IBM QRadar Security Intelligence

The IBM QRadar Security Intelligence Platform is a comprehensive security analytics solution designed to
help organizations filter through the network noise to gain real-time, actionable insight into risks and
threats in their environment.
At the core of the solution is QRadar Security Information and Event Management (SIEM), which collects
vast amounts of network, asset, cloud and user data and applies a series of advanced analytics to identify

threats and uncover anomalies that may indicate an attack. The flexible platform can be deployed on-
premises, in a public cloud, or consumed as SaaS. Optional components can easily be added to extend

monitoring capabilities and address new use cases without making major infrastructure changes. Optional
components include:
QRadar User Behavior Analytics: seamlessly layers on top of QRadar SIEM to detect anomalous
user activities that may indicate an insider has turned malicious or had their credentials
compromised.
QRadar Advisor with Watson: uses AI to automate steps in the investigation process and
accelerate time-to-remediation by quickly uncovering the root cause and scope of a threat, as
well as providing insight into the threat actors, likely end goals, and related observables that may
be elsewhere in the environment.
• QRadar Risk Manager: Use QRadar Risk Manager to monitor device configurations, simulating
changes to your network environment, and prioritize risks and vulnerabilities in your network.
QRadar Vulnerability Manager: enriches the results of vulnerability scans by mapping
vulnerability data to assets and asset configuration information to help organizations prioritize
remediation efforts.
QRadar Network Insights: inspects network activity in real-time to detect attacks, such as
phishing schemes, lateral movement, and data exfiltration, and reconstructs session content to
provide insight into application-level activity and aid in forensic investigations.
QRadar Incident Forensic: retraces an attacker’s actions step-by-step using full packet capture
data, enabling analysts to more easily conduct in-depth forensic investigations.
QRadar Data Store: serves as a log data lake, normalizing and storing log data and enabling
security analysts to run advanced search queries and optionally use the QRadar SDK to develop
their own custom analytics.

 

IBM BigFix solution

The IBM BigFix solution comprises several application products that provide consolidated security and
operations management, simplified and streamlined endpoint management, while increasing accuracy
and productivity. Optional components can easily be added to extend capabilities and address new use
cases without making major changes. Optional components include:

 

IBM BigFix Patch: provides an automated, simplified patching process that is administered from
a single console. It provides real-time visibility and enforcement to deploy and manage patches
to endpoints—on and off the corporate network. Clients have reported seeing more than 98
percent first-pass patch success rates. The solution not only increases the effectiveness of the
patch process, but also cuts operational costs and reduces patch cycle times keeping your
endpoints secure.
IBM BigFix Inventory: can dramatically reduce the time required to conduct a comprehensive
software asset inventory for license reconciliation or compliance purposes. It provides valuable
insight into what the organization owns—and what it has installed but does not own—along with
how often the software is being used. It supports better planning, budgeting and vendor license
compliance, while mitigating security risk.

IBM BigFix Lifecycle: helps find and fix problems in minutes across all endpoints—fixed, mobile,
physical and virtual. Discover, secure and manage hundreds of thousands of endpoints on more
than 90 different OS versions within hours or minutes. In addition to ensuring that all of your
systems are patched and secure, you can automate OS Migrations, query endpoints in real-time
for the presence of malicious files, quickly install software, perform advanced automation or do
simple remote control with just a few clicks. BigFix Query accurately identifies and inspects
endpoints through a user-friendly web interface using simple, intuitive questions.
IBM BigFix Compliance: enforces continuous compliance with security policies throughout your
organization for every endpoint both on and off the corporate network. It includes out-of-the-box
support for most popular security benchmarks published by CIS, DISA STIG, USGCB and PCI-DSS.
An intelligent agent on every endpoint monitor, enforces and reports on the security
configuration status of the endpoints in real-time regardless of OS type or location. Any
compliance drifts are reported instantly and can be remediated quickly, to reduce the overall
security risks.