Podcasts about qradar

In the rapidly evolving cybersecurity landscape, organizations face the daunting challenge of protecting their networks and sensitive data from an ever-increasing number of threats. To effectively defend against these threats, organizations require a comprehensive and intelligent security solution that can detect, analyze, and respond to potential security incidents in real time. This is where IBM QRadar Security Information and Event Management (SIEM) comes into play. What is IBM QRadar SIEM? IBM QRadar SIEM is a powerful and widely adopted security intelligence platform that provides organizations with a centralized system for collecting, analyzing, and correlating security events from various sources across the network. By consolidating data from diverse security devices and systems, QRadar SIEM offers a holistic view of an organization's security posture, enabling efficient threat detection and response. QRadar SIEM employs advanced analytics and machine learning techniques to identify and prioritize security events, helping security teams focus their attention on the most critical threats. It combines log management, network behavior analysis, and anomaly detection to detect malicious activities, insider threats, and other suspicious behaviors that may indicate a security incident. View More: What's new in IBM QRadar SIEM?

In this Session, we will provide a comprehensive overview of the key components of IBM QRadar. Whether you are an IT professional, cybersecurity enthusiast, or simply interested in learning more about QRadar, this Session will give you valuable insights into its functionality and importance in the industry. IBM QRadar is an industry-leading security intelligence and analytics platform that helps organizations detect and respond to threats effectively. In this Session, we will cover the essential components of QRadar: ➡️ Agenda for the Webinar

I recently spoke with recovering SOAR founder JP Bourget, founder of BlueCycle, a SOC/MSSP Advisory Service. JP and his team have worked with more than 250 organizations, advising on SOC best practices, optimization, and improving security data pipelines and processes. As he's logged more than 20 years in cybersecurity, I wanted to chat with JP about observability trends in security, what he's hoping to see as we enter #hoteventsummer (RSA, Gartner Security and Risk, CriblCon, Black Hat, and DEFCON 30) with conferences shaping up to have huge attendance and lots to cover! The TL:DR: You can connect with JP in Cribl Slack, on Twitter, or at BlueCycle.net, and if you're a hacker AND a cyclist, you should check out Cycleoverride.org. You can hear the whole discussion in your podcast player, but I've excerpted some of the highlights below, mostly around how JP and co have delivered better security outcomes for MSSPs and enterprise SOC organizations using security data pipelines powered by Cribl. Cribl helps MSSPs scale operations. They can spend less time managing tools and data and more time detecting, analyzing, and remediating issues to better protect customers. Even though many security teams use the same technologies and tools, no two are the same in terms of the way they've configured and formatted the logs, meaning MSSPs have to reinvent the wheel every time they onboard a data source for a new tenant or customer. Cribl and Cribl Packs gives JP's team the ability to apply the same logic across all customers without writing, managing, and maintaining custom code and parsers just to get data into a SIEM. Splunk, QRadar, Sentinel, Exabeam, or a homegrown SIEM–doesn't matter, Cribl makes it easy to build and reuse data pipelines. Cribl helps enterprise SOCs and enterprise security teams. Like MSSPs, individual organizations also benefit from the streamlined data onboarding process. In addition to onboarding the data more easily, data formats are normalized and enriched with valuable context, so there's greater accuracy and less work to do in the SIEM or analytics system. In some cases, JP has seen customers reduce SIEM ingest cost by up to 60-65% by taking the approach of sending everything to cheap storage and sending only what they need to the SIEM. But wait…isn't ALL data security relevant? If we're talking about reducing the amount of data going into the SIEM, how does that jive with this notion of the more data you have in your security analytics platform, the more “secure” you are, or the more likely you are to effectively reduce risk? All data is security relevant, but not all data needs to go to your SIEM to get the assurance you need. It turns out, that reducing the amount of data doesn't impact the efficacy or change the risk profile for your organization. If you know your log sources, (or get some help from someone like JP) and, more importantly, what's required to feed alerting logic, you can make smart decisions about what should go into your SIEM and what should go to S3. Customers can send the data they need, enriched in the stream with additional context like IPs, geolocation, user ID, all normalized before it hits the SIEM, so you get much cleaner data, with a lower initial time investment to get data in. We see customers able to bring in additional data sources, but only the relevant fields, so they still get the correlation they need to feed detection rules and alerting. And there's an insurance policy–using Cribl's Replay feature, you can pull data in from S3 for deeper investigations over longer time horizons. Security analysts can focus on core competencies. In JP's view, the SOCs core competency is and should be handling and figuring out how to deal with alerts; SOCs Core competency is not data ingest. Similarly, for SOAR the goal is not to be writing integrations but to be focusing on complex investigations. “My mission in life is to build the cyber data pipelines to make it easy for the SOC operators to focus on investigating, responding and remediating to protect the business. Our team and Cribl facilitate the plumbing. Security analysts can focus on core competencies and do incident response--ultimately providing greater protection and insights for the business.” Note that with the challenges in recruiting, training, and retaining security talent, part of the problem is that we're asking them to do 5+ jobs. Context switching is hard. Focusing on core competencies makes it easy to onboard new analysts faster and helps them focus on a core area of expertise. You should be able to own your own data. We talked a bit about Cribl's vendor-agnostic vision for observability. JP got passionate again: “Here's the thing, you should be able to own your data and not have break the bank to retain that data. And secondly, you want to be able to ask questions in future even if you don't know the questions you want to ask today.” More organizations are moving to the cloud and deploying multiple SIEMs, but still need to maintain some sense of cost control or cost reduction. Most well-funded cloud SIEMs, have some strategy to ingest logs, but that strategy does not include the reduction or processes and tooling to only bring in what you need to pay only for what you need. Cribl gives teams control of their data to send it the relevant bits to the relevant destinations where it will be most efficient to analyze and economical to store. Thanks to JP and all of our customers who are helping us to build a great Cribl Community! If you're just getting started with Cribl, you can check out our sandboxes, a guided experience with demo data at sandbox.cribl.io. There's also a wealth of information, tips, tricks, and use case ideas on our blogs and Slack. We have user group meetings on the 2nd Tuesday of the month, and we just launched our Q&A forum curious.cribl.io. And of course, we'll be at RSA in booth 5469 June 6-10 in San Francisco. Hope to see you there!

