SlideShare a Scribd company logo

Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting Today!

Download as PPTX, PDF
IBM Security
IBM Security

When your cyber security is under attack, knowing who is behind your threats and what their motives are can help you ensure those threats don't become a reality. But cyber threat actors conduct their threats through a variety of means and for a variety of reasons. That's why it is critical to analyze a variety of data sources and proactively hunt those threats that are lying in wait. This webinar will illustrate how the IBM i2 QRadar Offense Investigator app enables analysts to push event data from QRadar directly into IBM i2 Analyst's Notebook, where users can apply a variety of visual analysis techniques across a disparate data sources, to build a more comprehensive understand of those threats and hunt them.

Technology
1 of 25
Threat Hunting and i2 QRadar Offense Investigator Bob Stasio, CISSP July, 2017 Senior Product Manager, i2 Intelligence, IBM Security
2 IBM Security • Military intelligence, counter terrorism fusion analysis, open source intel • Criminal investigations, counter gang, evidence presentation, intelligence • Fraud investigations, insider threat, transaction analysis • Investigate alerts, campaign tracking, event triage, threat hunting Who is i2 Intelligence • Those detective shows with the string walls…we do that, digitally • 26+ years ago i2 began enabling digital investigations for military and law enforcement • Started as desktop software, evolved into client/server option • Helped 4,000+ customers, used by 80% of national security orgs globally – gold standard in intel History Core Use Cases Hottest Trend National Security Law Enforcement CyberFraud Threat Hunting • Next level of maturity for the SOC or SIOC organization • Find the one specific “needle” in the massive stack of needles • Powerful visualization and analytics, see data in a new way • A platform to bring together all sources of disparate data • Put the human in the loop to find the other human adversary
3 IBM Security Threat Hunting Defined Correlated Platform QRadar X-Force Big Fix IDS Logs i2 Intelligence Atomic CREATE Hypotheses INVESTIGATE via Tools and Platforms UNCOVER New Patterns & TTPS REPORT & ENRICH Analytics Threat Hunting Cycle Components of Threat Hunting Threat Hunting is:  Human-led analysis  Proactive in nature  Facilitated with an analyst workbench
4 IBM Security IBM CONFIDENTIAL UNTIL JANUARY 2017
5 IBM Security IBM CONFIDENTIAL UNTIL JANUARY 2017
6 IBM Security6 Level of Effort %ofThreatsStopped Implement a Security Framework Complex Investigation Non-Linear Relationship Between Effectiveness and Cost Tier One SOC Analyst Incident Responders Cyber Analysts Personnel Example Tier Two SOC Analyst Threat Researchers Firewall SIEM Analysis Product Example INTELLIGENCE TIME HORIZON Information Security Cyber Analysis Advanced Security Intelligence Cyber Analysis and Threat Hunting HUNTING
7 IBM Security
8 IBM Security Six Key Use Cases and Examples of Enterprise Intelligence Customer Key Use Case Value Delivered Buyer Cyber Threat Hunting Net new discovery of correlating low level alerts and offenses SOC Director, Head of Threat Intel, CISO, CTO Watchlists and Vetting Greatly increased efficiency of investigation and increased level of data by orders of magnitude Lead investigator Insider Threat Identified discoveries of employees abusing privileges Head of SIU VIP Protection Immediate alerting of threats to VIPs and direct link to law enforcement Head of Threat Intel, Cyber Intel Director Fraud Investigations Identified net new money chain transfers Head of FIU Threat Discovery Immediate alerting on brand compromises and fraud on darkweb Head of FIU, Head of Brand Protection
