Customer
The client is a global company with quite a 100-year history in banking and money services, headquartered in North American nation. one amongst the biggest banks in North America, it provides services via a broad network of branches nationwide and globally to 15+ million shoppers. The client is within the high a hundred on the 2016 Forbes world 2000 list.
Challenge
The bank’s strict needs for info security created it necessary to confirm AN impeccable performance management over the IBM® Security QRadar SIEM that the bank was exploitation for on-the-scene offense detection. Considering the Customer’s giant scale and worldwide operation, solely an automatic tool may handle the desired fine-grained examination of the QRadar readying. Therefore, the client was trying to find an answer that might be simply enforced into its broad security setting and do QRadar’s health watching mechanically.
The bank selected Tech-It Group’s proprietary QLean for QRadar as this ready-made product provides QRadar health watching by alerting to problems with QRadar performance and to their sources.
QLean briefly
QLean for QRadar summarizes all the vital QRadar metrics, like console outline, EPS and FPI statistics, log sources productivity, incoming log information quality, correlation rules performance and a lot of into configurable health markers. Then the received information ar sent to QRadar directors for analysis to judge QRadar performance and find out aberrations, if any. Such audit determines however properly QRadar is fine-tuned and tailored to an exact IT network, thus extremely economical offense detection.
Solution
Together with the client, ScienceSoft coordinated the installation of QLean for QRadar at intervals the Customer’s IT network, that concerned the following:
Initial check of the Customer’s needs for QRadar health watching
ScienceSoft helped the client to line the necessities for a QRadar health watching tool and showcased however QLean may address them. The consulting section well-tried that the ready-made QLean for QRadar version contained the desired useful scope for watching consistent with the Customer’s security network parameters.
Delivery of QLean
After all initial arrangements were created, ScienceSoft delivered the ready-made to the bank. underneath the steerage of our consultants, the bank’s security specialists put in the tool and organized it in line with their security setting. As a result, QLean for QRadar was put in to supply the QRadar health watching with the subsequent characteristics:
40+ hosts
40,000+ log sources
2,500,000+ assets
15,000+ average EPS
60+ QRadar users
Pre-use audit
After QLean was properly tailored to the Customer’s setting, Tech-It Group’s consultants in conjunction with the Customer’s security team ran the pre-use audit of the tool’s performance. The audit results testified that QLean for QRadar was properly tuned and would supply economical QRadar health watching. Also, Tech-It Group’s team provided the bank’s security team with thorough consultation on more support and maintenance of QLean.
Results
The installation of QLean allowed the Customer’s security team to achieve an everyday, comprehensive summary of QRadar performance and enhance it by timely eliminating its aberrations, if any. In its flip, a reliable QRadar performance provides timely offense detection, prevents unprocessed events from intense the merchandise license volume and hardware area.
Technologies and Tools
IBM Security QRadar SIEM, Python, Linux, PostgreSQL, QRadar AQL, QRadar API, Shell Scripts, CentOS/RHEL.
