IBM Security QRadar SIEM Implementation for a Major Insurance Company
The Customer is a successful Michigan-based life insurance company, catering for retail and institutional investors. The company has been ranked top in financial strength ratings from independent American rating agencies.
A large amount of capital funds on their systems and access to a wealth of private clients’ information make insurance companies more and more susceptible to cybercrime. Additional cyber risk is posed by the fact that struggling to establish tighter customer relationships and offer new products, insurance companies migrate toward digital channels.
To effectively fend off the security menaces and meet compliance regulations, the Customer decided to leverage IBM® Security QRadar® SIEM system (hereinafter QRadar). The company chose ScienceSoft, as our information security experts have established strong reputation in SIEM for insurance domain.
The two-week SIEM for insurance sector project involved two ScienceSoft’s security consultants, who worked onsite. Prior to their arrival, the customer prepared complete network information, installed 18.5K EPS QRadar software with proper activation keys on all appliances and pre-configured the network devices to allow cross-communications between all QRadar components.
The scope of services provided by our SIEM experts was divided into several stages:
Stage 1: Out-of-the-box Log Sources configuration
Stage 2: System fine-tuning
- Building Network Hierarchy
- LDAP integration
- Incident forwarder customization
- Identifying and removing sources of noise
- Activating rules, saved searches, and accumulated time series graphs
- Customizing dashboards
- Parsing enhancement for various network appliances
Stage 3: Custom LSX development
- Log Data analysis
- Development and integration of six custom LSXs for six unsupported log source types
- LSXs testing based on relevant data availability
- Providing relevant documentation for each LSX with detailed instructions on how to configure the support within the solution
Stage 4: End user training and knowledge transfer
- Providing hands-on mentoring of Customer’s user and admin teams
The scope of work accomplished by ScienceSoft’s SIEM specialists enhanced QRadar security visibility and ensured much better protection of customer’s valuable data.
Currently, the SIEM for an insurance company project is in the support phase. Our cyber security experts are ready to provide advanced fine-tuning of QRadar upon the customer’s request.
Technologies and Tools
IBM® Security QRadar® SIEM, Python, SQL, AQL, Regex, Linux Shell