Cyber Threat Intelligence

IntelliGO Networks has partnered with IBM's QRadar team to offer unprecendent threat intelligence. IBM® QRadar® Security Intelligence Platform provides a unified architecture for integrating security information and event management (SIEM), log management, anomaly detection, incident forensics, incident response, and configuration and vulnerability management. It uses an advanced Sense Analytics Engine to detect advanced threats while providing greater ease of use and lower total cost of ownership. The platform includes:

  • Log Management: A basic, high-performance and scalable solution for collecting, analyzing, storing and reporting on large volumes of network and security event logs.
  • Security Information and Event Management (SIEM): An advanced offering that consolidates log source and network flow data from thousands of assets, devices, endpoints and applications distributed throughout a network. It infuses raw data with historical and real-time context using Sense Analytics to help reduce noise and provide highly accurate incident detection.
  • Network Behavioral Anomaly Detection (NBAD): Provides visibility to user behavioral anomalies and insider threats as a free app for QRadar clients.
  • Governance Risk & Compliance: Governance, Risk and Compliance (GRC) solutions enable you to adapt to change and meet risk and regulatory compliance challenges head on with truly innovative technology that is predictive, adaptive, integrated and useful.
  • Vulnerability Managment: A tightly integrated solution for identifying asset, network device and application security vulnerabilities that helps prioritize patching activities.
  • Incident Forensics: A full packet capture solution for retrieving indisputable evidence of network activity associated with a security investigation using Internet search technology. All network transfers are processed and indexed to reveal content in their original, human readable form.

Log Management

IntelliGO offers IBM® QRadar® Log Manager collects, analyzes, stores and reports on network security log events to help organizations protect themselves against threats, attacks and security breaches. At the heart of the system is the QRadar Sense Analytics engine for converting raw events from network and security devices, servers and operating systems, applications, endpoints and more into actionable, searchable intelligence data. IBM QRadar Log Manager helps organizations meet compliance monitoring and reporting requirements and it can be seamlessly upgraded to QRadar SIEM for a higher level of threat protection.

  • Captures and processes event data: from thousands of sources in real time, providing visibility to developing threats and helping to meet continuous monitoring requirements.
  • Scales to support millions of events per second: within a single unified database in real time.
  • Provides rich compliance reporting capabilities: to help meet or exceed regulatory requirements.
  • Installs in cloud environments: to deliver log management functionality.
  • Offers high-availability and disaster-recovery options: to help maintain uninterrupted log source data collection and storage.

Security Information and Event Management

Intelligo Offers IBM QRadar SIEM. IBM® QRadar® SIEM consolidates log events and network flow data from thousands of devices, endpoints and applications distributed throughout a network. It normalizes and correlates raw data to identify security offenses, and uses an advanced Sense Analytics engine to baseline normal behavior, detect anomalies, uncover advanced threats, and remove false positives. As an option, this software incorporates IBM X-Force® Threat Intelligence which supplies a list of potentially malicious IP addresses including malware hosts, spam sources and other threats. IBM QRadar SIEM can also correlate system vulnerabilities with event and network data, helping to prioritize security incidents.

  • Provides real-time visibility to the entire IT infrastructure for threat detection and prioritization.
  • Reduces and prioritizes alerts to focus security analyst investigations on an actionable list of suspected, high probability incidents.
  • Enables more effective threat management while producing detailed data access and user activity reports.
  • Produces detailed data access and user activity reports to help manage compliance.
  • Operates across on-premises and cloud environments.
  • Offers multi-tenancy and a master console To help managed service providers provide security intelligence solutions in a cost-effective manner.

Network Behavioural Anomaly Detection

IntelliGO Networks Offers IBM QRadar NBAD. IBM ® QRadar ® QFlow Collector integrates with IBM QRadar SIEM and flow processors to provide Layer 7 application visibility and flow analysis to help you sense, detect and respond to activities throughout your network. This combined solution, powered by the advanced IBM Sense Analytics Engine™, gives you greater visibility into network activity to better detect threats, meet policy and regulatory compliance requirements, and minimize risks to mission-critical services, data and assets.

  • Threat detection: IBM QRadar QFlow Collector uses deep packet inspection technology on application-level network flow data to sense and detect new security threats without relying upon vulnerability signatures. You gain visibility to malware, viruses and anomalies through behavior profiling for all network traffic including applications, hosts and protocols.
  • Policy and regulatory compliance management: You can identify and correct out-of-policy behavior, applications running over nonstandard ports, users logging on to critical servers with clear-text user names and passwords, and the use of unencrypted protocols in sensitive areas of the network.
  • Social media monitoring: With IBM QRadar SIEM and IBM QRadar QFlow Collector, you can monitor and analyze activity on social media platforms and multimedia applications to detect potential threats to your network. Near real-time user behavior anomaly detection and content capture capabilities make it easier to detect malware, recognize vulnerabilities, and monitor your team’s social communications including their usage patterns.
  • Advanced incident analysis and insight: You can perform near real-time comparisons of application flow data with log events sent from security devices. The correlation between log and flow data can provide visibility to serious threats that might otherwise go undiscovered.
  • Continuous asset profiling: Automatically identify and classify new assets found on your network, and discover which ports and services they are running. These profiling capabilities can alert you when new systems or services are added and configuration changes occur.

Governance Risk and Compliance

IntelliGO Networks and IBM QRadar Risk Managemer. IBM® QRadar® Risk Manager monitors network topology, switch, router, firewall and Intrusion Prevention System (IPS) configurations and senses conditions that create security risks. It also simulates network attacks and models configuration changes to assess their security impact. IBM QRadar Risk Manager integrates with IBM QRadar SIEM to obtain event, context and flow data. It correlates vulnerability data—including information from IBM QRadar Vulnerability Manager—with network topology and connection data to prioritize application vulnerabilities and intelligently manage and reduce risk. A policy engine automates compliance checks, enabling risk dashboards, and historical compliance reports.

  • Provides network topology and connection visualization tools to view current and potential network traffic patterns.
  • Correlates asset vulnerabilities with network configuration and traffic data to identify active attack paths and high-risk assets.
  • Simulates network threats, including the potential spread of an attack across the network.
  • Monitors network traffic to help improve compliance with policies.

Vulnerbility Management

IntelliGO Networks offers IBM Vulnerability Manager. IBM® QRadar® Vulnerability Manager proactively senses and discovers network device and application security vulnerabilities, adds context and supports the prioritization of remediation and mitigation activities. It is fully integrated with the IBM QRadar Security Intelligence Platform, and uses advanced analytics to enrich the results of both scheduled and dynamic vulnerability scans with network asset information, security configurations, flow data, logs and threat intelligence to manage vulnerabilities and achieve compliance. IBM QRadar Vulnerability Manager helps you develop an optimized plan for addressing security exposures. Unlike stand-alone tools, the solution integrates vulnerability information to help security teams gain the visibility they need to work more efficiently and reduce costs. IBM QRadar Vulnerability Manager can be quickly activated with a licensing key and requires no new hardware or software appliances. IBM QRadar Vulnerability Manager:

  • Helps prevent security breaches by sensing and highlighting over 70,000 known dangerous default settings, mis-configurations, software features and vendor flaws.
  • Provides a consolidated vulnerability view across major vulnerability products and technologies.
  • Uses advanced IBM Sense Analytics™ to add context, identify key vulnerabilities and prioritize remediation activities.
  • Integrates with IBM QRadar Security Intelligence Platform for easy installation, faster time to value and reduced deployment cost.
  • Performs intelligent, customizable scheduled and event-driven scanning, asset discovery and asset profiling for 360-degree, enterprise-wide visibility to your network.

Forensic Log/Packet Analysis

IntelliGO Networks offers IBM QRadar Incident Forensics. IBM® QRadar® Incident Forensics allows you to retrace the step-by-step actions of a potential attacker, and quickly and easily conduct an in-depth forensics investigation of suspected malicious network security incidents. It reduces the time it takes security teams to investigate QRadar offense records, in many cases from days to hours—or even minutes. It can also help you remediate a network security breach and prevent it from happening again. IBM QRadar Incident Forensics offers an optional IBM QRadar Packet Capture appliance to store and manage data used by IBM QRadar Incident Forensics if no other network packet capture (PCAP) device is deployed. Any number of these appliances can be installed as a tap on a network or sub-network to collect the raw packet data. IBM QRadar Incident Forensics:

  • Retraces the step-by-step actions of cyber criminals to provide deep insights into the impact of intrusions and help prevent their reoccurrence.
  • Security Posture Assessment: Encryption, Password protection, Operating System patch level, Anti-malware protection Patch management clients, Potentially unwanted applications (File sharing, toolbars, etc.), Endpoint detection & response (EDR) clients and more
  • Reconstructs raw network data related to a security incident back into its original form for a greater understanding of the event.
  • Integrates with IBM QRadar Security Intelligence Platform and offers compatibility with many third-party packet capture offerings.

