IBM Security QRadar

Safeguarding Data With Proactive Threat Detection

By SANDEEP PATIL posted Sun January 17, 2021 11:06 PM


It’s a data-driven world and data is the new crown jewel that serves as one of the key assets for the growth of an organization. Data is also assisting organizations to discover new business insights, identify buying patterns, business trends, customer behavior and more—all of which are required for business strategy and planning. With this exponential data growth and critical dependence, it’s important to safeguard data from various cyberattacks. In recent times, the world has seen a surge in cyberattacks with malicious intentions targeted towards data making the need for cyber resiliency a must.

Most cyberattacks target data and ones like ransomware lock down access to data which may stall the production. Data resides on storage and hence it is vital for storage systems to be resilient and designed with a data-centric security approach. In many deployments, perimeter-based security strategy is exercised but there’s a need for a more cohesive and integrated solution deployment strategy which includes storage for protecting the data against cyberattacks. IBM has come up with a solution that aids in proactive detection of threats by integrating Security Information and Event Management (SIEM) solutions with events from storage and safeguarding the data by sending insights to storage to take protective actions like snapshots of data.

Proactive Threat Detection and Safeguarding of Data

IBM Spectrum Scale storage systems add the next- level performance, data protection, availability and resilience for high-performance unstructured data workloads running on IBM Power and IBM LinuxONE across hybrid multicloud deployments. IBM Spectrum Scale provides world-class storage management with extreme scalability, flash accelerated performance and automatic storage tiering capabilities. It features with secure data at rest and ensures secure data in motion and file audit logging capabilities which logs every access to data which helps to foster the security posture of the deployment.

From a security perspective, IBM QRadar is one of the most advanced SIEM solutions in the market today. It’s a network management platform that provides situational awareness, event management, and data recollection into a central console. This console normalizes the data, correlates signatures, events and flows, and also analyzes traffic for any potential threat within a technical environment. IBM QRadar uses a combination of flow-based network knowledge, event correlation, and asset- based vulnerability assessment.

"Securing Data on Threat Detection Using IBM Spectrum Scale and IBM QRadar" is an integrated solution where file access events from IBM Spectrum Scale are routed to IBM QRadar which is then configured for threat detection or detection of business policy on data access violation. The solution further allows administrators to automate the safeguarding of data when a threat is detected by IBM QRadar by allowing QRadar to signal IBM Spectrum Scale to take a snapshot of all classified data.

As an example, if a business policy prevents a specific set of users from accessing data hosted on IBM Spectrum Scale post business hours and if there is such access, the solution will proactively detect it and safeguard the data via storage snapshots. These manifestations can be expanded to meet the business needs including scenarios around ransomware attacks.

Figure 1: Threat Detection using IBM Spectrum Scale and IBM QRadar

IBM offers clients a suite of security and resilience capabilities across its platform and the solution further enhances the deployments to safeguard the crown jewel of any business: the data.

More Resources

A detailed blueprint of the described solution is available as a Redbook for practitioners to leverage and improve the security of data hosted on IBM Spectrum Scale.

Solution Brief:

Watch a demo: