Security information and event management or SIEM pertain to software products and solutions for managing security information and security events. Their functionalities generally revolve around real-time analysis, recording or storing, and presenting of security issues generated by other software applications or hardware products (Schultz, 2013). Using any SIEM product allows an organization to detect and respond to security attacks and issues, as well as provide them with records and documentation for compliance purposes. The recorded and documented security events can also be referenced for auditing purposes. Also, a SIEM product gives companies additional protection from security attacks and issues by minimizing risks and keeping concerned individuals or teams alert and prepared.
From those above, having a SIEM product or solution is essential to maintaining and promoting the security of any IT infrastructure. Note that the five pillars of information security include protection, detection, reaction, documentation, and prevention (Ameri, 2004), SIEM provides protection and prevention through automated threat detection and documentation. In turn, this automated detection and documentation allow concerned IT professionals to react or respond, as well as to preserve or improve the security integrity of their IT capabilities.
This paper introduces IBM QRadar SIEM—an enterprise SIEM product. Also, this paper recommends the use of this SIEM product for managing security information and security events due to its key features that revolve around real-time monitoring and analysis and event management and reporting.
A Review of IBM QRadar SIEM
International Business Machines Corporation or IBM is a United States-based multinational technology company that has an extensive portfolio of products and services to include computers and hardware, software and software solutions, and services. One of its products is the IBM QRadar SIEM—a software product and solution for security information and event management marketed primarily to enterprise clients.
Below are the specific features of IBM QRadar SIEM (IBM, 2016; Gartner, 2014):
Real-time threat monitoring, analysis, and reporting: The product is capable of detecting inappropriate use and any suspicious behavior such as insider fraud. Note that this product monitors and collects data from different sources to include network hardware, security devices, operating systems, software or applications, databases, and even identity and access management products.
Seamless threat management: The product does not only detect and record threats and incidents, but it also links such to all relevant data and proper context for easier investigation. Furthermore, real-time monitoring, analysis, and reporting also include cross-checking between real-time data and historical data to enhance investigations.
Detailed data access and user activity report: The product tracks all activities of users based on their username and IP address to ensure employee compliance and enforcement of data privacy and policies.
Cloud computing capabilities: The product works through a large and geographically distributed environment. Note that data for real-time monitoring, analysis, and reporting are collected from either the cloud or on-site premises.
Reviews for IBM QRadar SIEM have been favorable. For example, Karen Scarfone, an IT security expert, mentioned that the product has a high degree of flexibility because it can be deployed as hardware, software, or a virtual appliance-based product. Its differentiation from other SIME products includes support for threat intelligence feeds, support for several major compliance reporting requirements, and modular functionality for supporting scalability (2015). An aggregate of reviews from other security experts resulted in a rating of 4.2 over five. The product has been regarded as one of the leading SIEM solutions in the market alongside ArcSight from Hewlett-Packard. Ease of use and intuitive dashboard reporting despite monitoring and analysis capability involving a large volume of data are other advantages of IBM QRadar SIEM (IT Central Station, 2016). IBM QRadar SIEM was also named the best SIEM product of 2015 by SANS Institute—a US-based organization specializing in IT security and training. The organization commended the product for its continued expansion of features and functionalities to meet current security requirements and market demands (Meenan, 2016).
About the disadvantages of IBM QRadar SIEM, the review of Scarfone (2015) mentioned the integration of this software product with other IBM products and products from other software development companies. Note that this product has a modular feature for scalability. This could mean additional costs for an organization. Furthermore, the cost of the product and its wide array of functionalities make it appropriate for large enterprises.
Recommending IBM QRadar SIEM
IBM QRadar SIEM is a highly recommended SIEM product and solution nonetheless. The aforementioned review of features reveals that it is capable of performing basic SIEM functionalities to include real-time monitoring and analysis, as well as event logging and documentation. Apart from these standard features, IBM QRadar has additional capabilities that are relevant to an organization with a large geographical scope. These include support for cloud computers, the capability to monitor and analyze large volumes of data from different sources such as hardware or software, and detailed recording of user information, among others. Scalability is another plus point for this product. It is essentially expandable or modifiable.
Ameri, A. (2004). The Five Pillars of Information Security. Risk Management Magazine. Retrieved on 27 October 2016 from http://cf.rims.org/Magazine/PrintTemplate.cfm?AID=2409
Kavanagh, K. M., Nicolett, & Rochford, O. (2014). Magic Quadrant for Security Information and Event Management. Gartner
IBM. (2016). IBM Security QRadar SIEM.” IBM Software. Retrieved from http://www-03.ibm.com/software/products/en/qradar-siem
IT Central Station. (2016). IBM Security QRadar SIEM. IT Central Station. Retrieved from https://www.itcentralstation.com/products/ibm-security-qradar-siem
Meenan, C. (2016, April 8). SANS Names IBM QRadar as the best SIEM for 2015. Security Intelligence. Retrieved from https://securityintelligence.com/news/sans-names-ibm-qradar-as-the-best-siem-for-2015-2/
Scarfone, K. (2015). IBM Security QRadar: SIEM Product Overview. TechTarget. Retrieved from http://searchsecurity.techtarget.com/resources/Security-Event-Management
Schultz, E. E. (2010). Security Information and Event Management Technology. In H. F. Tipton & M. Krause (eds.) Information Security Management Handbook, (6th ed.). Boca Raton: CRC Press