IBM Security QRadar SIEM Design and Implementation for a Gulf-Based Bank

Customer

The Customer is one of the most financially stable banking institutions in the Gulf region with more than 40-year history. The bank’s total assets exceed $25 billion. The Customer grants loans for a wide range of enterprises and renders economic development assistance to Muslim countries.

Challenge

The Customer addressed ScienceSoft with a problem of an inadequate SIEM design and operational flaws. Previously, to improve cyber security posture by enabling seamless monitoring of the corporate network activities, the Customer collaborated with a third-party vendor on QRadar SIEM system deployment. Having had the system in full operation for some time, the banking institution wanted to get a professional health check of the existing QRadar solution and fix its operational and design issues. In addition, the Customer required ScienceSoft’s senior SIEM consultant to provide recommendations on the platform maintenance.

Solution

ScienceSoft’s senior SIEM consultant started with assessing the current operational state of the QRadar solution employing our proprietary QLean tool. The assessment showed that the Customer’s SIEM system was in an inoperable state. The QRadar platform hadn’t been collecting any data from network devices for half a year, which rendered overall operational analysis impossible.

In view of the system’s current state and additional Customer’s requirements that arose in the course of the project, our senior SIEM consultant proposed a new SIEM design and implementation.

ScienceSoft’s security consultant provided and implemented the new SIEM design that enabled the connection of the main QRadar console to network devices from eight international offices, as well as its connection to disaster recovery (DR) console with configuration/data synchronization.

Finally, our consultant provided a detailed report that reflected all the operations done in the course of the project. The report also contained recommendations on the following issues:

• Classification of infrastructure and business application assets on the basis of the provided template.
• Asset connection to the main QRadar platform (either according to IBM documentation or with the help of professional services).
• Correlation rule creation, based on ScienceSoft’s best practices (120 examples).
• QRadar system further sustainment.
• Reviewing IS processes management.
• Organization of quarterly QRadar health check-ups.
• Organization of the security staff QRadar training.

Results

As a result of the two-week activities of ScienceSoft’s senior SIEM consultant, the Customer enhanced the corporate network security by obtaining the QRadar solution with a revised SIEM design, fully compliant with additional security requirements.

The final report provided essential recommendations on the maintenance of the new QRadar deployment. In addition, our security consultant offered the Customer ScienceSoft’s to implement all the suggested recommendations. This will serve as a basis for a long-term cooperation.

Technologies and Tools

QLean, IBM® Security QRadar® SIEM, Python, SQL, AQL, Regex, Linux Shell, Windows, VMware, SAN, NFS.