In deze podcast schuift Robbin Koolaard, Client Technical Sales Storage aan en legt uit hoe met Safeguarded copies de data beschermd kan worden tegen o.a. ransomware.  Show notes:IBM SAN Volume Controller (SVC) model SV3: https://www.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/1/877/ENUSZG22-0011/index.html Redbook IBM Power Systems Cloud Security Guide: Protect IT Infrastructure In All Layers: https://www.redbooks.ibm.com/redpieces/abstracts/redp5659.html?Open Algemene info rond IBM FlashSystems: https://www.ibm.com/nl-en/it-infrastructure/storage/flash?utm_content=SRCWW&p1=Sea[…]QobChMI8vX53q-E9gIVD9N3Ch1xMAuoEAAYASAAEgKmofD_BwE&gclsrc=aw.ds IBM FlashSystems Safeguarded Copy high level: https://mediacenter.ibm.com/id/1_u35ue30d IBM Safeguarded Copy: https://www.ibm.com/downloads/cas/BNZGVJKD IBM Cyber Resiliency webinar playback: https://event.on24.com/eventRegistration/console/EventConsoleApollo.jsp?simulive=y&e[…]=444698603&mediametricid=4695955&usercd=513477895&mode=launch IBM Security QRadar XDR: https://www.ibm.com/qradar Gebruikte afkortingen:SVC: SAN Volume ControllerNVMe (Storage): Non-Volatile Memory expressOp- en aanmerkingen kunnen gestuurd worden naar: ofjestoptdestekkererin@nl.ibm.com

SHOW LESSInfosecTrain offers IBM Security QRadar SIEM Training. To know more about IBM Security QRadar SIEM and other training we conduct, please visit https://www.infosectrain.com/courses/ibm-security-qradar-siem-training/ or Please write back to us at sales@infosectrain.com or call us at IND: 1800-843-7890 (Toll Free) / US: +1 657-221-1127 / UK : +44 7451 208413 for more information # QRadar #IBMQRadar #siemtraining Agenda for the Session What QRadar is and what makes it unique. How it helps detect known and unknown security threats out-of-the-box. Common issues organizations run into and guidance on how to solve them. Subscribe to our channel to get video updates. Hit the subscribe button above. Facebook: https://www.facebook.com/Infosectrain/ Twitter: https://twitter.com/Infosec_Train LinkedIn: https://www.linkedin.com/company/infosectrain/ Instagram: https://www.instagram.com/infosectrain/

In this episode of TubbTalk, Richard talks to Ian Thornton-Trump, expert in cybersecurity and chief security officer of Cyjax, a threat intelligence and cyber security company. They discuss how MSPs can keep their clients, and why many MSPs fail at security before an attack even happens – and what to do about that. Ian explains the concept of trusted advisor as a service and the importance of keeping up to date with technology. They also talk about why you need to communicate the importance of security to clients, and what to do if they won't help themselves. Ian discusses the merits of being agile and resilient, and shares what's in his current security stack for personal use. Mentioned in This Episode https://www.ibm.com/security/security-intelligence/qradar (QRadar) https://www.threatq.com/ (ThreatQ) https://banduracyber.com/ (Bandura) https://www.lastpass.com/ (LastPass) https://www.privatise.com/ (Privatise) https://syncromsp.com/ (Syncro) https://www.kaspersky.com (Kaspersky) https://www.blackfog.com/blackfog-msp/ (BlackFog) https://www.todyl.com/ (Todyl) https://www.servicenow.com/ (ServiceNow) https://www.bmc.com/it-solutions/it-security.html (BMC) https://buckets.grayhatwarfare.com/ (GrayhatWarfare) https://connect.comptia.org/membership/comptia-isao (CompTIA ISAO)

Cloud business leaders prefers multi cloud deployment strategies either within the region or across regions to have cost effective solution. IT security managers require security event management solutions prefers to have deployed on the cloud environment or either prefer SaaS offerings IBM QRadar and Splunk are the leading vendors in the market today offers wide range of SIEM use-cases. It require design and cost considerations to make it effective and fit for business purpose. --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app --- Send in a voice message: https://anchor.fm/future-of-cybersecurity/message

Podcast: Unsolicited Response PodcastEpisode: Splunk OT Security Add-OnPub date: 2020-09-16Most of the OT Detection and Asset Management solutions have developed 'integrations' with SIEMs, with Splunk and QRadar being the most common. I put integrations in quotes because they did little more than push alerts and events to the SIEMs with little context. This all changed with Splunk announcing their OT Security Add-On last month. In this episode of the Unsolicited Response podcast I talk with Ed Albanese, the VP Internet of Things at Splunk about the OT Security Add-On. This is a more detailed, technical episode as I try to dig into the features and benefits of the integration today and where it can be improved in the future. This includes: The additional OT fields in the Splunk Asset Framework The OT_Asset and OT_SW_Asset data models How the 29 OT search queries will work with integrations likely using different terms (such as different names for asset types) and the types of search queries currently supported. The value of having standardizations for some OT alerts/events sent to Splunk, such as "modify control logic". This support for standardized notables, as Splunk calls them, is not in the released Add-On but can be configured. How Splunk is tracking vulnerability management (currently no OT integration) And how Splunk is calculating the Risk Scores in the OT Security Posture Tab Links Splunk OT Security Add-On Announcement Splunk OT Security Add-On Software Download PageThe podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Most of the OT Detection and Asset Management solutions have developed 'integrations' with SIEMs, with Splunk and QRadar being the most common. I put integrations in quotes because they did little more than push alerts and events to the SIEMs with little context. This all changed with Splunk announcing their OT Security Add-On last month. In this episode of the Unsolicited Response podcast I talk with Ed Albanese, the VP Internet of Things at Splunk about the OT Security Add-On. This is a more detailed, technical episode as I try to dig into the features and benefits of the integration today and where it can be improved in the future. This includes: The additional OT fields in the Splunk Asset Framework The OT_Asset and OT_SW_Asset data models How the 29 OT search queries will work with integrations likely using different terms (such as different names for asset types) and the types of search queries currently supported. The value of having standardizations for some OT alerts/events sent to Splunk, such as "modify control logic". This support for standardized notables, as Splunk calls them, is not in the released Add-On but can be configured. How Splunk is tracking vulnerability management (currently no OT integration) And how Splunk is calculating the Risk Scores in the OT Security Posture Tab Links Splunk OT Security Add-On Announcement Splunk OT Security Add-On Software Download Page

“With IBM, the sky’s the limit.” — Chris Reid, director of vendor management & sales enablement at Braintrace IBM is making partners’ and their customers’ dreams come true. Chris and Braintrace Founder & CIO, Carl Peterson, describe the advantages their business has gained from working with IBM. They also discuss: -The benefits of marketing through IBM’s Embedded Solution Agreement -How IBM’s QRadar helps Braintrace stay on top of its game -How IBM has helped Braintrace scope out SIEM opportunities Learn more about IBM’s ESA program.  Contact info:  chris.reid@braintrace.com carl@braintrace.com kevin.fischer@ingrammicro.com To join the discussion, follow us on Twitter @IngramTechSol #B2BTechTalk Sponsored by Ingram Micro Financial Solutions and Ingram Micro Imagine Next Listen to this episode and more like it by subscribing to B2B Tech Talk on Spotify, Apple Podcasts, or Stitcher. You can also listen on our website.

Os ataques estão aumentando exponencialmente, e, mais do que isso, se tornando cada vez mais inteligentes. Nos últimos episódios do RedCast identificamos as principais dores de cada segmento e diante disso, surgiram grandes questões sobre como escolher uma ferramenta adequada para a segurança de sua organização. Neste episódio especial sobre IBM QRadar, iremos discutir sobre quais são os direcionamentos de ferramentas e tecnologias para que os ataques sejam identificados e a resposta aos incidentes seja mais rápida e assertiva, com a presença de Leonel Conti, CISO na Ypê, e Denis Prado, Threat Management Sales Leader LATAM na IBM. Confira nas nossas redes sociais mais informações sobre cibersegurança: Site - https://bit.ly/3bp7uG2 Linkedin - https://bit.ly/360QCny Facebook - https://bit.ly/30rgGHu Twitter - http://bit.ly/2qH8fbD Instagram - https://bit.ly/2Z3nSJr

Never used Splunk before, have no Splunk admins and you’ve just bought Splunk Enterprise Security? That was us, and now we're using Splunk in ways that we could've only dreamed of using IBM QRadar. In this session we’ll share our implementation story, how we worked with Splunk to accelerate our learning curve, and how we went from 0 to 3TB in 3 months with no Splunk admins. We'll also cover how Splunk allows us to onboard data sources that we couldn't with QRadar. Speaker(s) Nick Ho, Sales Engineer, Splunk Ross Rutherford, Information Security Engineer, Western Union Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1264.pdf?podcast=1577146235 Product: Splunk Cloud, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Beginner

Never used Splunk before, have no Splunk admins and you’ve just bought Splunk Enterprise Security? That was us, and now we're using Splunk in ways that we could've only dreamed of using IBM QRadar. In this session we’ll share our implementation story, how we worked with Splunk to accelerate our learning curve, and how we went from 0 to 3TB in 3 months with no Splunk admins. We'll also cover how Splunk allows us to onboard data sources that we couldn't with QRadar. Speaker(s) Nick Ho, Sales Engineer, Splunk Ross Rutherford, Information Security Engineer, Western Union Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1264.pdf?podcast=1577146226 Product: Splunk Cloud, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Beginner

Never used Splunk before, have no Splunk admins and you’ve just bought Splunk Enterprise Security? That was us, and now we're using Splunk in ways that we could've only dreamed of using IBM QRadar. In this session we’ll share our implementation story, how we worked with Splunk to accelerate our learning curve, and how we went from 0 to 3TB in 3 months with no Splunk admins. We'll also cover how Splunk allows us to onboard data sources that we couldn't with QRadar. Speaker(s) Nick Ho, Sales Engineer, Splunk Ross Rutherford, Information Security Engineer, Western Union Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1264.pdf?podcast=1577146254 Product: Splunk Cloud, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Beginner

