IBM QRadar + IntSights TIP: Getting ahead of the Adversaries

Crest developed the QRadar App for IntSights integrating IntSight’s Cyber Threat Intelligence and QRadar to rationalize the threat data and surface the targeted attacks which would otherwise be “noise”.


Home > Case Studies > IBM QRadar + IntSights TIP: Getting ahead of the Adversaries

 

Executive Summary

Leverage the IntSights’ Cyber Threat Intelligence to gain deep insights gathered across clear, deep and dark web to

predict the tactics, techniques and procedures of the adversaries and achieve comprehensive security.

IntSights is revolutionizing cybersecurity operations with the industry’s only all-in-one external threat protection platform designed to neutralize cyberattacks outside the wire. Our unique cyber reconnaissance capabilities enable continuous monitoring of an enterprise’s external digital profile across the open, deep, and dark web to identify emerging threats and orchestrate proactive response. Tailored threat intelligence that seamlessly integrates with security infrastructure for dynamic defense has made IntSights one of the fastest-growing cybersecurity companies in the world.

 

Business Challenge

Security Information & Event Management(SIEM) is one of the most powerful tool of any security infrastructure. However, the effectiveness of SIEM relies on the quality of the ingested data. SIEM, if flooded with un-validated and raw threat data leaves the security team inundated with false positives. To fully capitalize the power of SIEM, it is required to be supported by data from other technologies like threat intel platform. The next set of challenges is the quality of intelligence data to be considered for SIEM. Signature based reputation feeds and threat feeds typically provide intelligence about common malware and attack activities happening around the globe. Although this is helpful in securing our enterprise against already identified threats, the enterprise largely remains unprotected against targeted attacks. There’s a strong requirement for intelligence that is adversary focussed, forward looking and finally a customized threat intelligence tailored for the customer.

 

Customer Solution

Crest developed the QRadar App for IntSights integrating IntSight’s Cyber Threat Intelligence and QRadar to rationalize the threat data and surface the targeted attacks which would otherwise be “noise”. The integration surfaces the enterprise events correlated with threat intelligence presenting the SOC team with operational intelligence with rich context. The integration allows real time correlation with high volume security telemetry greatly reducing the mean time to detect MTTD. By enriching the alerts with security context from IntSights, the analysts have all the required information at one place reducing the need to hop through multiple systems. Leveraging the IntSights’s intintelligence from clear, deep and dark web, QRadar is well equipped to proactively neutralize the adversary.

 
Previous
Previous

Trustar: Trustash integrations

Next
Next

Mission Control Plugins