IBM QRadar SIEM Consulting for a Large Aerospace Entity
Customer
A large aerospace entity unit.
Challenge
With vast volumes of sensitive data at their disposal, the customer opted for IBM® Security QRadar® SIEM. The system was expected to provide a real-time analysis of the log data and network flows for malicious activity prevention. As the deployed QRadar solution wasn’t able to ensure a sufficient level of security, the customer at some point started to consider other SIEM options.
Solution
ScienceSoft offered a quick fix solution which helped to boost ROI from the existing SIEM installation and increased customer satisfaction.
The customer purchased ScienceSoft’s proprietary QLean, an automated monitoring tool that provides a comprehensive view of an organization’s SIEM system by letting security specialists detect operational deviations along with data losses and helping to troubleshoot them promptly.
With 37 performance metrics and 25 Health Markers the product provides for efficient QRadar SIEM performance. Unique features of QLean are Data Quality Validation and Offense Analysis.
The existing QRadar deployment experienced a number of performance issues, which were immediately identified by QLean.
On the basis of health check report our security specialists proposed solutions to the system’s performance issues summarized in the following list:
Performance issues
- Event Processor host overload
- License limit excess
- Significant number of false-positives from out-of-the-box correlation rules
- Outdated Protocol and DSM
Solutions
- Hardware upgrade / log sources audit tuning
- License upgrade / log sources audit tuning
- Fine-tuning correlation rules
- Manual installation of Protocol and DSM updates
Results
Well-armed with QLean monitoring tool, the customer’s security team is implementing a series of measures based on the tool’s reports.
Technologies and Tools
QLean for IBM® Security QRadar® SIEM system.
