Improving Response to Threats with IBM Sense Analytics Engine

Improving Response to Threats with IBM Sense Analytics Engine


QRadar has always done advanced analytics
as part of security intelligence. And as we improve that over time and continually add
more analytics, we now call this sense analytics. The offenses in QRadar are a compilation of
events and interesting things that happened over very long periods of time. Literally
the vulnerabilities could have been discovered yesterday on the host. All of a sudden we
see a suspicious event coming form a database server today. That may lay dormant in the
system for a long period of time and a month later, all of a sudden there’s a connection
made to the internet that is going to an unknown source. All of these can start to come together
in that one offense to describe why we believe this particular host has an issue. All of
that is important, because if you only do stuff in a single point in time, you never
get that broad visibility. User and host profiles are a key part of any
QRadar system. It’s very important that we actually understand everything about the
given asset, be it a mobile endpoint, a virtual machine, a physical endpoint and we also have
to understand what users are using those resources. QRadar brings
that altogether in these profiles to add context to the offenses when you’re trying to solve
a security incident. To a CISO, the benefit of sense analytics
is the ability to do everything from the simplest log collection to gain visibility across the
entire organization; to the ability to prioritize all of the incidents that are happening, so
the key ones are triaged first and build a workflow and remediation plan around that;
to bringing in threat intelligence and making that actionable for the day-to-day SOC users.
All of this is sense analytics.

Leave a Reply

Your email address will not be published. Required fields are marked *