The session theme is "Threat Management, Next Generation Security Operations Center". The session focuses how security information and event management can help enterprises to collects data from the heterogeneous landscape to have incident response plans and have automation in the entire security operations framework. The session is handled by The session will be handled by Mr.Ravi Shankar Mallah, Architect / IBM security Specialist – Resilient & i2. Ravi has over 13+ years of experience in the field of Cyber security. Over the course of his career he has been involved in building & running multiple enterprise level SOC while taking care of both perimeter and internal security of these setup. He also enjoys real life experience of various Security related technologies such as SIEM, SOAR, IPS, firewalls, Vulnerability management, Anti-APT solutions etc. In his current role at IBM he is working as an Architect and enjoys the role of specialist for Incident Response Platform (IRP) and Threat Hunting

1. See What Matters Most
Ravi Shankar Mallah
DATE : 13/04/2020
Architect – IBM Security
Qradar → Resilient

2. Today, we struggle to find
Stealthy
Adversaries
Critical
Vulnerabilities
Insider
Threats
Privacy
Risks

3. 44%
ALERTS ARE
NOT INVESTIGATED1
Our Current State.
54%
LEGITIMATE ALERTS
ARE NOT REMEDIATED
36%
SAY “KEEPING UP WITH ALERTS”
IS TOP CONCERN
We have enough
data, but not
enough insights.

4. See
Everything
Automate
Intelligence
Become
Proactive
3 Pillars of Effective Threat Detection

5. Critical data
Insider Threats
External threats
Cloud risks
Vulnerabilities
Endpoints
Network activity
Data activity
Users and identities
Threat intelligence
Configuration information
Vulnerabilities and threats
Application activity
Cloud platforms
IBM QRadar
Empowers you to address your most important security challenges
Complete
Visibility
Automated
Investigations
Prioritized
Threats
Proactive
Hunting

6. 6
QRadar
Security Intelligence Platform
DEPLOYMENT
MODELS
BECOME
PROACTIVE
AUTOMATE
INTELLIGENCE
SEE EVERYTHING
DETECT
ADVANCED
THREATS
DETECT
INSIDER
THREATS
SECURE
CLOUD
RESROUCES
PROTECT
CRITICAL
DATA
EFFECTIVELY
RESPOND TO
INCIDENTS
PRIORITIZE
AND MANAGE
RISKS
PROVE
COMPLIANCE
IBM Security
App Exchange
SEAMLESS
INTEGRATION
AND CONTENT
TO AUGMENT
PLATFORM
SOLVE
SECURITY
CHALLENGES
ON PREM AS A SERVICE CLOUD HYBRID
HW, SW, VM SaaS, Managed Service AWS, Azure, Google Cloud On-prem, SaaS, IaaS
COLLECT DATA ACROSS THE ENTIRE ENVIRONMENT
APPLY AUTOMATED ANALYTICS TO DETECT, CONNECT, PRIORITIZE AND INVESTIGATE THREATS
HUNT THREATS, RESPOND FASTER AND CONTINUOUSLY IMPROVE

7. Security Intelligence platform that enables
security optimization through advanced
threat detection, meet compliance and
policy demands and eliminating data silos
Portfolio Overview
QRadar Log Manager
• Turnkey log management for SMB and Enterprises
• Upgradeable to enterprise SIEM
QRadar SIEM
• Integrated log, flow, threat, compliance mgmt
• Asset profiling and flow analytics
• Offense management and workflow
X-Force IP Reputation Feeds
Network Activity Collection & Prevention (QFlow) and
Network Insights (QNI), Network analytics, behavior and anomaly
detection
• Layer 7 application monitoring
• Real-time network packet analysis
QRadar Vulnerability Manager, including Risk Management
• Integrated Network Scanning & Workflow
• Risk Management to prioritize vulnerabilities
• Predictive threat modeling & simulation
• Scalable configuration monitoring and audit
• Advanced threat and impact analysis
QRadar Incident Forensics & Packet Capture
• Reconstruct raw network packets to original format
• Determine root cause of security incidents and help prevent recurrences
QRadar Product Portfolio

