SlideShare a Scribd company logo

Build cost effective Security Data Lake + SIEM

Rasool Irfan, profile picture
Rasool Irfan

The document discusses building a cost-effective security data lake using IBM QRadar. It defines a data lake and security incident and event management (SIEM). Organizations choose data lakes for search/hunting and SIEM for detecting malware/anomalies. IBM QRadar's Data Store enables efficient data mining by collecting and storing log data separately from security analytics data, while still allowing the data to be accessed for reporting, visualization, and custom applications. This provides a security data lake capability within QRadar without additional cost or vendors.

Technology
1 of 5
Downloaded 11 times
1
2
3
4
5
Future of cyber security www.rasoolirfan.com Build cost effective Security Data Lake
Future of cyber security www.rasoolirfan.com Definitions “A data lake is a method of storing data within a system or repository, in its natural format, that facilitates the collocation of data in various schemata and structural forms, usually object blobs or files. The idea of data lake is to have a single store of all data in the enterprise ranging from raw data (which implies exact copy of source system data) to transformed data which is used for various tasks including reporting, visualization, analytics and machine learning.” ~Wikipedia Security incident and event management (SIEM) is the process of identifying, monitoring, recording and analyzing security events or incidents within a real-time IT environment. It provides a comprehensive and centralized view of the security scenario of an IT infrastructure ~Techopedia Data Lake SIEM
Future of cyber security www.rasoolirfan.com Why organization choose Data Lake or SIEM Rationale Data Lake SIEM Purpose Reason Technology Expertise Search, hunting Detecting malware, anomalies, offenses Less Capex; Log Management; Investigations Better Correlation & Detection capabilities Open source Commercial Experts Dependent Out of box Product features
Future of cyber security www.rasoolirfan.com How IBM QRadar help achieve customer achieve both Data Lake & SIEM Answer - QRadar Data Store to enable efficient data mining for security and compliance use cases  QRadar Data Store has a predictable pricing model based on the number of hosts that store data, and customers can optionally add as much storage and compute power as needed.  Data Store is configured using a simple collection filter in QRadar. By selecting the data source, or the event criteria from the data source, you can easily define which data is sent directly to Data Store  Data Store is a QRadar licensing overlay that leverages existing storage and processing capacity on Event Processors and Data Nodes to collect, process and store data identified for Data Store  Data Store is primarily used for log management, so its data is excluded from correlation and advanced security analytics capabilities. However, Data Store data can be used by most other capabilities, such as searching, reporting, visualization and custom apps built using the QRadar App Framework.  Data Store data cannot be used for historical correlation. However, the filtering policy that separates Data Store data from SIEM data can easily be changed. As soon as the policy is updated, all future data collected will be included in all analytics and correlation processes within QRadar  Because Data Store data does not go through analysis or correlation, analytics-driven apps may not be able to fully leverage data collected using Data Store. All other capabilities, such as reporting, parsing, custom properties and dashboards, should work as expected.  Leverage the QRadar SDK to build custom apps and analytics on top of your data to address a variety of unique security and IT operations use cases  Provide security teams with massive volumes of data to which they can pose a variety of questions via Ariel Query Language and easily filter through results.  Share data between Security and IT Ops. Centralize enterprise-wide data for reporting and analytics, and control access to data based on data type and user role.
Future of cyber security www.rasoolirfan.com Now, you can build a security data lake without breaking your budget or adding another vendor to your security stack https://www.ibm.com/support/knowledgecenter/SS42VS_7.3.2/com.ibm.qradar.doc/t_qradar_adm_data_store.html

More Related Content

PDF
Secure your workloads with microsegmentation
Rasool Irfan
 
PDF
What is micro segmentation?
Mir Mustafa Ali
 
PDF
Microsegmentation for enterprise data centers
Narendran Vaideeswaran
 
PDF
Micro segmentation and zero trust for security and compliance - Guardicore an...
YouAttestSlideshare
 
PPTX
The Top Cloud Security Issues
HTS Hosting
 
PPTX
Introduction to Network Security
John Ely Masculino
 
PDF
Top reasons why Endpoint Security should move to Cloud | Sysfore
Sysfore Technologies
 
PPTX
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
Pro Mrkt
 
Secure your workloads with microsegmentation
Rasool Irfan
 
What is micro segmentation?
Mir Mustafa Ali
 
Microsegmentation for enterprise data centers
Narendran Vaideeswaran
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
YouAttestSlideshare
 
The Top Cloud Security Issues
HTS Hosting
 
Introduction to Network Security
John Ely Masculino
 
Top reasons why Endpoint Security should move to Cloud | Sysfore
Sysfore Technologies
 
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
Pro Mrkt
 

What's hot (20)

