IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

ReliaQuest Spotlight: QRadar on AWS

By George Mina posted Fri March 05, 2021 07:45 AM

  

ReliaQuest Spotlight: QRadar on AWS
Global cybersecurity leader offers flexible deployment models to accelerate their clients’ journey to AWS


ReliaQuest, a global leader in cybersecurity, delivers a services-enabled technology platform to help organizations achieve consistent security outcomes. By combining technology innovation with 24/7 global technical expertise, ReliaQuest takes a collaborative approach to security, connecting and optimizing the tools and processes customers already have in place while enabling organizations to accelerate their digital transformation.

Background
A trusted IBM Security partner for over a decade, ReliaQuest has been at the forefront of providing customers with confidence in their security programs
and investments so that they can thrive in the face of uncertainty. With deep expertise in IBM Security QRadar, ReliaQuest helps joint customers accelerate time to value by delivering increased visibility, automated threat detection and faster response.

The team leverages QRadar to arm customers with high fidelity threat intelligence and ongoing validation of detection content, giving security teams the best mechanism to see and reduce risk as part of the broader ReliaQuest GreyMatter SaaS platform. GreyMatter expedites threat response by piecing together disparate threat telemetry, driving greater effectiveness of their existing Investments.

The Journey to AWS
As more organizations accelerate their move to cloud to drive business innovation and customer success, ReliaQuest continues to drive a unified
approach to security for their clients, extending threat management capabilities across on-premise, hybrid and multi-cloud environments. ReliaQuest has seen significant growth in hybrid cloud deployments of QRadar for a wide range of their cross-industry clients. By 2023, Gartner predicts that 90% of SIEM capabilities will be delivered only through the cloud. 

One of the major focus areas for ReliaQuest has been around AWS. In fact, their QRadar development and training environment runs fully on the AWS Cloud along with their GreyMatter platform.

Flexibility is one of the primary drivers that ReliaQuest hears from clients as they migrate more of their workloads to AWS. The deployments range from large enterprise clients who have fully deployed QRadar on AWS along with a number of others who are deploying hybrid and multi-cloud models. Regardless of where a customer chooses to deploy QRadar, the outcomes ReliaQuest delivers remain consistent.

“We're seeing organizations invest a significant amount of resources towards the cloud - whether it's a full cloud, multi-cloud or hybrid environment, the support we provide remains consistent across our customer base because of QRadar’s flexible deployment models”
    Mason Vensland, Tier 3 Functional Engineer, ReliaQuest

Security Outcomes
As organizations accelerate the adoption of cloud architecture, “securing the cloud” is often an afterthought. It’s a relatively new concept for many companies and more times than not, security teams struggle with getting the visibility they need to effectively protect the business.

ReliaQuest helps customers overcome these hurdles by leveraging a broad set of QRadar integrations with AWS native services. A common use case for example, is enabling AWS CloudTrail logging in QRadar to provide visibility into potentially malicious activity, such as unauthorized changes to the platform. They also leverage QRadar’s integration with Amazon GuardDuty to help customers detect things like network-based attacks as well as AWS IAM abuses.

By helping IBM Security QRadar customers integrate and correlate data from Amazon Web Services, ReliaQuest delivers industry-leading visibility and robust threat coverage at every phase of the attack Lifecyle.

“As we moved operations to AWS, ReliaQuest delivered the expertise and partnership we needed to meet our project timelines.”
    – Sr. Manager Information Security

Looking for ideas on what to watch for in your AWS environment? The ReliaQuest team offers some guidance by narrowing down the top 10 use cases
  1. Misconfigured access policies (Public Access, Security Groups, etc.)
  2. Large data outflow (S3 bucket, VPC, etc.)
  3. Deletion of AWS Objects (S3 buckets, configurations, instances, etc.)  
  4. Rapid termination of production EC2 instances
  5. Discovery of unused security groups
  6. Multiple failed access attempts from same source IP/different geographies
  7. Configuration changes to disable logging
  8. Persistence with new unauthorized accounts, group additions, or API keys
  9. Backdoored AWS images uploaded
  10. Anomalous Access Attempts (non-standard users, location, threat IOC, privileged accounts, user agents, etc.)
Leading security organizations trust the ReliaQuest GreyMatter unified threat detection, investigation and response platform to reduce complexity and drive efficiencies leading to reduced risk and optimized investments.

IBM Security and AWS Solution components:
  • IBM Security QRadar
  • AWS CloudTrail
  • Amazon CloudWatch
  • Amazon GuardDuty
Not referenced in blog but supported:
  • VPC flow logs
  • Amazon CloudFront

 


#Featured-area-1
#Featured-area-2
#Featured-area-2-home
1 comment
1172 views

Permalink

https://community.ibm.com/community/user/blogs/george-mina1/2021/03/04/reliaquest-spotlight-qradar-on-aws

Comments

Jennifer Barraclough
Fri March 05, 2021 10:18 AM

Incredible work with an amazing MSSP! Congratulations to all.