9 IBM Security Why Customers Need i2 Intelligence for Threat Hunting Problem Description How i2 Helps Organizations have dozens of vendor and government data/intel feeds which are in multiple formats and difficult to acquire. It is nearly impossible to derive value from data i2 is data agnostic and can ingest structured and unstructured datasets, then display a single-object model to the analyst for easy analysis A customer’s security and risk orgs are very siloed and operate in “fiefdoms”. Threat indicators need to be combined across security, intelligence, fraud, and risk i2 is an extensible solution allowing the connection to data sources in place and for all analysts and groups to combine disparate data sources Advanced cyber threats have become commoditized through exploit kits, now a hacker with a $500 laptop and low skillset can negate millions in cyber investment i2 allows for proactive searching and anomaly recognition through built in analytics to discover latent threat hiding within noisy alerts Our customer’s IT and security budgets are constantly being slashed, asked to do more with less. Also, it is very difficult to find trained cyber operators with adv. skills i2 has an easy to use analyst UI, as one customer put it: “it takes me 6 months to train an analyst on a SIEM, with i2 and analyst is effective in days”  Structured  Unstructured  Open Source Overwhelming Data Enterprise Level Analysis Asymmetric Threat Budget / Turnover / Skills
10 IBM Security Concept Value Description Analogy Optimizing Decreasing time to know, prioritizing indicators • Seeing obvious issues from different angle • Creating efficiencies in other tools/domains • Tuning alerts to appropriate threshold • Understanding most important alerts • Connecting multiple events and alerts Force Multiplier Understand trends and patterns, indicators • Discover patterns and trends over time • Direct valuable resources for max impact • Automate ingest, searches, functions • Tip other collection sources using intel • Pinpoint problem areas with analytics Predicting Taking advantage of anomalies, preempting adversary action • Advanced differentiated information • Using indicators to predict adv. Action • Discovering anomalies as key indicators • Stopping adversary before reaching goal • Understanding trends and how they impact Intelligence Concepts are a Spectrum of Value Alert Fatigue Border Protection Market Prediction
11 IBM Security Key Differentiators of i2 vs. Other Security Products For Advanced Users Tier 3, Threat Hunters We Do Investigations Human in the Loop Non-Cyber Datasets Physical, HR, Dark Web Complexity Of Data Volume Of Data Start with the Unknown Complexity Of Data Volume Of Data Security Operations Hunting Start with the Known
12 IBM Security What is an Unknown Unknown Search Offense 1 Offense Property b Offense Property a Offense Property f Offense 1 Offense Property i Offense Property c Offense Property d Offense Property e Offense Property h Offense Property g Ask the question: “show me which offenses share the same property” – you don’t know the subset of offenses, not the subset of properties to search
13 IBM Security Using the power of i2… Specific Hunting Scenario Ask the question: “Find the person who…..”  Is part of a specific organization  Is associated with with a monetary transaction  Who also made a call on a certain date  Who also came up in an alert  Which was also associated with an extracted document  Who also is associated with a vehicle tag  Which was seen in on a surveillance camera at night Imagine the scenario: • Investment bank wants to know if any insiders are committing fraudulent trades • The person would be sophisticated and perhaps changing terminals and logins • The person would also come in on the night shift to cover what they are doing This is Very Difficult! • Data from multiple domains and silos • Challenging to correlate facts in the case • Existing security tools are too niche use
14 IBM Security What is Needed to Conduct Threat Hunting SOC & SIEMThreat Intelligence Intelligence Analysis ToolsStatistical Analysis Foundational Data Organization + Discovery Known Indicators Anomaly Detection i2 Intelligence Area of Expertise
15 IBM Security What is i2 Intelligence? Analyst Workbench Enterprise Server Network & Link Analysis Transactional Timelines Analytical Tools Geospatial Integration  Out-of-the-box analytics & visualization that help find and track adversaries in both the government and private sector  Intuitive UI design used by 1,000’s of analysts for over 25+ years which greatly speeds up investigation with efficiency  Create products for decision making or to provide evidence of criminal behavior or as visual aids during an investigation  Combine all internal & external data sources into a single object model in order to understand multi-dimensional data  Advanced searching to quickly expand on an investigation by allowing the analyst to “pivot” a search on any variable  Deep server-side analytics that allow presentation of non-obvious relationships and data patterns to the analyst “Front End” Structured Semi-Structured Unstructured “Back End” Entity, Link, Property (ELP) Format DataIngestion Enterprise Server
