IBM Security QRadar

New Features for IBM QRadar on AWS

By Patrick Routh posted Wed June 19, 2019 09:25 AM


Updated AWS Integrations for IBM QRadar

  • Amazon S3 Protocol adding support for Multi-Account, Multi-Region, and VPC Flow Logs
  • Enables QRadar customers to more efficiently consume AWS CloudTrail data from Amazon S3 object storage using Amazon Simple Queue Service (SQS)

vpcflowsgrouped.pngVPC Flows Visualization with QRadar Cloud Visibility

Cloud is Trending Up

As global enterprises rapidly migrate workloads and applications to cloud architectures like Amazon Web Services, it becomes cumbersome to configure and maintain management and security policies in these dynamic environments. This makes it very difficult for security teams to effectively monitor, detect, and react to potential threats in the cloud. Business units within an enterprise often work in isolation on individual projects and leverage the cloud to accelerate efforts. This leads to security teams having to manage multiple AWS accounts for various teams across an organization. It is also common for businesses to have data distributed globally across the many supported AWS data centers spanning 5 continents (Amazon is planning to open a datacenter in Africa later in 2019). Both of these contributing factors introduce challenges for the enterprise.


How Cloud Growth and Complexity is Affecting Security

An enterprise is a complicated entity with a large number of moving parts with different interests and objectives driving decisions. In the cloud-space, this generally results in multiple enterprise cloud accounts and rapid growth of data and application workloads moving to cloud environments. Managing data and applications in multiple cloud accounts across many global regions presents a major challenge to security teams.


IBM QRadar’s Cloud-Native Strategy

QRadar is taking the cloud-native approach leveraging Amazon cloud services to simplify data ingestion from AWS. QRadar’s updated Amazon S3 Protocol optimizes AWS CloudTrail data collection for multi-account and multi-region AWS environments pulling data from various S3 buckets into a single source for QRadar to consume. This streamlined ingestion enables security teams to quickly analyze large volumes of data, detect threats or malicious activity, and respond at the speed of the cloud.


Available Now
Download the updated Amazon S3 protocol here at IBM Support Fix Central
(QRadar weekly auto-updates will automatically add this updated protocol)


IBM QRadar - Create an SQS Queue

Amazon Simple Queue Service – Documentation

Amazon CloudTrail


Protocol Common is required when manually installing the update


Patrick Routh

Offering Manager – QRadar Cloud Security