top of page

IBM QRadar and Cisco Firepower integration

IBM® Security QRadar SIEM (First you have to know what SIEM actualy means! Please refer to @1) is a tech platform developed by IBM to provide a 360-degree overview of an organization’s security system. The platform can detect security offenses report them.

@1 :SIEM software collects and aggregates log data generated throughout the organization's technology infrastructure, from host systems and applications to network and security devices such as firewalls and antivirus filters.

QRadar normalizes events that come from a security system’s log sources and correlates them according to certain rules configured in QRadar. These rules are generated by applying certain relevant conditions to address the requirements of a specific computer network.

To correctly detect offenses (such as an attempt to steal confidential data or install malware/ransomware on an employee’s PC), QRadar needs to be properly fine-tuned after it has been deployed. The tuning can be performed by an organization’s local security team, if are qualified enough or by service companies’ SIEM consultants.

Such a solution may be useful for companies with large IT environments. The larger the environment, the tougher it is to perform such detection manually. Also, it’s practically impossible, as manual audit is too time- and resource-consuming.

Cisco Firepower System App for QRadar provides you with at-a-glance views of malware and intrusion events collected and generated by the system. The panels provides key metrics on recent attacks, malware observed by frequency and machines that are believed to be compromised. The App provides data regarding Potential Indicators of Compromise, Indicators of Compromise by Host, Malware Threats, Intrusion Events, Host Receiving Malware and Host Sending Malware. QRadar users can drill down into each chart to show the relevant data. Users can select a time window up to 168 hours.

Thanks to a joint effort between Cisco Security and IBM Security, IBM QRadar customers running Cisco Firepower Next-Generation Firewall can implement advanced threat detection with a new app from the IBM App Exchange: the QRadar App for Firepower. The app is installed as a dashboard in the QRadar user interface (UI) with its own tab, providing a place for security analysts to look at various metrics and immediately focus on critical security events reported by Firepower

The Firepower App for QRadar is the first of several apps being developed for joint customers that will be available in the first half of 2018. Other apps coming out soon include IBM QRadar integrations with Cisco Threat Grid, Identity Services Engine (ISE), and Stealthwatch and Cloud (Umbrella and Cloudlock), as well as IBM Resilient Incident Response Platform (IRP)integrations with Cisco Threat Grid.

TRADEMARK LEGAL NOTICE All product names, logos, and brands are property of their respective owners in the Austria or other countries.All company, product and service names used on this website are for identification purposes only. Pheniix is notaffiliated with or an official partner of Cisco, CompTIA,Dimension Data, VMware, Amazon, Microsoft, Certified Ethical Hacker, (ISC)², Juniper, Wireshark, Offensive Security,Google, GNS3, F5, Python, Linux, Java, Openstack, Vagrant, Ansible, Docker, GIT, , Blockchain or other companies.Use of these names, logos, and brands does not imply endorsement.The opinions expressed on pheniix are personal perspectives and not those of Cisco , Dimension Data or any other company. Pheniix runs as an independent blog.

#2019 #MikeGhahremani #IBM #Cybersecurity #SIEM #security #malware #Qradar #IBMSecurity #CiscoSecurity #CiscoNetworkingAcademy #CiscoPartners #CiscoFIREPOWER #firepower #integration

bottom of page