IBM Security QRadar

For twelve consecutive times, Gartner has named IBM  a Leader in the Gartner Security Information and Event Management (SIEM) Magic Quadrant. Our Leader position in the 2021 report is a result of completeness of vision and ability to execute.

Integrated visibility, detection, investigation, and response

Some of the aspects of the QRadar solution that contributed to our ranking are listed below.  If you’re not yet using these capabilities, take a minute to check them out to see how they can help you improve threat detection while simplifying the on-going management of data and analytics:

• Simplified deployment and management of analytics, with the ability to visualize and report on current and potential MITRE ATT&CK coverage. (IBM Security QRadar Use Case Manager)

• The ability for users to create their own cloud integrations to extend visibility and monitoring capabilities. (Universal Cloud Connector, IBM Security QRadar Cloud Visibility)

• Natively included UBA, which is also included in the core SIEM license, to help identify abnormal user behavior potentially indicative of credential theft and/or malicious insiders. (IBM Security QRadar User Behavior Analytics)
• Natively integrated network analytics that offers network visibility and threat detection for both on-premises and virtualized cloud environments. Newly notable here is last week’s release of Network Threat Analytics, which uses machine learning to baseline network activity, identify anomalies, and assign risk scores to suspicious networks flows to help users better identify threats. This new capability is included free with QRadar Flows licenses. (QRadar Network Insights, IBM Security QRadar Network Threat Analytics)
• Risk priority modeling that determines the priority level of each Offense based on local and enriched threat context, ATT&CK Tactics and Techniques observed, and learned Offense disposition patterns within the unique customer environment. This AI-investigation and risk modeling helps analysts make more informed triage decisions, better understand threats and better visualize threat progression across the environment. (IBM QRadar Advisor with Watson)
  
• Integrated SOAR that helps enable collaboration between SOC and Incident Response and reduces the need to switch between screens during the response process. (IBM Security SOAR)
• The IBM Security App Exchange for a robust, open, and IBM-validated security ecosystem that enables more seamless, end-to-end SOC processes with less integration and development work.
• Low-cost log-only offering that enables customers to store high volumes of less security-relevant data without counting against the EPS licensing, which helps customers better manage their SIEM and Logging costs. (QRadar Data Store)
• New SaaS and pricing options (based on either the size of the infrastructure or organization being secured) that lead to more predictable OPEX costs. (IBM Cloud Pak for Security, IBM Cloud Pak for Security as a Service)

To learn more, download the full report, read our blog, or attend our webinar where we will discuss the changing security landscape, how QRadar is adapting, and the future of SIEM.