Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Building a Next-Gen SOC with IBM QRadar

You're reading from   Building a Next-Gen SOC with IBM QRadar Accelerate your security operations and detect cyber threats effectively

Arrow left icon
Product type Paperback
Published in Jun 2023
Publisher Packt
ISBN-13 9781801076029
Length 198 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Ashish Kothekar Ashish Kothekar
Author Profile Icon Ashish Kothekar
Ashish Kothekar
Arrow right icon
View More author details
Toc

Table of Contents (18) Chapters Close

Preface 1. Part 1: Understanding Different QRadar Components and Architecture
2. Chapter 1: QRadar Components FREE CHAPTER 3. Chapter 2: How QRadar Components Fit Together 4. Chapter 3: Managing QRadar Deployments 5. Part 2: QRadar Features and Deployment
6. Chapter 4: Integrating Logs and Flows in QRadar 7. Chapter 5: Leaving No Data Behind 8. Chapter 6: QRadar Searches 9. Chapter 7: QRadar Rules and Offenses 10. Part 3: Understanding QRadar Apps, Extensions, and Their Deployment
11. Chapter 8: The Insider Threat – Detection and Mitigation 12. Chapter 9: Integrating AI into Threat Management 13. Chapter 10: Re-Designing User Experience 14. Chapter 11: WinCollect – the Agent for Windows 15. Chapter 12: Troubleshooting QRadar 16. Index 17. Other Books You May Enjoy

QRadar Components

We live in a digital age in which the paradigms of security have changed. In the past, wars were fought on battlefields. Now, digital space is where the security of a nation-state, an enterprise, or an individual is threatened. Gartner predicts that by 2025, cyber attackers will use weaponized technology to harm or kill humans. Earlier, cyberattacks were restricted to things such as denial of services, information theft, and ransomware.

These cyberattacks have a heavy financial toll (billions of dollars), cause disruption in production, cause intellectual property to be stolen, and eventually, the brand reputation is tarnished. This is a never-ending battle in this digital age. Security vendors have come up with hundreds of security products and solutions to counter these cyberattacks. IBM has been at the forefront and is leading the security space with top-of-the-line products and solutions.

To understand the impact of a cyberattack, we just have to look a few years back at what happened with Ashley Madison. Ashley Madison was a dating app for those who were married, and the slogan they used to advertise then was “Life is short. Have an affair.” Not surprisingly, the service had 37 million subscribers.

And then the unthinkable happened for the subscribers of the site. Ashley Madison used the weakest password encryption algorithm, and it was easily hacked. A hacker group called the Impact Group gave Ashley Madison 30 days to pay a ransom. As Ashley Madison did not pay, on the 30th day, they released about 60 GB of data with the names, email addresses, credit card numbers, and other details of the subscribers on the dark net. Soon, the media and the crooks started looking for famous personalities to hold them for ransom. The hack soon became public knowledge, leading to a large number of breakups, divorces, and even suicides. The financial implications of such breaches are unaccountable. The site and the brand of Ashley Madison were damaged permanently.

The point that needs to be understood from this scenario is that security breaches can cost lives, and hence any organization (whether it be a dating website, a bank, or a telecom company) needs to be on top of its game when it comes to security.

IBM QRadar is a solution suite that provides enhanced threat intelligence and insights into cyberattacks. These insights help organizations automate responses to threats and also help in devising new strategies to counter cyberattacks. An organization uses hundreds of enterprise solutions and security products from different vendors, such as firewalls, Endpoint Detection Response (EDR), Intrusion Prevention System (IPS), Data Loss Prevention (DLP), and so on. IBM QRadar seamlessly integrates with all these products, consumes all the security data from them, and provides security alerts or insights that are actionable.

In this book, we will learn more about how to build your next-generation Security Operations Center (SOC) using the IBM QRadar solution suite. To understand IBM QRadar and how it functions, it is important to understand the different components. We call all these different QRadar components managed hosts (apart from the Console).

In this chapter, we will discuss various QRadar services for each component, which should be a good starting point to design the architecture for your SOC. As per different requirements, different components can be used in the deployment. Various aspects such as deployment types, scaling, upgrades, and licensing are discussed in corresponding chapters. In this chapter, however, we’re going to cover the following main topics:

  • Understanding the QRadar Console
  • Exploring event data
  • Exploring flow data
  • Getting to know the Data Node
  • Investigating QRadar components
You have been reading a chapter from
Building a Next-Gen SOC with IBM QRadar
Published in: Jun 2023
Publisher: Packt
ISBN-13: 9781801076029
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime