IBM Qradar v vodilnem kvadrantu v Gartner SIEM poročilu

IBM Security provides a range of security technologies and services, and is headquartered in Cambridge, Massachusetts. The QRadar Security Intelligence Platform is primarily built around the QRadar SIEM solution and composed of several other separately priced components:

• IBM QRadar Vulnerability Manager — integration of vulnerability assessment data

• IBM QRadar Network Insights — QFl application visibility and packet content inspection

• QRadar Risk Manager — network device configuration monitoring and threat simulation capabilities

• IBM QRadar User Behavior Analytics (UBA) — a free add-on module that addresses some insider threat use cases

• IBM QRadar Incident Forensics — forensic investigation support

• IBM QRadar Advisor with Watson — advanced-analytics-based root cause identification and attribution engine

IBM also offers the Security App Exchange, which enables QRadar customers to download curated content developed by IBM or third parties to extend IBM QRadar’s coverage or value proposition. Other relevant IBM solutions include the IBM QRadar Network Packet Capture appliance, for stronger network forensics capabilities, and IBM Resilient, a SOAR solution that has supported, bidirectional integration between Resilient and the QRadar SIEM solution. This can help organizations streamline their security incident workflow processes.

IBM QRadar SIEM can be deployed on-premises, via hardware virtual appliances and software packages, or it can be hosted in the cloud via IBM’s cloud-based SIEM solution, QRadar on Cloud (QROC). Core SIEM licensing is based on the customer’s event velocity (number of EPS across the data sources in scope) and flows per minute (FPM). It can be procured via a perpetual license or subscription — the latter is offered only if the customer is purchasing QROC. Pricing for other components in the IBM QRadar Security Intelligence Platform depends on their respective metrics, e.g.:

• The number of flows for IBM QRadar Network Insights

• The number of assets in scope for IBM QRadar Vulnerability Manager

• The number of systems from which configuration data is pulled for IBM QRadar Risk Manager

QRadar Network Insights is available only in hardware appliance format, and QRadar Incident Forensics is only sold as a perpetual license.

During the past 12 months, IBM has improved alert efficiency via its Tuning App, simplified data ingestion from various sources, whereby extracting event properties from a common log format can be accomplished with little or no customization required. IBM has also mapped its QRadar Advisor with Watson to the MITRE ATT&CK framework.

IBM has a wide customer base on the end-user and MSSP side, and tends to appeal to larger organizations, by offering a robust platform to build a threat detection and response function. However, smaller organizations can also benefit from the QRadar SIEM solution, with its relative ease of use and extensive out-of-the-box content for less-advanced security use cases.