StealthINTERCEPT® Integration with IBM® Security QRadar® SIEM
IBM Security QRadar SIEM is the market leader for Security Incident Event Management (SIEM). Utilized by thousands of organizations, QRadar provides a powerful, unified security intelligence platform for collecting, correlating, querying, reporting, and alerting on security incidents, while combining sophisticated analytics with out-of-the-box rules, reports, and dashboards.
The native logs that all SIEM solutions depend upon from technologies like Active Directory, Exchange, and Windows File Systems, however, do not supply the level of detail required to obtain true contextual awareness of what the change and access events occurring within these systems and applications mean to the business.
STEALTHbits’ StealthINTERCEPT Windows Activity Monitor for QRadar solves these issues through the ability to monitor all activity, with all the details, in real time, and without reliance on native logging. The enhanced visibility StealthINTERCEPT provides includes specifics on changes and activities occurring within Active Directory, File Systems, Exchange, and more, enabling organizations leveraging QRadar to easily detect critical scenarios like brute force attacks, horizontal movement of accounts, permission elevations, unusual login patterns, and privileged accounts usage.
The Benefits of Integration
- Scalable, Detailed Event Monitoring
- StealthINTERCEPT’s kernel-level driver technology reduces application and system overhead while gathering greater event detail not available in native logs.
- Early Detection
- The feed QRadar receives from StealthINTERCEPT is provided in real-time, publishing and producing alerts via QRadar in just milliseconds from the time the event occurred.
- Faster Remediation
- Before and After value capture provides the full picture of what changed and what the previous value of the change was.
- Surgical Analysis and Control
- StealthINTERCEPT’s built-in analysis and filtration capabilities enables administrators to feed just the events they care about most into QRadar, limiting the amount of data QRadar needs to digest and correlate.
- Extended Monitoring Visibility
- StealthINTERCEPT provides details about changes and access events that simply aren’t available via native logs, such as who modified a Group Policy Object, from where, when, and what the change actually was.
- Enhanced Identification
- Additional details of who made the change including IP Addresses enhances QRadar’s correlation capabilities with other events occurring elsewhere in the environment.