QLean for QRadar Implementation and Customization for a Major US MSP
Customer
The Customer is a 1,000+ employee MSP (Managed Service Provider) based in the US. The company is recognized by MSPMentor as one of the leading managed service providers globally and acknowledged by CRN magazine among the top fifty solution providers in North America. One of the Customerâs business directions is providing managed security services, namely, clientsâ QRadar SIEM systems management.
Challenge
SIEM platform is at the core of any MSSP SOC offering, and it takes significant resources to successfully manage and monitor its performance. The lack of automation and quality controls presents an immense challenge to the SOC operators driving down SIEM ROI and dramatically increasing overall SIEM TCO.
The Customer needed a reliable QRadar health check and SOC automation solution to proactively improve system quality and maintenance ensuring stable and error-free delivery for end clients.
To bridge the automation gaps in SIEM health monitoring, the Customer chose to deploy QLean for QRadar, a health check tool developed by ScienceSoftâs security specialists. Having tested the QRadar tool on their own SIEM deployment, the company managed to increase cost savings on labor, as well as cut product, maintenance and hosting fees. This was the major drive for the MSP to require QLean deployment on their clientsâ QRadar SIEM systems.
Solution
During the month-long project, ScienceSoftâs security consultant performed the following operations:
- Multi-deployment support. The basic QLean solution is designed to work with one QRadar installation. ScienceSoftâs security consultant provided the Customer with a centralized QRadar tool (with 50K EPS), which is able to connect and collect data from multiple remote SIEM systems.
- QLean customization for multiple-deployment support. Now, the centralized Qradar tool, integrated into the Customerâs SIEM platform, contains separate per-deployment configurations for execution parameters, health markers and report recipients.
- Non-root privileged QRadar user support. The Customer didnât have root access to several QRadar deployments. ScienceSoftâs security consultant enabled QLean launching by non-privileged users.
- Branding. Our security specialist modified the Health Check report by replacing the logo and URLs with the Customerâs ones. The system of notification also was tuned: mailing lists now can be created in the QLean configuration file.
- NATed QRadar consoles support. ScienceSoftâs security consultant ensured that QLean processes data from several QRadar deployments behind NAT.
- Minor content customization. The specialist added managed host names to the Distributed EPS metric.
Results
The MSP acquired the QRadar tool, which ensured a centralized performance optimization of multiple customersâ SIEM systems. Advanced operational analytics of a single QLean installation enabled the Customer to achieve proactive security intelligence with easier maintenance of clientsâ security platforms, improved data quality and stable performance of their own QRadar solution.
Along with higher service quality and expanded security services offering, QLean saves on average 250 hours a year per MSSP client. That translates into average cost savings of around $25,000.00 per client based on average cost of $100 per hour.
Technologies and Tools
QLean for IBMÂź Security QRadarÂź SIEM system.