IBM QRADAR - SIEM/SOC

IBM QRADAR - SIEM/SOC

Information Systems Manager / Infrastructure Manager / Information Security Manager / CEO, do you want to sleep well at night? You need the following solution.

SIEM (Security Information and Event Management) is a standard or software that analyzes logs coming from various communication components and software. It is sometimes also referred to as SIM, SEM, which translates to Information and Event Management. SIEM implementation in an organization is driven by two main reasons:

  1. Regulation - This is a common reason for implementing SIEM in an organization. Many organizations start implementing SIEM as a requirement of regulations that mandate storing and monitoring logs containing actions related to sensitive information centrally. This allows the organization to have a comprehensive view of the information security status through scheduled reports from the SIEM system. In most cases, such implementations are simpler and shorter, aiming to comply with regulatory requirements.

  2. Desire to enhance information security - In this case, the SIEM solution is built with a more proactive approach. Organizations looking to improve their information security often choose to implement SIEM as a Control and Monitoring solution, allowing centralized event management. SIEM systems also provide forensic capabilities, enabling the search for information after an event.

SOC (Security Operations Center) is operated and managed professionally by a team of multi-disciplinary experts from IBM Security, certified and operated by IBM Security Services according to IBM's international guidelines and methodology, as implemented by national CERTs and leading cybersecurity centers worldwide.

The teams undergo continuous training at IBM, maintaining the highest level of readiness and preparedness. At the forefront of monitoring activity is the Alert Analyst, whose main role is to perform initial analysis of automated alerts coming from various systems, including continuous monitoring, sorting alerts, making initial decisions on the event's legitimacy, collecting necessary data for escalation to the second layer, and orderly escalation of the event for second-layer handling.

In the second layer, a high-level Incident Responder analyst stands ready to perform in-depth analysis to confirm the event, identify at-risk systems and computers, recommend responses, and take actions such as blocking and containment, preventing further spread, remediation, and recovery.

At the top of the pyramid is the SOC Manager, who, in addition to team management, liaises with clients, including the client's senior management, especially during event handling to make decisions that significantly impact the organization. The SOC Manager ensures compliance with operational policies, required performance metrics and response times according to SLAs, and manages escalation processes in severe events.