Getting started with the IBM QRadar security intelligence platform

cima_SecurityIntelligence.jpg

In the last post in our series on security intelligence, we provided a brief introduction to the IBM QRadar SIEM platform, and how it can be influential in solving the security issues that so many different companies are facing in today’s high-risk IT environment. We  hope our post got you started thinking about how QRadar could benefit an organization like yours. However, a lot of the practical issues behind security intelligence still remain: that is, many organizations out there are well aware of the fact that they need something new to keep up with the new security threats they’re facing, but still have a hard time understanding how they would go about adopting QRadar as that new thing they need.

In this post, we’ll take a quick look at how an organization like yours can get started adopting a security intelligence platform such as QRadar.

1. Understand the comprehensive capabilities that QRadar offers

If there’s one word that could be used to best describe QRadar, it would be “comprehensive.” As a security intelligence platform, it’s designed to address the complete spectrum of security concerns you might have, from identity management, to application security, to fraud protection, to protection for both data and infrastructure. If you adopt QRadar just for one or two of its capabilities, you’ll simply be selling yourself short, so make sure you take the time to learn  about everything it can do.

2. Take advantage of generic use cases to jump start your platform

Over time, you’ll want to customize your QRadar platform for your unique organization and the industry you operate in, but that doesn’t mean you have to start from scratch. Certain use cases apply to all organizations, and QRadar recognizes this fact. You can take advantage of a variety of built-in rules, alerts, reports and dashboards to accelerate your QRadar adoption.

3. Identify key sources of data

As an intelligence platform, QRadar needs quality data in order to deliver results. However, in order to make sure that your QRadar adoption is streamlined and not overwhelming, you’ll want to avoid using too much data right from the start. To begin with, focus your efforts on the basics: things like authentication events, OS administration logs, and anti-malware logs. Starting with these key data sources will help you get started enjoying results from your QRadar adoption, and then allow you to grow more sophisticated over time.

4. Understand what threats affect your business the most

The common use cases we mentioned earlier are a great place for an organization to get started when it comes to QRadar, but of course, you really have to grow beyond them eventually in order to really make the most of the platform.

Over time, start thinking about the use cases that are unique to your business. There must be some specific reason your company is interested in deploying QRadar now; some specific threat that is of particular concern to your organization, its customers, and the industry you operate in. Identify those threats, and you’ll have a good starting point for growing your QRadar platform.

5. Learn how to make the most of your platform

Finally, it’s important to remember that when you implement a new solution like QRadar, there’s no reason to expect that you’ll be able to pick up on everything it’s capable of right from the start. QRadar is a powerful platform made up of a diverse set of solutions; in order to really get a handle for everything it can do, you’ll need to educate yourself a bit. Consider taking advantage of training options to learn more about what you can do with QRadar, or take the time to reach out to others in the security intelligence community to learn from their experiences.

Getting started with QRadar may not be the easiest thing you’ve ever had to do as a security professional, but the results will certainly be worth the effort. Check back soon for the final post in our series on security intelligence, where we’ll discuss those results in further detail.

Take a moment and watch this video on how to choose a security intelligence platform. IBM’s Kevin Skapinetz explains how bringing an integrated approach to security makes your organization more intelligent when it comes to responding to threats.

WATCH VIDEO

– Kevin

Kevin Grace is the General Manager for our Arkansas and Oklahoma offices and is a Senior Systems Architect with over 15 years of technical experience working across many different platforms. Before joining CIMA, Kevin worked for IBM as a Systems Sales Specialist in their Power, Pure and System Z brands. Prior to that, Kevin served as the Division Director of Enterprise Systems Management for the State of Arkansas’ Department of Information Systems where he directed over 100 employees managing the state’s infrastructure and application environments. He is also a Certified Advanced Technical Expert in Power Systems. Kevin enjoys spending time with his family, coaching baseball and listening to music in his spare time.

Share: