical, virtual, or in the cloud.

Machine-generated data is one of the fastest growing and complex areas of big data. It’s also one of the most valuable, containing a definitive record of all user transactions, customer behavior, machine behavior, security threats, fraudulent activity and more. Splunk turns machine data into valuable insights no matter what business you’re in and that’s what we call operational intelligence. Operational intelligence gives you a real-time understanding of what’s happening across your IT systems and technology infrastructure so you can make informed decisions.

It allows you to :

  • Gain a deeper understanding using all relevant information, especially from machine data
  • Reveal important patterns and analytics by correlating events from many sources n Reduce the time to detect important events
  • Leverage live feeds and historical data to understand what is happening, identify anomalies, and make effective decisions
  • Quickly deploy a solution and deliver the flexibility needed now and in the future

What is the Need for Operational Intelligence? Operational intelligence emerged in response to the rising value—and amount—of machine-generated data. This value can be seen in a variety of arenas. Here are a few examples:

  • Transaction monitoring for online businesses providing 24×7 operations
  • Security monitoring to map and visualize modern threat patterns and strengthen security posture n Web activity data to improve understanding of customers, capacity, and digital asset usage
  • Service level monitoring information from managed service providers to fulfill agreements with the business
  • Call and event detail records to uncover more profitable services for communications
  • GPS and other data to enrich customer behavior information with location data

Most companies use a complex, layered mix of business applications, reporting and analysis tools, and methods of collaboration. But even after years of experience and refinement, most of us still have these unanswered questions:

  • Why can’t I see what is actually going on in our business right now?
  • Why does it take so long to answer questions about key business metrics?
  • Why is it so hard to handle exceptions when things go wrong?
  • Why can’t we capture and preserve knowledge about how to be more effective?

Splunk makes sense of machine data to support business goals. Contact us to see how we can help Splunk work for your business, today. kmartir@metrotsg.com