IBM Security QRadar SIEM Integration for a Digital Identity Services Company
Customer
The Customer is a US-based company that provides digital identity services by enabling its partners to access personal information of clients who want to get individual services and discounts.
Challenge
Aiming to launch its digital identity service, the Customer was aware of a large amount of sensitive data it would have to process and protect from potential intruders. That’s why the Customer was looking for a reliable SIEM solution that could ensure a proper level of data protection. Among multiple tools, the Customer chose IBM Security QRadar SIEM (QRadar), a unified platform consolidating log events and network flow data from multiple endpoints and applications.
The Customer required additional QRadar configuration and fine-tuning to leverage the system’s out-of-the-box functionality, as well as to enable the collection and processing of log events received from custom applications.
Solution
In search for professional QRadar configuration, the Customer turned to ScienceSoft, as our company has 13+ years of experience in SIEM and a solid portfolio of QRadar implementations for customers from healthcare, banking and finance, public sector, telecommunications and other industries.
ScienceSoft’s experts started from the analysis of the Customer’s solution logic and its IT infrastructure, which allowed them to assess the accuracy of QRadar’s initial deployment. The analysis also helped the SIEM team to focus on two major points: first of all, they configured standard device security modules (DSMs) to parse events received from multiple log sources and to convert them to a standard taxonomy format. After that, the experts developed custom log source extensions (LSXs) to integrate the platform with unsupported network objects represented by the Customer’s proprietary applications.
Additionally, ScienceSoft’s specialists carried out data normalization to ensure a proper correlation of log events after their primary collection.
At the final stage, the SIEM team monitored the QRadar environment by activating a QRadar SIEM health check tool QLean, ScienceSoft's proprietary tool developed to reveal performance issues and functional deviations of QRadar deployments. The monitoring allowed SIEM experts to verify if the system processed logs from all the connected log sources accurately, if data quality corresponded to the established standards, if the system correlated events into offenses correctly and more.
Results
Professional QRadar configuration by ScienceSoft’s SIEM experts, enabled the Customer to collect and process log data coming from unsupported applications, thus to ensure log events visibility and detect potential breaches. The final monitoring of the QRadar environment with QLean guaranteed the system's proper performance, thus minimizing risks of overlooking critical security events.
Technologies and Tools
IBM Security QRadar SIEM, QRadar API, Regex, Bold.