Why Security Intelligence?
Talk to people about analyzing security data and you’ll likely hear story after story about how many were quickly overwhelmed, overloaded and overtaxed while searching through millions of data points. Security intelligence, such as security information and event management (SIEM), is actually done best when more data is collected rather than just the obligatory logs from assets, applications and data sources associated with regulatory compliance mandates. But more data usually means longer searches and potentially uncorrelated data points that end up being false positives.
That’s where a security intelligence platform and similar security solutions can help. Programs like IBM’s QRadar were designed with a cohesive architecture so all the modules share a common code base and development framework. They also use automatic sensing of SYSLOG devices to take the sting out of initial deployments, while monitoring capabilities help identify network assets and register them as enterprise resource planning (ERP) servers, email servers, chat servers, etc.
Finding the Right Solutions
IT security teams often want to use the same Web-based console interface to operate all the log management, SIEM, risk and vulnerability management and forensics investigations components involved in the day-to-day operations of an enterprise. This all sounds good, but during the request for proposal (RFP) process, prospects want to know more about what it really takes to deploy, tune and maintain a security intelligence environment. What special data analytics skills and experience are required? What does it take to apply a security solution?
Those are broad questions that span elements of time, skills and infrastructural resources. It’s like asking, “What does it take to win the Boston Marathon?” Or, “How fast do you need to be to win a gold medal at the world championships?” And then there are other special talents that are required to achieve success. So the answers depend a lot upon the dimensions of your environment and the people you’re able to attract for security purposes.
What better way to answer these questions than to hire an IT security research organization and have it conduct a study of the security intelligence solution installed on a base of clients? IBM did just that, asking the Ponemon Institute to poll its RIM Council and provide a statistically valid assessment of many QRadar operational metrics and user experiences.
Understanding the User Experience
What IBM discovered was an essential validation of insights collected from customers and sellers over the last several years. Their feedback indicated QRadar delivered quick time to value, had terrific out-of-the-box content and required a very minimal amount of professional services to become fully operational. In most cases, no services were required at all.
Clients also described how they were able to reduce dedicated IT security head count and eliminate many point solution products as a result of deploying QRadar. It’s now even easier with cloud-based security intelligence, which allows a third-party security provider to manage the security infrastructure for you.
Read the full study and see if your organization can benefit from the security intelligence dynamics. What if your team only had to conduct 15 security investigations per day? Are you overwhelmed, overloaded or just using the wrong solution? The results may be able to shed some light on your needs, increase the efficiency of your operations and improve your overall security environment.
If you would like to learn even more about how to use IBM Security intelligence and analytics to protect your business data, we invite you to watch this presentation from a recent IBM event: