IBM QRadar + IntSights TIP: Getting ahead of the Adversaries
Crest developed the QRadar App for IntSights integrating IntSight’s Cyber Threat Intelligence and QRadar to rationalize the threat data and surface the targeted attacks which would otherwise be “noise”.
Home > Case Studies > IBM QRadar + IntSights TIP: Getting ahead of the Adversaries
Executive Summary
Leverage the IntSights’ Cyber Threat Intelligence to gain deep insights gathered across clear, deep and dark web to
predict the tactics, techniques and procedures of the adversaries and achieve comprehensive security.
Business Challenge
Security Information & Event Management(SIEM) is one of the most powerful tool of any security infrastructure. However, the effectiveness of SIEM relies on the quality of the ingested data. SIEM, if flooded with un-validated and raw threat data leaves the security team inundated with false positives. To fully capitalize the power of SIEM, it is required to be supported by data from other technologies like threat intel platform. The next set of challenges is the quality of intelligence data to be considered for SIEM. Signature based reputation feeds and threat feeds typically provide intelligence about common malware and attack activities happening around the globe. Although this is helpful in securing our enterprise against already identified threats, the enterprise largely remains unprotected against targeted attacks. There’s a strong requirement for intelligence that is adversary focussed, forward looking and finally a customized threat intelligence tailored for the customer.
Customer Solution
Crest developed the QRadar App for IntSights integrating IntSight’s Cyber Threat Intelligence and QRadar to rationalize the threat data and surface the targeted attacks which would otherwise be “noise”. The integration surfaces the enterprise events correlated with threat intelligence presenting the SOC team with operational intelligence with rich context. The integration allows real time correlation with high volume security telemetry greatly reducing the mean time to detect MTTD. By enriching the alerts with security context from IntSights, the analysts have all the required information at one place reducing the need to hop through multiple systems. Leveraging the IntSights’s intintelligence from clear, deep and dark web, QRadar is well equipped to proactively neutralize the adversary.