QRadar Vulnerability Manager is a fully integrated member of the IBM QRadar Security Intelligence Platform (Figure 2). It leverages existing QRadar appliances to conduct dynamic, event-driven asset searches as well as regularly scheduled scans, enabling a real-time and constantly updated view of your organization's security posture. QRadar Vulnerability Manager derives a rich security context from such information as network flow data, asset configurations, and threat intelligence sources.
Figure 2. Where QVM fits into the QRadar lineup
Where QVM fits into the QRadar lineup
Adding QRadar Vulnerability Manager to the QRadar lineup provides these additional features:
Two new deployable components:
QVM Console, which delivers scan definitions, a scan scheduling engine, and organizes scan results
QVM Scanner, which performs scan tasks as part of an overall scan
Hosted Scanner, a component hosted by IBM that lets you scan a customer's DMZ from the Internet
QVM already exists within most QRadar SIEM environments as standard code that can be quickly activated using a licensing key. And once installed, it just shows up as a new tab on your IBM Security QRadar SIEM console window.
The capabilities QRadar Vulnerability Manager adds are:
An embedded, well-proven, scalable PCI-certified scanner
The ability to detect 70,000+ vulnerabilities
Tracking through the National Vulnerability Database (CVE)
An integrated external scanner
A complete vulnerability view supporting third-party vulnerability system data feeds
Support for the exception and remediation processes of virtual machines with seamlessly integrated reporting and dash boarding
These features and capabilities add the following attributes to your security system:
Proactivity: Helps prevent damaging attacks by discovering and highlighting high-risk vulnerabilities
Actionability: Helps prioritize remediation and mitigation activities by providing advanced filtering and quick search capabilities leveraging network context
Awareness: Quickly conducts network scans either periodically or dynamically whenever new devices appear or in response to suspicious behaviors, helping maintain an accurate and updated view of all network assets
The major attribute of QRadar Vulnerability Manager is that it allows you to combine automated vulnerability scanning with a superior understanding of device configurations, network topology, and traffic patterns. This makes it much easier to enable proactive protective measures. It also means that QVM's real value isn't in the fact that it performs network scans, but that it helps you intelligently interpret the results.
Back to top
Functional overview
QRadar Vulnerability Manager works by categorizing your vulnerabilities into workable groups and functions:
Not Active: By leveraging QFlow Collector, QVM can tell if the vulnerable application is active. QFlow Collector provides Layer 7 application visibility and flow analysis to help you understand and respond to activities throughout your network.
Patched: By leveraging Endpoint Manager, QVM understands what vulnerabilities will be patched. IBM Endpoint Manager manages and secures mobile devices, laptops, desktops, and servers.
Blocked: By leveraging QRadar Risk Manager, QVM can understand what vulnerabilities are blocked by firewalls and IPSs. QRadar Risk Manager monitors network topology, switch, router, firewall, and Intrusion Prevention System (IPS) configurations to reduce risk and increase compliance.
Critical: By leveraging its vulnerability knowledge base, remediation flow, and QRM policies, QVM can identify business critical vulnerabilities.
At Risk: By utilizing X-Force threat and SIEM security incident data, coupled with QFlow network traffic visibility, QVM can tell if vulnerable assets are communicating with potential threats.
Exploited: By leveraging SIEM correlation and IPS data, QVM can reveal what vulnerabilities have been exploited.
QRadar Vulnerability Manager meets the challenges of the three security areas that are currently trending—advanced persistent threats, increasing IT security monitoring complexity, and the limits of compliance as a security tool.
Defense for advanced persistent threats
These stealthy attacks continue until the perpetrators succeed by exploiting all available opportunities. Organizations can improve defenses by patching, blocking, or monitoring as many high-impact vulnerabilities as they can. QRadar Vulnerability Manager meets this challenge by:
Leveraging the existing appliance infrastructure and security intelligence data to seamlessly conduct automated scans for network vulnerabilities.
Sensing when new assets are added to the network and perform immediate scans to keep the asset database and network topology current.
Preserving security team bandwidth by eliminating false positives and reducing unnecessary activities by correlating results with IPS/IPD blocking capabilities.