8. What’s New in UBA
• 15x improvement to ML scalability
• Custom Machine Learning model builder
• Additional Out of the Box Use Cases
• Browsed to Website categories Education,
Religious, and Government.
• Data Exfiltration by Print
• Data Exfiltration by Cloud Services
• Data Exfiltration by Removable Media
• Data Loss Possible
IBM Security / © 2019 IBM Corporation

9. 73%
OF CLIENTS RECOGNIZED VALUE
WITHIN ONE WEEK
Designed to make your job easier
51%
AVERAGE IMPROVEMENT IN THE
ACCURACY OF THREAT DETECION
50%
FEWER FALSE POSITIVES THAN
OTHER SIEM SOLUTIONS
“The security intelligence
from X-Force and the out-of-
the-box analytics capabilities
made QRadar stand out...”
5+
POINT SOLUTIONS REPLACED BY A
SINGLE QRADAR INSTANCE
— CTO, Large IT Consulting Firm in Europe
Independent QRadar Study by Ponemon Institute

10. IBM RESILIENT AND INTELLIGENT
ORCHESTRATION
Security Orchestration & Automation Response

11. 11 IBM Security
Incident Response Challenges
Persistent skill
shortage – 77 percent
of organizations have
difficulty hiring and
retaining IT security
professionals
Constantly growing
volume and severity of
attacks – 65 percent
of organizations say
severity is increasing
Complex and growing
regulatory landscape –
GDPR and others
Complex SOC
environment – the
average SOC has
75 security tools
(per Symantec)

12. 12 IBM Security
ORCHESTRATION &
AUTOMATION
Threat Intelligence
Platform
CASE
MANAGEMENT
INTELLIGENT
ORCHESTRATION
What is IBM Resilient Intelligent Orchestration?
Outsmart. Outpace. Outmaneuver
Complex Cyber Attacks.
• The next generation of Incident Response
dramatically accelerates and sharpens
response by combining case management
orchestration, artificial and human intelligence
and automation in a single platform.
• The Resilient platform is the only on to deliver
on all three pillars of Gartner’s approach to
Security Operations, Automation, and
Response (SOAR).

13. 13 IBM Security
Resilient SOAR

14. 14 IBM Security
IBM-Validated
and Supported
Applications
Unlocks power of existing
tools and technologies and
increases security ROI and
time to value.
Community
Applications
Enables faster and smarter
response through
shared IR knowledge,
expertise, and resources.
Escalation
• SIEM
• Ticketing
• IPS/IDS
• UBA
• DLP
Communication and
Coordination
• Enterprise communications
• Ticketing
• Crisis management
Containment, Response, Recovery
• Endpoint
• Ticketing
• Next-generation firewall
• Cloud Access Security Broker
Identification and Enrichment
• Endpoint
• Sandbox
• Threat Intelligence
• CMDB
Code Examples
Community-built scripts
and automations
Developer Tools and
SDKs
IBM Resilient-provided
resources and documentation for
building Resilient apps
Playbooks and
Workflows
Incident response tasks
lists and expertise from the
Resilient community
Integrations
Applications that leverage your
existing IT and security tools
for IR
Best Practices
Community knowledge
sharing, metrics, and reports
Resilient Use Case

15. 15 IBM Security
APP – Exchange

16. 16 IBM Security
Building SOAR
Understand the Scope
Process definition - SOP
Involve team
Plan - Pace
Identifying Automation
Data certainty
Technical Integration
Timelines Definition
Readiness
Documentation
Re-usable Playbook
Feedback – input
Automation
Matured SOC
Data Driven
Defined Objective
User feedback
iterative improvement
The Orchestration Journey

17. ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
© Copyright IBM Corporation 2018. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express
or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services
are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your
enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT
system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and
services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be
most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
FOLLOW US ON:
THANK YOU
ibm.com/security/community