IBM QRadar is a Security Information and Event Management (SIEM) platform designed to give cybersecurity experts visibility across the corporate IT environment, monitor the company’s security posture and accelerate incident response.
It consolidates log, network flow and event data from all devices, endpoints and applications distributed throughout the enterprise network. Using advanced analytics and correlation algorithms, it detects cybersecurity threats and generates prioritized alerts. Security teams can see all events related to a particular threat in one place to accelerate incident analysis and remediation.
Although attacks to industrial control systems (ICS) are generally launched from IT platforms, they are often custom made and cannot be properly detected by IT security platforms. Sentryo ICS CyberVision extends QRadar by offering the ability to read into proprietary industrial protocols and detect abnormal OT asset behaviors.
Integrating Sentryo ICS CyberVision with IBM QRadar just requires to install the free Sentryo app available from the IBM XForce App Exchange. The Sentryo app has been fully tested and validated by IBM Security. It installs easily and automatically populates QRadar with a wealth of ICS-specific information to immediately gives SOC (Security Operation Center) analysts extra visibility into the company’s industrial environment.
QRadar can now identify assets and track events and anomalies on the industrial network. With QRadar correlation engine, security analysts can easily identify the source of an attack in the IT domain. CISOs can leverage the investment made in their corporate SOC to build a unified approach to cybersecurity spanning across their IT and OT environments.
The Sentryo QRadar App is available for download on the IBM XForce App Exchange.
To learn more, read our solution brief!