IBM QRadar SIEM Consulting for a Large Aerospace Entity

IBM QRadar SIEM Consulting for a Large Aerospace Entity

Industry
Space
Technologies
Information Security, SIEM

Customer

A large aerospace entity unit.

Challenge

With vast volumes of sensitive data at their disposal, the customer opted for IBM® Security QRadar® SIEM. The system was expected to provide a real-time analysis of the log data and network flows for malicious activity prevention. As the deployed QRadar solution wasn’t able to ensure a sufficient level of security, the customer at some point started to consider other SIEM options.

Solution

ScienceSoft offered a quick fix solution which helped to boost ROI from the existing SIEM installation and increased customer satisfaction.

The customer purchased ScienceSoft’s proprietary QLean, an automated monitoring tool that provides a comprehensive view of an organization’s SIEM system by letting security specialists detect operational deviations along with data losses and helping to troubleshoot them promptly. 

With 37 performance metrics and 25 Health Markers the product provides for efficient QRadar SIEM performance. Unique features of QLean are Data Quality Validation and Offense Analysis.

The existing QRadar deployment experienced a number of performance issues, which were immediately identified by QLean.

On the basis of health check report our security specialists proposed solutions to the system’s performance issues summarized in the following list:

Performance issues

  • Event Processor host overload
  • License limit excess
  • Significant number of false-positives from out-of-the-box correlation rules
  • Outdated Protocol and DSM

Solutions

  • Hardware upgrade / log sources audit tuning
  • License upgrade / log sources audit tuning
  • Fine-tuning correlation rules
  • Manual installation of Protocol and DSM updates

Results

Well-armed with QLean monitoring tool, the customer’s security team is implementing a series of measures based on the tool’s reports.

Technologies and Tools

QLean for IBM® Security QRadar® SIEM system.

Need help with a similar project?
Drop us a line, and our rep will contact you within 30 minutes to arrange an initial discussion.
MORE CASE STUDIES