HAWTHORNE, NJ, FEBRUARY 24th, 2014 - STEALTHbits Technologies Inc., leading supplier of unstructured data and Microsoft infrastructure solutions, the release of a new connector for IBM Security QRadar® SIEM, which feeds QRadar real-time, detailed security and change event details from Active Directory, Exchange, and File Systems using STEALTHbits’ StealthINTERCEPT real-time change and access monitoring platform. With this release, the StealthINTERCEPT Windows Activity Connector for QRadar will supply QRadar with broader, deeper, more surgical visibility into the change and access events occurring within AD, Exchange, and File Systems than native log facilities can provide alone, making the industry’s already leading SIEM platform even better.
The primary problem organizations face in connecting SIEM applications directly to Microsoft event logs is that there’s too much data, containing too little information. Active Directory Security Logs, for example, exclude critical change details made to Group Policy Objects; settings that could have far reaching affects from security and compliance to operations. Similarly, enabling diagnostic logging on Windows File Servers typically produces extensive resource overhead, causing servers to crash and outages to occur.
The QRadar/StealthINTERCEPT integration provides:
- Real-time Interception – StealthINTERCEPT’s kernel-level driver technology filters out the “noise”, intercepting the critical events that matter most, while also reducing the application and system overhead that results from enabling native logging facilities.
- Surgical Analysis and Control – StealthINTERCEPT’s built-in analysis and filtration capabilities enables administrators to feed just the events they care most about into QRadar, limiting the amount of data QRadar needs to digest and correlate.
- Early Detection – The feed QRadar receives from StealthINTERCEPT is provided in real-time, publishing and producing alerts via QRadar in just milliseconds from the time the event occurred.
- Extended Monitoring Visibility – StealthINTERCEPT provides details about changes and access events that simply aren't available via native logs, such as who modified a Group Policy Object, from where, when, and what the change actually was.
- Faster Remediation – Before and After value capture provides the full picture of what changed and what the previous value of the change was.
- Enhanced Identification – Additional details of who made the change including IP Addresses enhances QRadar’s correlation capabilities with other events occurring elsewhere in the environment.
StealthINTERCEPT is already the market visionary on Active Directory, Exchange, and File System security monitoring and protection. With the additional context StealthINTERCEPT feeds to QRadar, customers will obtain a whole new level of insight into security threats and how malicious insiders and outsiders are gaining access to sensitive data and more.
Kevin Foisy, Chief Software Architect, STEALTHbits Technologies, Inc.
“StealthINTERCEPT is more than just a sound investment for QRadar customers, for anyone running Microsoft technologies…it’s a must have. By injecting our interception technology directly into the OS security layer, StealthINTERCEPT is able to feed discreet and critical Active Directory security events into QRadar in real-time; you just can’t get this from native logs. And since Active Directory is the hub of security in the Microsoft world, you really need this integration to get the big picture; without it, you’re missing half the picture.”
The StealthINTERCEPT Windows Activity Connector for QRadar is now available worldwide.
For more information on the StealthINTERCEPT Windows Activity Connector for QRadar, visit www.stealthbits.com/QRadar