This document discusses threat hunting using IBM QRadar and Sqrrl analytics. It introduces threat hunting, the threat hunting process, and the Sqrrl behavior graph for visualizing and exploring linked security data. Use cases for threat hunting with Sqrrl analytics on the QRadar platform are presented, along with a reference architecture showing how Sqrrl integrates with QRadar. A demonstration of the Sqrrl threat hunting platform concludes the document.
3. 3
Are you prepared?
What was the impact
to the organization?
What security incidents
are happening right now?
Are we configured
to protect against
advanced threats?
What are the major risks
and vulnerabilities?
Security Intelligence with IBM Sense Analytics
Leverage behavior and anomaly detection to sense changes and detect threats early
• Gain visibility and identity security gaps
• Detect deviations from the norm (i.e. APTs)
• Prioritize vulnerabilities and close
critical exposures before exploit
• Automatically detect and prioritize threats
• Gather full situational awareness
• Perform forensic investigations; develop
and execute incident response plans
Exploit Remediation
REACTION / REMEDIATION PHASE
Post-ExploitVulnerability Pre-Exploit
PREDICTION / PREVENTION PHASE
4. 4
Sense Analytics
Threat Detection
One Platform,
Unified Visibility
The Power to
Act – at Scale
Behavioral
Contextual
Temporal
Extensible
Scalable
Easily deployed
Prioritization
Collaboration of threat data
Automated response
Sense and act on cyberthreats
IBM QRadar: Security Intelligence with Sense Analytics
5. 5
Prioritized
incidents
Incident identification
• Extensive data collection, storage, and analysis
• Real-time correlation and threat intelligence
• Automatic asset, service and user discovery and profiling
• Activity baselining and anomaly detection
Embedded
Intelligence
QRadar
Sense Analytics
Servers and mainframes
Data activity
Network and virtual activity
Application activity
Configuration information
Security devices
Users and identities
Vulnerabilities and threats
Global threat intelligence
EXTENSIVE DATA SOURCES
IBM Sense Analytics
Advanced analytics for threat prevention, detection, and response
7. 7
MILLION
unfilled security positions
by 2020
1.585security tools from 45vendors
PERCENT of CEOs are
reluctant to share incident
information externally
68
Traditional security practices are unsustainable