In this article, we will show you how CrowdStrike Falcon® integrates with IBM Security QRadar and IBM Security Resilient to offer an end-to-end threat management process to transform an organization’s security posture. Together, we deliver simplified solutions to protect against, accurately respond to and mitigate cyber threats with speed.
IBM Security QRadar and CrowdStrike: Detect Threats Faster for Quicker Remediation
Now more than ever, as organizations are moving toward accelerated digital transformation strategies, the speed to identify threats for faster remediation is key to reducing downtime and the overall impact of cyberattacks. The integration between CrowdStrike and QRadar allows your security team to move efficiently and share endpoint telemetry and context from CrowdStrike to QRadar for further analysis, tracking and logging to deliver faster detection and remediation.
CrowdStrike sends a feed of malicious activity events identified by CrowdStrike Falcon sensors to enable malware detection and prioritize threats. These detections are sent as events to QRadar where customers can create offenses based on their event processing. The additional details, provided by CrowdStrike, reflect the event type, which allows for more effective event correlation, activity baselining and anomaly detection to then prioritize offenses by credibility and severity relevance.
IBM Security Resilient and CrowdStrike: Accelerate Remediation with Automation
Once a threat is detected in QRadar, it can seamlessly be escalated into Resilient to create an incident, investigate further and remediate the incident. The integration between Resilient and CrowdStrike enables fast incident enrichment by importing detections and IOCs from CrowdStrike into Resilient. The integration can be added to your incident response playbooks, and it can be automated by leveraging the CrowdStrike APIs. Automation can help reduce manual tasks, which saves security analysts valuable time and allows them to focus on important decisions such as determining the severity of the threat and kicking off the remediation process.
- Accelerate threat detection in QRadar with endpoint detections from CrowdStrike.
- Seamlessly create security incidents for faster investigation and remediation.
- Accelerate threat investigations with endpoint detections from CrowdStrike.
- Enable faster remediation by security teams to minimize downtime and impact from cyberattacks.
QRadar platform capabilities:
- Ingest and view detection from the CrowdStrike event stream’s API
- Upload custom IOCs to your watchlists
- Network-contain devices from the event details screen
- Directly link to the Falcon platform to remediate further
Resilient platform capabilities:
- Create incidents from Falcon endpoint detections
- Upload custom IOCs
- Update detection status
- Update device containment status
- Show device details
- Show a list of devices in a data table on which the selected IOC is run on
The power of combining CrowdStrike endpoint telemetry with QRadar and Resilient gives analysts the ability to immediately identify related infrastructure and coordinate their response efforts for faster remediation.
Leveraging the CrowdStrike Falcon APIs, IBM Security applications offer an end-to-end process to threat management with endpoint data from CrowdStrike.
Analysts can expect accelerated threat detection and more-efficient incident response efforts.
Customers of IBM Security QRadar and IBM Security Resilient can download the CrowdStrike applications from the IBM Security App Exchange.[EMG1]
Learn more about these integrations by hearing from the technical experts! Join the IBM Security Community webinar highlighting the integrations with CrowdStrike on October 20 at 11 a.m. EDT/8 a.m. PDT. Register here.
You can also get hands-on with the Falcon platform at Fal.Con 2020, the 4th annual CrowdStrike Cybersecurity Conference, on October 15 — registration for this virtual event is free.