16 IBM Security Threat Hunting Platform Structure
17 IBM Security Announcing New App: i2 QRadar Offense Investigator app via IBM Security App Exchange Triage Analysis Block and Tackle QRadar i2 Analyst’s Notebook Analyst can select specific offenses with an integrated “i2 button” Offenses and connected data pushed into i2 ANB QRadar Plugin Data can be pulled into i2 ANB through the QRadar API Offense Correlation Hunt Investigations Cyber Analyst Tom with QRadar App Tier 3 or “Hunt” Analyst:  Proactive threat analysis  Looks for trends, anomalies  Uses SIEM and analysis tool Value of i2 threat hunting for QRadar app:  Greatly increase efficiency of investigation  Automatically enrich offences within i2 Analyst’s Notebook  Simplifies and accelerates sales cycle generated by the IBM Security sales team  Shows “out-of-the-box” integration with IBM Security products, specifically QRadar
18 IBM Security Screenshot
19 IBM Security Example Analysis Tools Over QRadar Data • Network Analytics • Bar Charts and Histograms • Copy to Timeline • List Most Connected • Find Connecting Network • Activity View
20 IBM Security Understanding Workflow Between Analysts Foundational Security Data Watson for Cyber Security Physical Security Data QRadar Cyber Corpus QRadar Advisor IBM i2 Geospatial Data Non-Traditional Data Tier 1 Analyst Tier 2 Analyst Tier 3 Analyst Triage Awareness Alerting Initial Analysis Offense Review Visibility Aggregation Detection Monitoring Vulnerability Mngt Enrichment Alerting Increased Accuracy Hypothesis Generation Speed Up Investigation Context Enhancement Event Visualization All Source Data Analysis Deep Investigation Mathematical Model Analysis ELP Searching Advanced Data Queries Active Visualization
21 IBM Security A large North American custody bank gained valuable insight from correlating multiple low-level offenses 5,000:1 Reduction in event analysis Hours to Seconds Decreased investigation time with the ability to correlate multiple low-level events to identifiers Business challenge  Visually understand how multiple low-level SIEM alerts fit together, on a daily basis. See how individual identifiers (e.g. IP, machine name, etc) can come up on multiple events IBM Security i2 EIA Gained superior visualization of interconnectivity and correlation among incidents, realizing a 5,000:1 decrease in event analysis and a significant decrease in investigation time from hours to seconds Connecting the dots
22 IBM Security A UK based saving and loan bank greatly increases the effectiveness of fraud investigations 80% Decrease Business challenge  Analysts spent days on fraud investigations, crawling through spreadsheets  Had to manually create diagrams once reaching a conclusion to share with law enforcement IBM Security i2 EIA Accelerates investigations by up to 80%, eliminates hours of spreadsheet-based analysis by presenting data visually and helps analysts tackle complex investigations without impacting normal operations In time to complete investigations Minimize Risk and catch more criminals, sharing with LE Finding Fraud Faster
23 IBM Security CustomerUse Case Mapping Chief Risk & Compliance Officer CISO CSO Investigations • Threat Hunting Incident Investigations Event Correlation • Campaign Tracking Intel Report Production • Threat Discovery Watchlists Vetting SOC Use Cases Threat Intel Use Cases Insider Threat Use Cases • Political Unrest Assessments Building Threat Assessments Theft Investigations • Stakeholder Threat Assessment Reputation Investigation • Area Threat Assessment Event Threat Assessment Physical Security Use Cases VIP Protection Use Cases Travel Risk Use Cases • Privilege Misuse Money Laundering Insider Trading • Account Takeover Organized Crime Investigation • Insurance Fraud Complex Fraud Investigation Internal Fraud Use Cases External Fraud Use Cases SIU Use Cases
24 IBM Security i2 WW and Geo Sales Leadership Will Martin - NA i2 Offering Management Leadership i2 WW Technical Leadership Jon Whitman - WW Akiba Saeedi Bob ThimsenBob Stasio Where You can Find the i2 Intelligence Team David Waxman Julian Midwinter - EURHarry McCue - GM Steve Dalzell Mike Kehoe - WW IBM and Partner Use Only
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions FOLLOW US ON: THANK YOU

