IBM Security QRadar SIEM Implementation for an Asian bank

IBM Security QRadar SIEM Implementation for an Asian bank

Industry
Financial Services
Technologies
QRadar

Customer

The Customer is an Asian bank with 3+ million customers and assets amounting to more than $ 1.7 billion according to the customer’s 2016 annual financial statement. In 2015 Standard & Poor's Ratings Services (S&P) assigned the bank with 'BB' long-term and 'B' short-term counterparty credit ratings for the establishment’s solid reputation.

Challenge

Acknowledging a considerable rise in cyber-attacks, the Customer decided to install a SIEM system (IBM® Security QRadar® SIEM) to provide their information security administrators with a bird’s eye view of the bank’s network. To increase the network’s overall security, the Customer defined a set of functional subsystems to be added to QRadar (that of data collection, processing, storage, analysis, reporting, search, self-diagnostics and visual display).

  • The company put out the contract on QRadar deployment with its subsequent configuration, and ScienceSoft succeeded in winning it.

Solution

In line with the scope of work, ScienceSoft’s senior SIEM consultant performed the following services:

  • Installed an out-of-the-box IBM® Security QRadar SIEM system (QRadar) with 2,500 EPS (Events Per Second).
  • Fine-tuned QRadar according to the Customer’s network environment.
  • Integrated the following Log Sources with QRadar SIEM solution: Microsoft Windows Active Directory Servers, Microsoft Windows IIS, Microsoft Windows Exchange Servers, Windows Terminal Services, Linux RHEL Servers, DNS / DHCP Servers, Antivirus Servers, Database Servers, Proxy Servers, Firewalls, Switches, ESX, SWIFT, XOHKS.
  • Configured out-of-the box parsers for log sources.
  • In addition, our senior SIEM consultant developed 3 custom Device Support Modules (custom DSMs) to parse received events from HP Core Switch, 3 Com VPN, Tipping Point® SMS.
  • As part of malware and botnet protection solution, the ScienceSoft specialist connected IBM X-Force reputational feed. It enabled QRadar to identify communications with foreign ill-famed hosts.
  • Implemented 30 custom-tailored correlation rules.
  • Provided on-site custom training for the bank’s security team.

Results

The month-long project on QRadar deployment rounded up with a series of quality-assurance tests, followed by launching the customized QRadar solution in operation.

As a result, the Customer received a robust SIEM system with enhanced malware and botnet protection features, able to create a PCI compliance report. Working 24/7 in real-time mode, the QRadar solution ensures the Customer’s information security team with a 3-month long data storage. In case of emergency outage all the information is retained and can be restored once the SIEM system is back in operation. As a part of QRadar deployment project, ScienceSoft also provided an operational instruction on the SIEM system and will render maintenance support upon the Customer’s request.

Technologies and Tools

IBM® Security QRadar® SIEM v 7.2.8, Python, SQL, AQL, Regex, Linux Shell, Windows.

Need help with a similar project?

Drop us a line, and our rep will contact you within 30 minutes to arrange an initial discussion.

MORE CASE STUDIES