ibm qradar - atea · 2020. 3. 5. · qradar use case example a problem: healthcare data breaches...
TRANSCRIPT
IBM QRadarSIEM BENEFITS FOR COMPANY NETWORK VISIBILITY AND ANALYTICS
Which picture scares you more?
Do you remember this?
Time to identify and contain a breach
279 daysPonemon, 2019
Fear not! We have Qradar!
Security Information and Event Management
It is a system that uses EVENTS to find this…
IT world vs. OT world
How big a problem is OT?
There will be 75 000 000 000 inteligent devices in 2025
Coffee break
Are your printers secure?
Are your phones secure?
How about air-condition?
In 2013, hackers managed to get the credit card details of 41 million shoppers by targeting the air
conditioning system of the retail giant Target.
And your coffee machines?
Professional Security Magazine Online, 2019
In which industry data breach costs most?
6.45 million
in healthcarePonemon, 2019
Why?
QRadar use case example
A problem:
Healthcare data breaches
Root cause of a problem:
DICOM
Fix it:
With Qradar IT IS SIMPLE
ProPublica, 2019
DICOM
Digital Imaging and Communications in Medicine
Developed in 1985
“With MedTouch, a one-stop solution
provides you with a smarter way to
control the ultrasound device, access
patient data and inbuilt tutorial software
via your android operated smart device.”
Mindray Offical Website
https://morphuslabs.com/how-i-got-into-hacking-ultrasound-machines-part-01-432fce2e3ca7
DICOM problem 1
Do we know all the devices?
What is SIEM
It is a system that uses events and FLOWS to find this…
DICOM problem 2
Data exfiltration
DICOM problem 3
Credentials sharing
DICOM problem 4
Password eavesdropping
Ransomware against healthcare
Ready to use rules packages for QRadar
What is SIEM
It is a system that uses events, flows and THREAT INTELLIGENCE to find this…
Threat Intelligence
Log
sourcesLogs QRadar
Flow
sourcesFlows
X-Force
Feeds
What is SIEM
It is a system that uses events, flows, threat intelligence and VULNERABILITIES to find this…
QRadar Vulnerability Manager + QRadar Risk Manager
Why QRadar?
Fast start!
More than 350 OOTB rules
(to use and to learn)
All you need to do is to configure event acquisition
Automatic log source creation
How many integrations QRadar has?
What is my application is not supported?
You can create your own parser
In DSM Editor
Of course, we may be biased…
Do not believe me! Try it!
Fully functional SIEM – QRadar Community Edition
50 EPS
5000 FPM
Do I really need SIEM?
Do I really need SIEM?
Maybe my SOC team will be enough?
1 offense per 9 000 000 events
And this is what I call…
Do I really need SIEM?
