May 9, 2016 By Kaushik Srinivas 3 min read

Conventional IT management calls for a means to visualize all activity, from the network and data center to the cloud, devices, users, apps and everything between. Without a security information and event management (SIEM) solution such as IBM QRadar, this challenge is nearly insurmountable.

Unprecedented Levels of Mobile Threats

Featuring 35 apps on the IBM Security App Exchange, IBM Security QRadar makes it easy for organizations to keep activity flowing, leaving no stone unturned as it sniffs out and pounces on vulnerabilities. It features:

  • Multitudes of events and log data across each and every type of activity;
  • Threat intelligence feeds with adequate context for prioritization and response; and
  • Incident response platform integration to plan and execute textbook reactions.

Of all activity types, mobile users on smartphones, tablets and laptops present perhaps the biggest challenge for IT. These devices are always in motion. Questions of who’s using the device, where it’s located and what it’s connecting to are always causes for concern.

Not only are smartphones and tablets being manufactured at unprecedented rates, they’re also increasing in variety and becoming easier to use in a professional context due to the prevalence of productivity apps. Some apps are being delivered too quickly and bypassing security best practices, presenting vulnerabilities to every device they appear on. Without a proper defense, malware and other advanced threats can and will easily enter devices via apps, malicious websites or risky activities.

An App to Keep Activity Under Wraps

A lifesaver for enterprise CISOs seeking the means to prioritize event response, IBM MaaS360 and QRadar integration provides continuous visibility into mobile actions that put corporate assets and information at risk, giving the context necessary to perform on-the-fly threat severity assessments.

Further extending these capabilities, MaaS360 is the first enterprise mobility management (EMM) vendor to feature an app on the IBM Security App Exchange, making it easier than ever for QRadar admins to visualize questionable mobile events from a single dashboard, making for quicker, more informed responses.

The new App Exchange app delivers two new widgets that further extend the viewing capabilities offered by the existing QRadar integration. Using Web service calls to the MaaS360 platform, out-of-compliance devices can be viewed by operating system, making it easy to identify trends.

Additionally, the date and frequency of policy violations are broken down in a simple timeline.

After zeroing in on anything abnormal, QRadar admins can drill down further to pull more detailed log activity. This makes it easy to see specific events, when they occurred,and the overall threat magnitude — everything needed to determine what specific actions should be taken in response.

The Next Steps for App Exchange Users

To take advantage of these new features, visit the App Exchange today and download the MaaS360 app. Support documentation is included to help you configure these widgets within your QRadar dashboard, and it also provides the required steps to configure MaaS360 log sources within QRadar.

The QRadar and MaaS360 integrated solution displays mobile activity and out-of-compliance event information via visual dashboards and detailed reports. As a result, QRadar admins gain the intelligence required to act quickly before mobile infractions create organizationwide repercussions. Here are some examples:

  • Unauthorized or jailbroken/rooted devices attempting to connect to corporate resources;
  • Users who’ve installed malware-infected or blacklisted applications; and
  • Those who’ve violated corporate policies configured via the MaaS360 portal.

These capabilities are available for QRadar admins after completing a quick and simple configuration process. As a prerequisite, admins must have access to an active MaaS360 account. If you have yet to complete this step, get started now with your free 30-day trial.

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Does your security program suffer from piecemeal detection and response?

4 min read - Piecemeal Detection and Response (PDR) can manifest in various ways. The most common symptoms of PDR include: Multiple security information and event management (SIEM) tools (e.g., one on-premise and one in the cloud) Spending too much time or energy on integrating detection systems An underperforming security orchestration, automation and response (SOAR) system Only capable of taking automated responses on the endpoint Anomaly detection in silos (e.g., network separate from identity) If any of these symptoms resonate with your organization, it's…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today