Achieving Greater Security Intelligence Through Architectural Assessments of QRadar

As black hat hackers amp up their game, financial institutions have to do the same. Security postures and associated infrastructures need to be in a constant state of revision if they are going to be one step ahead of emerging cyber threats. And while many businesses are already utilizing the power that QRadar has in enforcing overall security posture, too many financial organizations have a “set it and forget it” mindset when it comes to the overall monitoring and configuration of their QRadar environments. This can be a dangerous mistake.

The Ever-Changing Landscape

As advanced as QRadar is, its effectiveness is limited by how it is configured. And while an organization may have configured QRadar a year ago for a thoroughly hardened threat detection and remediation solution, threat vectors will have since changed and evolved, rendering the current QRadar infrastructure susceptible to attack.

Changing attack vector detection is especially important when it comes to the types of data QRadar is configured to analyze, detect, and report on. This directly affects the rules that are running to ensure the environment maintains compliance with security policies. For financial institutions, this is especially critical due to the data- and regulation-intense nature of the business. To help maintain the upper hand in all potential situations, we have designed an architectural review process that keeps QRadar a step ahead of cyber attackers.

The Champion Methodology

Our architectural assessment revolves around three primary functions of QRadar: data collection, data analysis and data reporting. These are the key configurations that need to be as up-to-date as possible to make sure that an organizational security posture is being properly enforced.

  • Data Collection: The ability of QRadar to collect the correct data from all appropriate sources is one of the most dynamic functions that we address. This includes reviewing the data types gathered directly from your network appliances and devices, as well as from QRadar Event Collectors and QRadar QFlow collectors. By updating the sources and types of data collected, your QRadar environment is able to more accurately parse it while ensuring that any new devices added to your environment are covered by your security policy.
  • Data Analysis: Once your data sources and types have been assessed and updated accordingly, the event data being fed into the Custom Rules Engine (CRE) will more accurately determine new rule baselines. This allows for more accurate SIEM representation and threat detection rules from which alerts can be generated, meaning that you will see an increased amount of security intelligence in terms of vulnerability scanning. An additional benefit of assessment at this level is to give insights into the storage capacities allocated to QRadar by identifying if your business needs to add data nodes (thereby needing to allocate more storage to QRadar), or to retract data nodes (allowing for the recovery of storage space), thus allowing you to align your data center requirements more accurately.
  • Data Reporting: At this point your data collection and analysis processes have been assessed and modified to align the infrastructure to your security posture. Now, we dive into what information is being presented by the reports generated in the QRadar Console. We work with organizations to make sure that they are seeing everything that they need to see in terms of vulnerability and threat detection reports, with an emphasis on the reporting of any new data sources and data types, as well as new or adjusted CRE rules.

This comprehensive approach in a QRadar architectural assessment assures those in financial organizations that they will not only adhere to their business security posture, but that they will continue to meet PCI and other regulatory compliances.

So, About That QRadar Architectural Assessment

In assessing all three layers of an organization’s Qradar environment, financial institutions will decrease overhead while vastly improving security prevention and threat mediation policies, while giving a distinct level of reporting for PCI auditing purposes. Champion has long helped clients perform periodic QRadar architectural reviews and assessments, ensuring a hardened security posture that is impenetrable to the next generation of black hat attacks.

PREV

N.Y. Department of Financial Services Makes Adjustments to their Cybersecurity Regulations

NEXT

A Guide for VM-aware Storage

WRITTEN BY:

Erick Bacallao joined Champion Solutions Group in 2015 after a career of Software Development in Cuba at the National Cancer Care Institute of Cuba, followed by moving to the States with allAware.

 

Champion acquired allAware and its properties and Erick has utilized his extensive background and expertise in IT and Software Development to rise to VP of Product Development in less than 5 years. During this time, Erick has been involved with key projects that led to the launch of numerous products including CSP Boss, Inscape platform and 365 Productivity Insights.

 

Erick has a Bachelor of Science in Computer Science from the University of Havana. He won Gold Medals for Programming from the Ministry of Education in Cuba, and he is certainly still a Gold Medalist for Champion!

 

As President and CEO, Chris is responsible for the development of key strategic alliances and solution portfolio. He leads Champion’s go-to market and execution strategies for integrated offerings in the cloud, in security, and in digital infrastructure, always focusing on improving the customer experience and driving transformative business outcomes.

 

He also aligns key partner initiatives with company strategy and oversees corporate marketing and messaging to gain mindshare with customers and partners. It’s his vision and innovativeness that have catapulted Champion up the ranks to become a $100M+ organization—and one of the most respected solution providers in the industry.

 

Over the past two decades, Chris has also focused on mergers and acquisitions, as well as innovative product development. He is the original founder and an active member on the Board of Managed Maintenance, Inc., a SAAS provider and consulting firm that utilizes their award-winning One-View Portal to help the IT Channel and its customers manage their IT Maintenance.

 

Chris is also the original founder and chief strategist behind one of the original storage cloud providers, Storage Access / BluePoint. During the course of a few short years, he had raised $20M and took that company public on the Toronto Stock Exchange. It has since been acquired by Pomeroy.

 

In 2012, Chris led the acquisition of MessageOps and continued the product development and worldwide launch of its premier SAAS, 365 Command. Built on Microsoft Azure, 365 Command is currently managing over 1 million seats of Microsoft’s Office 365. After achieving this phenomenal milestone, 365 Command and other MessageOps O365 utilities were sold to Kaseya.

 

Over the past 35 years, Chris as worked tirelessly to not only advance his own career, but those of his employees. In addition to leading a $100M organization, Chris can also be found sitting with sales teams, cold calling and coaching, and validating why Champion has been listed on Best Places to Work by both South Florida Business Journal and Computerworld.

Ultimately, the success garnered by Champion Solutions Group, its associated companies, and their employees is due in large part to the leadership of its President and CEO. Perhaps the most fitting award Chris has earned is South Florida Business Journal’s 2013 Ultimate CEO Award.