Recommended

Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iPrecisely
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCristian Garcia G.
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report Morane Decriem
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
 
Bot Manager + Cloudlet Strengthen Mitigation Capability
Bot Manager + Cloudlet Strengthen Mitigation CapabilityBot Manager + Cloudlet Strengthen Mitigation Capability
Bot Manager + Cloudlet Strengthen Mitigation CapabilityAkamai Developers & Admins
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityPanda Security
 

Recommended

Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iPrecisely
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCristian Garcia G.
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report Morane Decriem
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl
 
Bot Manager + Cloudlet Strengthen Mitigation Capability
Bot Manager + Cloudlet Strengthen Mitigation CapabilityBot Manager + Cloudlet Strengthen Mitigation Capability
Bot Manager + Cloudlet Strengthen Mitigation CapabilityAkamai Developers & Admins
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityPanda Security
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and ChallengesOWASP Delhi
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent ThreatAmmar WK
 
Deception technology for advanced detection
Deception technology for advanced detectionDeception technology for advanced detection
Deception technology for advanced detectionJisc
 
(paper) Analisis Celah Keamanan Manajemen Sesi terhadap Serangan Session Hija...
(paper) Analisis Celah Keamanan Manajemen Sesi terhadap Serangan Session Hija...(paper) Analisis Celah Keamanan Manajemen Sesi terhadap Serangan Session Hija...
(paper) Analisis Celah Keamanan Manajemen Sesi terhadap Serangan Session Hija...idsecconf
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architectureDenise Bailey
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
What is network detection and response?
What is network detection and response?What is network detection and response?
What is network detection and response?Vehere
 
FIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO Alliance
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™Katie Nickels
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteIBM Security
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber worldAkash Sarode
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...Aladdin Dandis
 
Suricata
SuricataSuricata
Suricatatex_morgan
 
Career in cyber security
Career in cyber securityCareer in cyber security
Career in cyber securityManjushree Mashal
 
IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Government
 
Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv
 

More Related Content

What's hot

Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and ChallengesOWASP Delhi
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent ThreatAmmar WK
 
Deception technology for advanced detection
Deception technology for advanced detectionDeception technology for advanced detection
Deception technology for advanced detectionJisc
 
(paper) Analisis Celah Keamanan Manajemen Sesi terhadap Serangan Session Hija...
(paper) Analisis Celah Keamanan Manajemen Sesi terhadap Serangan Session Hija...(paper) Analisis Celah Keamanan Manajemen Sesi terhadap Serangan Session Hija...
(paper) Analisis Celah Keamanan Manajemen Sesi terhadap Serangan Session Hija...idsecconf
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architectureDenise Bailey
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
What is network detection and response?
What is network detection and response?What is network detection and response?
What is network detection and response?Vehere
 
FIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO Alliance
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™Katie Nickels
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteIBM Security
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber worldAkash Sarode
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...Aladdin Dandis
 

What's hot (20)

Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and Challenges
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent Threat
 
Deception technology for advanced detection
Deception technology for advanced detectionDeception technology for advanced detection
Deception technology for advanced detection
 
(paper) Analisis Celah Keamanan Manajemen Sesi terhadap Serangan Session Hija...
(paper) Analisis Celah Keamanan Manajemen Sesi terhadap Serangan Session Hija...(paper) Analisis Celah Keamanan Manajemen Sesi terhadap Serangan Session Hija...
(paper) Analisis Celah Keamanan Manajemen Sesi terhadap Serangan Session Hija...
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
What is network detection and response?
What is network detection and response?What is network detection and response?
What is network detection and response?
 
FIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & Tutorial
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber world
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...
 
Suricata
SuricataSuricata
Suricata
 
Career in cyber security
Career in cyber securityCareer in cyber security
Career in cyber security
 

Similar to Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting Today!

IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Government
 
Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv
 
Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv
 
Chris neely the future of cyber security events 3
Chris neely the future of cyber security events 3Chris neely the future of cyber security events 3
Chris neely the future of cyber security events 3Redazione InnovaPuglia
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021lior mazor
 
Interset-advanced threat detection wp
Interset-advanced threat detection wpInterset-advanced threat detection wp
Interset-advanced threat detection wpCMR WORLD TECH
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsIBM Security
 
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Black Duck by Synopsys
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowIBM Security
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionIvanti
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...TI Safe
 
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018Panda Security
 
Ten security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofTen security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofAdrian Sanabria
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Interset
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsTim Mackey
 

Similar to Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting Today! (20)

IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat Analysis
 
Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017
 
Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017Blueliv Corporate Brochure 2017
Blueliv Corporate Brochure 2017
 
Chris neely the future of cyber security events 3
Chris neely the future of cyber security events 3Chris neely the future of cyber security events 3
Chris neely the future of cyber security events 3
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021
 
Interset-advanced threat detection wp
Interset-advanced threat detection wpInterset-advanced threat detection wp
Interset-advanced threat detection wp
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
 
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
Spo2 t17
Spo2 t17Spo2 t17
Spo2 t17
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
 
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
 
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
 
Ten security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofTen security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard of
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
 
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
Innovation in Cybersecurity [Montreal 2018 CRIAQ RDV Forum]
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptions
 

More from IBM Security

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...IBM Security
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsIBM Security
 

More from IBM Security (20)

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile Metrics
 

Recently uploaded

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 

Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting Today!

  • 1. Threat Hunting and i2 QRadar Offense Investigator Bob Stasio, CISSP July, 2017 Senior Product Manager, i2 Intelligence, IBM Security
  • 2. 2 IBM Security • Military intelligence, counter terrorism fusion analysis, open source intel • Criminal investigations, counter gang, evidence presentation, intelligence • Fraud investigations, insider threat, transaction analysis • Investigate alerts, campaign tracking, event triage, threat hunting Who is i2 Intelligence • Those detective shows with the string walls…we do that, digitally • 26+ years ago i2 began enabling digital investigations for military and law enforcement • Started as desktop software, evolved into client/server option • Helped 4,000+ customers, used by 80% of national security orgs globally – gold standard in intel History Core Use Cases Hottest Trend National Security Law Enforcement CyberFraud Threat Hunting • Next level of maturity for the SOC or SIOC organization • Find the one specific “needle” in the massive stack of needles • Powerful visualization and analytics, see data in a new way • A platform to bring together all sources of disparate data • Put the human in the loop to find the other human adversary
  • 3. 3 IBM Security Threat Hunting Defined Correlated Platform QRadar X-Force Big Fix IDS Logs i2 Intelligence Atomic CREATE Hypotheses INVESTIGATE via Tools and Platforms UNCOVER New Patterns & TTPS REPORT & ENRICH Analytics Threat Hunting Cycle Components of Threat Hunting Threat Hunting is:  Human-led analysis  Proactive in nature  Facilitated with an analyst workbench
  • 4. 4 IBM Security IBM CONFIDENTIAL UNTIL JANUARY 2017
  • 5. 5 IBM Security IBM CONFIDENTIAL UNTIL JANUARY 2017
  • 6. 6 IBM Security6 Level of Effort %ofThreatsStopped Implement a Security Framework Complex Investigation Non-Linear Relationship Between Effectiveness and Cost Tier One SOC Analyst Incident Responders Cyber Analysts Personnel Example Tier Two SOC Analyst Threat Researchers Firewall SIEM Analysis Product Example INTELLIGENCE TIME HORIZON Information Security Cyber Analysis Advanced Security Intelligence Cyber Analysis and Threat Hunting HUNTING
  • 8. 8 IBM Security Six Key Use Cases and Examples of Enterprise Intelligence Customer Key Use Case Value Delivered Buyer Cyber Threat Hunting Net new discovery of correlating low level alerts and offenses SOC Director, Head of Threat Intel, CISO, CTO Watchlists and Vetting Greatly increased efficiency of investigation and increased level of data by orders of magnitude Lead investigator Insider Threat Identified discoveries of employees abusing privileges Head of SIU VIP Protection Immediate alerting of threats to VIPs and direct link to law enforcement Head of Threat Intel, Cyber Intel Director Fraud Investigations Identified net new money chain transfers Head of FIU Threat Discovery Immediate alerting on brand compromises and fraud on darkweb Head of FIU, Head of Brand Protection
