QLean for QRadar Implementation and Customization for a Major US MSP

Customer

The Customer is a 1,000+ employee MSP (Managed Service Provider) based in the US. The company is recognized by MSPMentor as one of the leading managed service providers globally and acknowledged by CRN magazine among the top fifty solution providers in North America. One of the Customer’s business directions is providing managed security services, namely, clients’ QRadar SIEM systems management.

Challenge

SIEM platform is at the core of any MSSP SOC offering, and it takes significant resources to successfully manage and monitor its performance. The lack of automation and quality controls presents an immense challenge to the SOC operators driving down SIEM ROI and dramatically increasing overall SIEM TCO.

The Customer needed a reliable QRadar health check and SOC automation solution to proactively improve system quality and maintenance ensuring stable and error-free delivery for end clients.

To bridge the automation gaps in SIEM health monitoring, the Customer chose to deploy QLean for QRadar, a health check tool developed by ScienceSoft’s security specialists. Having tested the QRadar tool on their own SIEM deployment, the company managed to increase cost savings on labor, as well as cut product, maintenance and hosting fees. This was the major drive for the MSP to require QLean deployment on their clients’ QRadar SIEM systems.

Solution

During the month-long project, ScienceSoft’s security consultant performed the following operations:

• Multi-deployment support. The basic QLean solution is designed to work with one QRadar installation. ScienceSoft’s security consultant provided the Customer with a centralized QRadar tool (with 50K EPS), which is able to connect and collect data from multiple remote SIEM systems.
• QLean customization for multiple-deployment support. Now, the centralized Qradar tool, integrated into the Customer’s SIEM platform, contains separate per-deployment configurations for execution parameters, health markers and report recipients.
• Non-root privileged QRadar user support. The Customer didn’t have root access to several QRadar deployments. ScienceSoft’s security consultant enabled QLean launching by non-privileged users.
• Branding. Our security specialist modified the Health Check report by replacing the logo and URLs with the Customer’s ones. The system of notification also was tuned: mailing lists now can be created in the QLean configuration file.
• NATed QRadar consoles support. ScienceSoft’s security consultant ensured that QLean processes data from several QRadar deployments behind NAT.
• Minor content customization. The specialist added managed host names to the Distributed EPS metric.

Results

The MSP acquired the QRadar tool, which ensured a centralized performance optimization of multiple customers’ SIEM systems. Advanced operational analytics of a single QLean installation enabled the Customer to achieve proactive security intelligence with easier maintenance of clients’ security platforms, improved data quality and stable performance of their own QRadar solution.

Along with higher service quality and expanded security services offering, QLean saves on average 250 hours a year per MSSP client. That translates into average cost savings of around $25,000.00 per client based on average cost of $100 per hour.

Technologies and Tools

QLean for IBM® Security QRadar® SIEM system.