ibm qradar - atea · 2020. 3. 5. · qradar use case example a problem: healthcare data breaches...
TRANSCRIPT
![Page 1: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/1.jpg)
IBM QRadarSIEM BENEFITS FOR COMPANY NETWORK VISIBILITY AND ANALYTICS
![Page 2: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/2.jpg)
Which picture scares you more?
![Page 3: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/3.jpg)
Do you remember this?
![Page 4: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/4.jpg)
Time to identify and contain a breach
279 daysPonemon, 2019
![Page 5: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/5.jpg)
Fear not! We have Qradar!
Security Information and Event Management
It is a system that uses EVENTS to find this…
![Page 6: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/6.jpg)
IT world vs. OT world
![Page 7: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/7.jpg)
How big a problem is OT?
There will be 75 000 000 000 inteligent devices in 2025
![Page 8: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/8.jpg)
Coffee break
![Page 9: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/9.jpg)
Are your printers secure?
![Page 10: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/10.jpg)
Are your phones secure?
![Page 11: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/11.jpg)
How about air-condition?
In 2013, hackers managed to get the credit card details of 41 million shoppers by targeting the air
conditioning system of the retail giant Target.
![Page 12: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/12.jpg)
And your coffee machines?
Professional Security Magazine Online, 2019
![Page 13: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/13.jpg)
In which industry data breach costs most?
6.45 million
in healthcarePonemon, 2019
Why?
![Page 14: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/14.jpg)
QRadar use case example
A problem:
Healthcare data breaches
Root cause of a problem:
DICOM
Fix it:
With Qradar IT IS SIMPLE
ProPublica, 2019
![Page 15: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/15.jpg)
DICOM
Digital Imaging and Communications in Medicine
Developed in 1985
“With MedTouch, a one-stop solution
provides you with a smarter way to
control the ultrasound device, access
patient data and inbuilt tutorial software
via your android operated smart device.”
Mindray Offical Website
https://morphuslabs.com/how-i-got-into-hacking-ultrasound-machines-part-01-432fce2e3ca7
![Page 16: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/16.jpg)
DICOM problem 1
Do we know all the devices?
![Page 17: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/17.jpg)
What is SIEM
It is a system that uses events and FLOWS to find this…
![Page 18: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/18.jpg)
DICOM problem 2
Data exfiltration
![Page 19: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/19.jpg)
DICOM problem 3
Credentials sharing
![Page 20: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/20.jpg)
DICOM problem 4
Password eavesdropping
![Page 21: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/21.jpg)
Ransomware against healthcare
Ready to use rules packages for QRadar
![Page 22: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/22.jpg)
What is SIEM
It is a system that uses events, flows and THREAT INTELLIGENCE to find this…
![Page 23: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/23.jpg)
Threat Intelligence
Log
sourcesLogs QRadar
Flow
sourcesFlows
X-Force
Feeds
![Page 24: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/24.jpg)
What is SIEM
It is a system that uses events, flows, threat intelligence and VULNERABILITIES to find this…
![Page 25: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/25.jpg)
QRadar Vulnerability Manager + QRadar Risk Manager
![Page 26: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/26.jpg)
Why QRadar?
Fast start!
More than 350 OOTB rules
(to use and to learn)
All you need to do is to configure event acquisition
Automatic log source creation
![Page 27: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/27.jpg)
How many integrations QRadar has?
![Page 28: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/28.jpg)
What is my application is not supported?
You can create your own parser
In DSM Editor
![Page 29: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/29.jpg)
Of course, we may be biased…
![Page 30: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/30.jpg)
Do not believe me! Try it!
Fully functional SIEM – QRadar Community Edition
50 EPS
5000 FPM
![Page 31: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/31.jpg)
Do I really need SIEM?
![Page 32: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/32.jpg)
Do I really need SIEM?
Maybe my SOC team will be enough?
1 offense per 9 000 000 events
And this is what I call…
![Page 33: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/33.jpg)
Do I really need SIEM?
![Page 34: IBM QRadar - ATEA · 2020. 3. 5. · QRadar use case example A problem: Healthcare data breaches Root cause of a problem: DICOM Fix it: With Qradar IT IS SIMPLE ProPublica, 2019](https://reader035.vdocument.in/reader035/viewer/2022071411/61069d7dfe04553e11234d5c/html5/thumbnails/34.jpg)