Fight complexity with a single point of view
Most IT security systems have multiple sources of vulnerability assessment data coming from different scanning solutions, but not a coherent method to view the total network security picture. QVM helps organizations reduce this complex dance of data and makes faster and better decisions by:
Using a familiar interface to review log events, network flows, offenses, risks, and vulnerabilities
Collecting all available scan data within a dedicated and customizable dashboard view
Making it easier to coordinate patching, virtual patching, and blocking activities
Going beyond compliance mandates
Industry data and system compliance mandates prod organizations to meet the security requirements of sensitive IT assets in those industries by instituting policies and programs. That is a good thing. QVM helps organizations meet their compliance mandates by:
Conducting regular network scans, maintaining a full history and audit trail of completed scans
Categorizing each discovered vulnerability with an appropriate severity rating and vulnerability score
Maintaining a history of vulnerability posture on a daily, weekly, and monthly basis
Enabling scanning of assets, both internally and externally
Creating tickets (set severity, due dates, comments) to manage remediation activities
Supporting an exception process with a full audit trail
But it can also make a security officer become complacent. QVM adds a significant amount of automation to the scanning and scanning-analysis to make it easier and cost-effective for the security professional to explore even larger datasets than compliance requires—and, consequently, use that analysis to make better decisions. QVM lets clients:
Orchestrate a high volume of concurrent assessments without disturbing normal network operations while allowing multiple stakeholders to scan and rescan as needed for remediation verification
Summarize vulnerability status by day, week, and month, enabling organizations to effectively provide long-term reports and trend graphs while providing efficient day-to-day operational views
Capture an audit trail associated with all activities (discovery, assignments, notes, exceptions, and remediation) represented by disparate data types
Saturday, October 7, 2017
Friday, July 11, 2014
Gartner Publishes 2014 Magic Quadrant for SIEM
Gartner just published the 2014 SIEM Magic Quadrant and Critical Capabilities reports, and IBM Security QRadar is again positioned in the Leaders quadrant, this time better than ever.+
For the first time, IBM Security QRadar is positioned furthest to the right for vision and highest for ability to execute, which I believe makes us THE LEADER in this space. That means IBM Security is rated above:+
…and every other vendor on “Ability to Execute” (the Y-axis) and “Completeness of Vision” (the X-axis). This represents overall viability, product/service, customer experience, market responsiveness, product track record, sales execution, operations and marketing execution.+
This recognition reflects the origins of QRadar, its growth as an independent company and the accelerated investments the IBM Security Systems division has made in the QRadar Security Intelligence Platform since it acquired Q1 Labs back in 2011. Case in point: In just the last 10 months, we’ve tightly integrated vulnerability management and network forensics technologies that double and triple down on the IT security team productivity enhancements — offense records — delivered by QRadar SIEM.+
Furthermore, this achievement especially reflects the positive experiences our clients report because no vendor is positioned highly without good customer references. We’re fortunate to have satisfied customers who will share their IT security objectives, deployment details, user experiences and more, helping to confirm the value of our module extensions and technology integration.+
The Magic Behind the Positioning of IBM as a Leader in Gartner’s 2014 SIEM Magic Quadrant
Every supplier will tell you they satisfy customer demand. But what customers need is a partner who delivers highly innovative solutions to problems they may not yet be aware of or in a way they had not considered, such as correlating network flows with log events and asset values and identity. We did that years ago, and we called it Security Intelligence. But customer after customer also tells me the same thing: We love QRadar because it does what you folks say it does, and it does it rapidly, dependably and easily.
According to this new Gartner Magic Quadrant report, Security Information and Event Management (SIEM) is a $1.5 billion market that grew 16 percent during 2013 and is expected to grow at a rate of 12.4 percent in 2014. The Leaders quadrant consists of vendors that deliver solutions that are a good match to general SIEM market requirements, have been the most successful in building an installed base and revenue stream within the SIEM market and show evidence of superior vision and execution. I believe that IBM Security QRadar has done all of these things and far more, and my hat is off to this extremely talented, dedicated and hardworking team that has delivered outstanding solutions to our customers in this critical and strategic marketplace.+
Subscribe to:
Posts (Atom)