  • 9. 9 IBM Security Why Customers Need i2 Intelligence for Threat Hunting Problem Description How i2 Helps Organizations have dozens of vendor and government data/intel feeds which are in multiple formats and difficult to acquire. It is nearly impossible to derive value from data i2 is data agnostic and can ingest structured and unstructured datasets, then display a single-object model to the analyst for easy analysis A customer’s security and risk orgs are very siloed and operate in “fiefdoms”. Threat indicators need to be combined across security, intelligence, fraud, and risk i2 is an extensible solution allowing the connection to data sources in place and for all analysts and groups to combine disparate data sources Advanced cyber threats have become commoditized through exploit kits, now a hacker with a $500 laptop and low skillset can negate millions in cyber investment i2 allows for proactive searching and anomaly recognition through built in analytics to discover latent threat hiding within noisy alerts Our customer’s IT and security budgets are constantly being slashed, asked to do more with less. Also, it is very difficult to find trained cyber operators with adv. skills i2 has an easy to use analyst UI, as one customer put it: “it takes me 6 months to train an analyst on a SIEM, with i2 and analyst is effective in days”  Structured  Unstructured  Open Source Overwhelming Data Enterprise Level Analysis Asymmetric Threat Budget / Turnover / Skills
  • 10. 10 IBM Security Concept Value Description Analogy Optimizing Decreasing time to know, prioritizing indicators • Seeing obvious issues from different angle • Creating efficiencies in other tools/domains • Tuning alerts to appropriate threshold • Understanding most important alerts • Connecting multiple events and alerts Force Multiplier Understand trends and patterns, indicators • Discover patterns and trends over time • Direct valuable resources for max impact • Automate ingest, searches, functions • Tip other collection sources using intel • Pinpoint problem areas with analytics Predicting Taking advantage of anomalies, preempting adversary action • Advanced differentiated information • Using indicators to predict adv. Action • Discovering anomalies as key indicators • Stopping adversary before reaching goal • Understanding trends and how they impact Intelligence Concepts are a Spectrum of Value Alert Fatigue Border Protection Market Prediction
  • 11. 11 IBM Security Key Differentiators of i2 vs. Other Security Products For Advanced Users Tier 3, Threat Hunters We Do Investigations Human in the Loop Non-Cyber Datasets Physical, HR, Dark Web Complexity Of Data Volume Of Data Start with the Unknown Complexity Of Data Volume Of Data Security Operations Hunting Start with the Known
  • 12. 12 IBM Security What is an Unknown Unknown Search Offense 1 Offense Property b Offense Property a Offense Property f Offense 1 Offense Property i Offense Property c Offense Property d Offense Property e Offense Property h Offense Property g Ask the question: “show me which offenses share the same property” – you don’t know the subset of offenses, not the subset of properties to search
  • 13. 13 IBM Security Using the power of i2… Specific Hunting Scenario Ask the question: “Find the person who…..”  Is part of a specific organization  Is associated with with a monetary transaction  Who also made a call on a certain date  Who also came up in an alert  Which was also associated with an extracted document  Who also is associated with a vehicle tag  Which was seen in on a surveillance camera at night Imagine the scenario: • Investment bank wants to know if any insiders are committing fraudulent trades • The person would be sophisticated and perhaps changing terminals and logins • The person would also come in on the night shift to cover what they are doing This is Very Difficult! • Data from multiple domains and silos • Challenging to correlate facts in the case • Existing security tools are too niche use
  • 14. 14 IBM Security What is Needed to Conduct Threat Hunting SOC & SIEMThreat Intelligence Intelligence Analysis ToolsStatistical Analysis Foundational Data Organization + Discovery Known Indicators Anomaly Detection i2 Intelligence Area of Expertise
  • 15. 15 IBM Security What is i2 Intelligence? Analyst Workbench Enterprise Server Network & Link Analysis Transactional Timelines Analytical Tools Geospatial Integration  Out-of-the-box analytics & visualization that help find and track adversaries in both the government and private sector  Intuitive UI design used by 1,000’s of analysts for over 25+ years which greatly speeds up investigation with efficiency  Create products for decision making or to provide evidence of criminal behavior or as visual aids during an investigation  Combine all internal & external data sources into a single object model in order to understand multi-dimensional data  Advanced searching to quickly expand on an investigation by allowing the analyst to “pivot” a search on any variable  Deep server-side analytics that allow presentation of non-obvious relationships and data patterns to the analyst “Front End” Structured Semi-Structured Unstructured “Back End” Entity, Link, Property (ELP) Format DataIngestion Enterprise Server
  • 16. 16 IBM Security Threat Hunting Platform Structure
  • 17. 17 IBM Security Announcing New App: i2 QRadar Offense Investigator app via IBM Security App Exchange Triage Analysis Block and Tackle QRadar i2 Analyst’s Notebook Analyst can select specific offenses with an integrated “i2 button” Offenses and connected data pushed into i2 ANB QRadar Plugin Data can be pulled into i2 ANB through the QRadar API Offense Correlation Hunt Investigations Cyber Analyst Tom with QRadar App Tier 3 or “Hunt” Analyst:  Proactive threat analysis  Looks for trends, anomalies  Uses SIEM and analysis tool Value of i2 threat hunting for QRadar app:  Greatly increase efficiency of investigation  Automatically enrich offences within i2 Analyst’s Notebook  Simplifies and accelerates sales cycle generated by the IBM Security sales team  Shows “out-of-the-box” integration with IBM Security products, specifically QRadar
  • 19. 19 IBM Security Example Analysis Tools Over QRadar Data • Network Analytics • Bar Charts and Histograms • Copy to Timeline • List Most Connected • Find Connecting Network • Activity View
  • 20. 20 IBM Security Understanding Workflow Between Analysts Foundational Security Data Watson for Cyber Security Physical Security Data QRadar Cyber Corpus QRadar Advisor IBM i2 Geospatial Data Non-Traditional Data Tier 1 Analyst Tier 2 Analyst Tier 3 Analyst Triage Awareness Alerting Initial Analysis Offense Review Visibility Aggregation Detection Monitoring Vulnerability Mngt Enrichment Alerting Increased Accuracy Hypothesis Generation Speed Up Investigation Context Enhancement Event Visualization All Source Data Analysis Deep Investigation Mathematical Model Analysis ELP Searching Advanced Data Queries Active Visualization
  • 21. 21 IBM Security A large North American custody bank gained valuable insight from correlating multiple low-level offenses 5,000:1 Reduction in event analysis Hours to Seconds Decreased investigation time with the ability to correlate multiple low-level events to identifiers Business challenge  Visually understand how multiple low-level SIEM alerts fit together, on a daily basis. See how individual identifiers (e.g. IP, machine name, etc) can come up on multiple events IBM Security i2 EIA Gained superior visualization of interconnectivity and correlation among incidents, realizing a 5,000:1 decrease in event analysis and a significant decrease in investigation time from hours to seconds Connecting the dots
  • 22. 22 IBM Security A UK based saving and loan bank greatly increases the effectiveness of fraud investigations 80% Decrease Business challenge  Analysts spent days on fraud investigations, crawling through spreadsheets  Had to manually create diagrams once reaching a conclusion to share with law enforcement IBM Security i2 EIA Accelerates investigations by up to 80%, eliminates hours of spreadsheet-based analysis by presenting data visually and helps analysts tackle complex investigations without impacting normal operations In time to complete investigations Minimize Risk and catch more criminals, sharing with LE Finding Fraud Faster
  • 23. 23 IBM Security CustomerUse Case Mapping Chief Risk & Compliance Officer CISO CSO Investigations • Threat Hunting Incident Investigations Event Correlation • Campaign Tracking Intel Report Production • Threat Discovery Watchlists Vetting SOC Use Cases Threat Intel Use Cases Insider Threat Use Cases • Political Unrest Assessments Building Threat Assessments Theft Investigations • Stakeholder Threat Assessment Reputation Investigation • Area Threat Assessment Event Threat Assessment Physical Security Use Cases VIP Protection Use Cases Travel Risk Use Cases • Privilege Misuse Money Laundering Insider Trading • Account Takeover Organized Crime Investigation • Insurance Fraud Complex Fraud Investigation Internal Fraud Use Cases External Fraud Use Cases SIU Use Cases
  • 24. 24 IBM Security i2 WW and Geo Sales Leadership Will Martin - NA i2 Offering Management Leadership i2 WW Technical Leadership Jon Whitman - WW Akiba Saeedi Bob ThimsenBob Stasio Where You can Find the i2 Intelligence Team David Waxman Julian Midwinter - EURHarry McCue - GM Steve Dalzell Mike Kehoe - WW IBM and Partner Use Only
  • 25. © Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions FOLLOW US ON: THANK YOU