Education

Higher Education institutions face many challenges when it comes to securing the network. The network infrastructure is complex, extensive, and heavily accessed making it difficult to secure. A large university may have tens of thousands of users accessing the network on a daily basis, each potentially requiring extensive access to resources throughout the IT environment. At the same time the extended network will have multiple segments requiring strict access control, such as a university-run healthcare organization with a need to protect electronic patient data (PHI), or a Registrar’s Office that not only needs to protect confidential student information, but may process credit card transactions necessitating that the university comply with specific standards such as PCI DSS. To assist IntelliGO Networks Partners with Best of Breed SIEM to offer:

  • Automated Suites for multiple regulatory compliances
  • Out-of-the-box, industry specific embedded expertise
  • Comprehensive reporting to support meaningful use
  • Multiple automation tools to enforce continuous compliance
  • Massively scalable for large IT environments
  • Global visibility throughout the network
  • Flexible deployment options to fit organizational requirements
  • Building block architecture for easy expansion
  • Industry leading support for custom applications
  • Powerful forensics for rapid breach reporting

Energy & Utilities

Because of the critical nature of protecting the nation’s power grid and its associated infrastructure, IT Security professionals in the energy/utility industry face a unique set of challenges. Network security for regulatory compliance is heavily mandated and tightly regulated, with multiple industry-specific requirements (NERC CIP, NRC, NEI, etc.) But the non-standard nature of many systems, such as SCADA devices, makes data collection for comprehensive cybersecurity difficult. IBM Qradar and the IntelliGO team delivers advanced network security and automated compliance assurance to protect the energy/utility industry against cybercrime, APTs and costly data breaches.

  • Logically identify and prioritize which SCADA assets are the likely targets of an attack
  • Establish visibility on resources that may be exploited to attack SCADA and/or classified networks
  • Establish a continuous monitoring program to identify anomalous behavioral patterns, defend against specific cyber threats, and protect critical assets
  • Meet industry specific regulatory such as NERC CIP, NRC RG 5.71, NEI 08-09 Rev 6, etc.

Financial & Insurance

Banks and other financial institutions face many challenges in securing their networks and satisfying an extensive list of compliance requirements, such as Gramm-Leach-Bliley (GLBA) and Sarbanes Oxley (SOX). In order to meet these governmental requirements, financial organizations must take extra steps to secure their customers’ information.

  • Out-of-the-box Reporting for compliance standards
  • Forensics at any scale
  • Extensive advanced correlation and pattern recognition
  • Automated behavioral and statistical analysis

Government

Municipal, Pronvincial and Federal government agencies comply with a myriad of regulations (FISMA, NERC CIP, HIPAA, DoDI, NIST CSF, etc.) and combat cyber threats. QRadar is an enterprise-class platform that seamlessly combines Log Management & SIEM, File Integrity Monitoring, Host Activity Monitoring, and Network Forensics into a single integrated solution. IBM QRadar addresses an ever-changing landscape of threats and challenges with a full suite of high performance tools for security, compliance, and operations. It delivers comprehensive, useful and actionable insight into what is really going on in and around an enterprise IT environment. IBM QRadar’s Security Intelligence Platform delivers:

  • Automated 3rd party security authorization with out of the box support for multiple regulations (FISMA, DoDI, HIPAA, NERC CIP, etc.)
  • Automated alerting on compliance violations
  • Identification, monitoring and protection of targeted assets and data
  • Independent monitoring of file integrity and host activity for extended visibility and endpoint protection


Health Care

With healthcare organizations moving increasingly to electronic means of storing Protected Health Information (PHI), protecting patient data becomes a much more important task for IT organizations. This is a difficult and complex job due to the rapidly growing number of diverse technologies used for processing and storing ePHI. Each Electronic Health Record (EHR) or Electronic Medical Record (EMR) has its requirements around protecting sensitive data. Components influencing this protection are as follows:

  • Automated Compliance Suite for HIPAA, Out-of-the-box, industry specific embedded expertise
  • PHI protection to meet meaningful use requirements
  • Custom support for EHR/EMR applications
  • Powerful forensics for rapid breach reporting
  • Integration for 3rd Party applications such as GoldCare and others.

Retail

The retail industry faces many challenges in meeting today’s extensive data security requirements and specific compliance regulations such as PCI DSS. These requirements are extensive. Failure to comply can result in costly fines, and in the event of compromised customer information through a data breach, the loss to revenue and reputation can be substantial. And yet a typical retail IT department’s priorities primarily focused on revenue-generating activities related to improving the customer experience, rather than those focused on breach prevention and protection of customer data.

  • Out-of-the-box Automation Suite for PCI DSS 3.0
  • Comprehensive capabilities to enforce continuous compliance Extensive automation to limit staff resource requirements
  • Advanced correlation and behavioral analysis
  • Protection from insider threats Identification of compromised user and customer credentials Fraud detection and prevention Simple scalability to accommodate company growth