Never used Splunk before, have no Splunk admins and you’ve just bought Splunk Enterprise Security? That was us, and now we're using Splunk in ways that we could've only dreamed of using IBM QRadar. In this session we’ll share our implementation story, how we worked with Splunk to accelerate our learning curve, and how we went from 0 to 3TB in 3 months with no Splunk admins. We'll also cover how Splunk allows us to onboard data sources that we couldn't with QRadar. Speaker(s) Nick Ho, Sales Engineer, Splunk Ross Rutherford, Information Security Engineer, Western Union Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1264.pdf?podcast=1577146217 Product: Splunk Cloud, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Beginner

In dieser Folge dreht sich alles rund um das Thema SIEM, also Security Information and Event Management. Wie SIEM beim Erkennen und Kategorisieren von Bedrohungen unterstützt und welche Vorteile sich hinter den verschiedenen Lösungen verbergen erfahren Sie natürlich beim IT Manager Podcast. Viel Spaß beim Zuhören! Wollen Sie auch einen IT-Begriff einfach und verständlich beim IT Manager Podcast erklärt bekommen oder selbst einmal in einem Interview dabei sein und eine Episode unterstützen? Dann schreiben Sie uns gerne eine E-Mail: ingo.luecker@itleague.de

This week, Net Neutrality and what it really means, Qradar vulnerability, trying to secure your mobile device, when Z-Wave attacks, routers are open to attack because of your ISP, Starbucks and XSS, Despacito hackers arrested, rebooting your routers, and more!  Daniel Lowrie from ITPro.TV joins us for expert commentary this week, and more on this episode of Hack Naked News!   Full Show Notes: https://wiki.securityweekly.com/HNNEpisode175 Visit https://www.securityweekly.com/hnn for all the latest episodes! Visit https://www.activecountermeasures/hnn to sign up for a demo or buy our AI Hunter!!

This week, net neutrality and what it really means, Qradar vulnerability, trying to secure your mobile device, when Z-Wave attacks, routers are open to attack because of your ISP, Starbucks and XSS, Despacito hackers arrested, rebooting your routers, and more! Daniel Lowrie from ITPro.TV joins us for expert commentary this week, and more on this episode of Hack Naked News! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode175 Visit http://hacknaked.tv to get all the latest episodes!

Through the Firewall, Ep. 9 - QRadar and Resilient by Force 3 LLC

Organizations around the world confront serious security challenges every day, and companies in the Asia-Pacific region are no exception. In this podcast, Evan Dumas, Head of Emerging Technologies for APAC, Middle East and Africa at Check Point Software, joins Deepraj Emmanuel Datt, Solution Design Leader at IBM Security Services Asia-Pacific, for a conversation about the key security challenges facing their clients and best practices for fighting back. Listen now to learn not only how IBM and Check Point are each protecting their own clients against advanced cyber threats, but also how the two companies are working together to automate endpoint detection, increase threat visibility and extend security to cloud deployments. To learn more about the latest developments in the IBM-Check Point partnership, read the article, "IBM and Check Point: Breaking New Ground in Collaborative Defense" [https://ibm.co/2x8FQts] and check out the new Check Point SmartView for QRadar app on the IBM App Exchange [http://bit.ly/2wjNCDf]. You can also download the 2017 Ponemon Institute Cost of a Data Breach Study, including individual reports for ANZ, ASEAN, India and Japan: https://ibm.co/2w0A9zd.

In this short podcast Ken Washburn, Team Lead for IBM QRadar App Development, explains how the new user behavior analytics (UBA) app provides new ways of tracking and analyzing typical QRadar data, giving organizations improved awareness of risky behaviors and malicious activities. To learn more, visit http://ibm.co/2aARHrs

Collecting real-time security events on the IBM i platform is different than other platforms - logs are stored in many different places in a proprietary IBM format. This presents a challenge for administrators who need to monitor their IBM i logs. Download this podcast to learn about: Real-time security event logging on the IBM i Monitoring your most critical data with IBM Security QRadar Meeting compliance requirements like PCI DSS, HIPAA, FFIEC, and more

Visit This Week on developerWorks at: http://ibm.com/developerworks/thisweek Links to articles mentioned on this episode are at: https://ibm.biz/BdDiCT