PPTX
Zero trust deck 2020
Guido Marchetti
 
PPTX
Web application firewall
Aju Thomas
 
PPTX
Zero Trust Framework for Network Security​
AlgoSec
 
PPTX
Network Security
Techknow Book
 
DOCX
What is zero trust model of information security?
Ahmed Banafa
 
PPTX
Can Cloud Solutions Transform Network Security
EC-Council
 
PDF
Cloud Security - Made simple
Sameer Paradia
 
PPTX
What is zero trust model (ztm)
Ahmed Banafa
 
DOCX
Security architecture principles isys 0575general att
SHIVA101531
 
PPTX
Ics & computer security for nuclear facilities
omriyad
 
DOCX
Residency research makeup project acme enterprise scenario resi
SHIVA101531
 
PPTX
An introduction to Cyber Essentials
Jisc
 
PDF
ATP Technology Pillars
Priyanka Aash
 
PPTX
Zero Trust
Boaz Shunami
 
PDF
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
PDF
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cimetrics Inc
 
PDF
Cyber Security Management | Cyber Security Consultant | JST Business Solution...
Sahabuddin Siddiqui
 
PPTX
Network Security Goals
Kabul Education University
 
PDF
Network Security Certification
Vskills
 
PPTX
Cloud security training, certified cloud security professional
Bryan Len
 
Zero trust deck 2020
Guido Marchetti
 
Web application firewall
Aju Thomas
 
Zero Trust Framework for Network Security​
AlgoSec
 
Network Security
Techknow Book
 
What is zero trust model of information security?
Ahmed Banafa
 
Can Cloud Solutions Transform Network Security
EC-Council
 
Cloud Security - Made simple
Sameer Paradia
 
What is zero trust model (ztm)
Ahmed Banafa
 
Security architecture principles isys 0575general att
SHIVA101531
 
Ics & computer security for nuclear facilities
omriyad
 
Residency research makeup project acme enterprise scenario resi
SHIVA101531
 
An introduction to Cyber Essentials
Jisc
 
ATP Technology Pillars
Priyanka Aash
 
Zero Trust
Boaz Shunami
 
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
Cybersecurity Summit AHR20 NIST framework Cimetrics
Cimetrics Inc
 
Cyber Security Management | Cyber Security Consultant | JST Business Solution...
Sahabuddin Siddiqui
 
Network Security Goals
Kabul Education University
 
Network Security Certification
Vskills
 
Cloud security training, certified cloud security professional
Bryan Len
 
Ad

Similar to Build cost effective Security Data Lake + SIEM (20)

DOCX
Overall Security Process Review CISC 6621Agend.docx
karlhennesey
 
PDF
SECURING THE CLOUD DATA LAKES
Happiest Minds Technologies
 
PDF
ALTR Company Overview 2023
Kim Cook
 
PPTX
DG_Architecture_Training.pptx
TranVu383073
 
PPTX
Data Privacy By Design with AWS
Krzysztof Kąkol
 
PPTX
IBM QRadar’s DomainTools Application.pptx
infosec train
 
PPTX
IBM QRadar’s DomainTools Application.pptx
Infosectrain3
 
PDF
Applying Auto-Data Classification Techniques for Large Data Sets
Priyanka Aash
 
PPTX
SIEM : Security Information and Event Management
SHRIYARAI4
 
PDF
eBook: 5 Steps to Secure Cloud Data Governance
Kim Cook
 
PDF
Whitepaper IBM Qradar Security Intelligence
Camilo Fandiño Gómez
 
PDF
G05.2013 Security Information and Event Management
Satya Harish
 
DOCX
SureLog Large-scale SIEM Implementation in a Distributed It Security World
Ertugrul Akbas
 
PDF
Sqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl
 
PDF
Top 10 cloud security tools to adopt in 2024.pdf
Sparity1
 
PPTX
SOAR and SIEM.pptx
Ajit Wadhawan
 
PPTX
PKI.pptx
Ajit Wadhawan
 
PDF
Cybersecurity Series SEIM Log Analysis
Jim Kaplan CIA CFE
 
PPTX
QRadar, ArcSight and Splunk
M sharifi
 
PPTX
Designing for Privacy in AWS cloud
Krzysztof Kąkol
 
Overall Security Process Review CISC 6621Agend.docx
karlhennesey
 
SECURING THE CLOUD DATA LAKES
Happiest Minds Technologies
 
ALTR Company Overview 2023
Kim Cook
 
DG_Architecture_Training.pptx
TranVu383073
 
Data Privacy By Design with AWS
Krzysztof Kąkol
 
IBM QRadar’s DomainTools Application.pptx
infosec train
 
IBM QRadar’s DomainTools Application.pptx
Infosectrain3
 
Applying Auto-Data Classification Techniques for Large Data Sets
Priyanka Aash
 
SIEM : Security Information and Event Management
SHRIYARAI4
 
eBook: 5 Steps to Secure Cloud Data Governance
Kim Cook
 
Whitepaper IBM Qradar Security Intelligence
Camilo Fandiño Gómez
 
G05.2013 Security Information and Event Management
Satya Harish
 
SureLog Large-scale SIEM Implementation in a Distributed It Security World
Ertugrul Akbas
 
Sqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl
 
Top 10 cloud security tools to adopt in 2024.pdf
Sparity1
 
SOAR and SIEM.pptx
Ajit Wadhawan
 
PKI.pptx
Ajit Wadhawan
 
Cybersecurity Series SEIM Log Analysis
Jim Kaplan CIA CFE
 
QRadar, ArcSight and Splunk
M sharifi
 
Designing for Privacy in AWS cloud
Krzysztof Kąkol
 
Ad

More from Rasool Irfan (7)

PDF
45 key vendors and thier online fraud prevention solutions
Rasool Irfan
 
PPTX
Digital workplace security for gen z
Rasool Irfan
 
PDF
Maximize your investment with AWS Native Security Controls
Rasool Irfan
 
PDF
Multi Cloud Security Technology Requirements.
Rasool Irfan
 
PDF
Ethical Hacking by Rasool Kareem Irfan
Rasool Irfan
 
PPTX
Honeypots and honeynets
Rasool Irfan
 
PDF
Your growth in corporate life
Rasool Irfan
 
45 key vendors and thier online fraud prevention solutions
Rasool Irfan
 
Digital workplace security for gen z
Rasool Irfan
 
Maximize your investment with AWS Native Security Controls
Rasool Irfan
 
Multi Cloud Security Technology Requirements.
Rasool Irfan
 
Ethical Hacking by Rasool Kareem Irfan
Rasool Irfan
 
Honeypots and honeynets
Rasool Irfan
 
Your growth in corporate life
Rasool Irfan
 

Recently uploaded (20)

PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Teaching material agriculture food technology
LiaRayya
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 

Build cost effective Security Data Lake + SIEM

  • 1. Future of cyber security www.rasoolirfan.com Build cost effective Security Data Lake
  • 2. Future of cyber security www.rasoolirfan.com Definitions “A data lake is a method of storing data within a system or repository, in its natural format, that facilitates the collocation of data in various schemata and structural forms, usually object blobs or files. The idea of data lake is to have a single store of all data in the enterprise ranging from raw data (which implies exact copy of source system data) to transformed data which is used for various tasks including reporting, visualization, analytics and machine learning.” ~Wikipedia Security incident and event management (SIEM) is the process of identifying, monitoring, recording and analyzing security events or incidents within a real-time IT environment. It provides a comprehensive and centralized view of the security scenario of an IT infrastructure ~Techopedia Data Lake SIEM
  • 3. Future of cyber security www.rasoolirfan.com Why organization choose Data Lake or SIEM Rationale Data Lake SIEM Purpose Reason Technology Expertise Search, hunting Detecting malware, anomalies, offenses Less Capex; Log Management; Investigations Better Correlation & Detection capabilities Open source Commercial Experts Dependent Out of box Product features
  • 4. Future of cyber security www.rasoolirfan.com How IBM QRadar help achieve customer achieve both Data Lake & SIEM Answer - QRadar Data Store to enable efficient data mining for security and compliance use cases  QRadar Data Store has a predictable pricing model based on the number of hosts that store data, and customers can optionally add as much storage and compute power as needed.  Data Store is configured using a simple collection filter in QRadar. By selecting the data source, or the event criteria from the data source, you can easily define which data is sent directly to Data Store  Data Store is a QRadar licensing overlay that leverages existing storage and processing capacity on Event Processors and Data Nodes to collect, process and store data identified for Data Store  Data Store is primarily used for log management, so its data is excluded from correlation and advanced security analytics capabilities. However, Data Store data can be used by most other capabilities, such as searching, reporting, visualization and custom apps built using the QRadar App Framework.  Data Store data cannot be used for historical correlation. However, the filtering policy that separates Data Store data from SIEM data can easily be changed. As soon as the policy is updated, all future data collected will be included in all analytics and correlation processes within QRadar  Because Data Store data does not go through analysis or correlation, analytics-driven apps may not be able to fully leverage data collected using Data Store. All other capabilities, such as reporting, parsing, custom properties and dashboards, should work as expected.  Leverage the QRadar SDK to build custom apps and analytics on top of your data to address a variety of unique security and IT operations use cases  Provide security teams with massive volumes of data to which they can pose a variety of questions via Ariel Query Language and easily filter through results.  Share data between Security and IT Ops. Centralize enterprise-wide data for reporting and analytics, and control access to data based on data type and user role.
  • 5. Future of cyber security www.rasoolirfan.com Now, you can build a security data lake without breaking your budget or adding another vendor to your security stack https://www.ibm.com/support/knowledgecenter/SS42VS_7.3.2/com.ibm.qradar.doc/t_qradar_adm_data_store.html