Transcription
IBM SoftwareData SheetIBM Security QRadarVulnerability ManagerImprove security and compliance by prioritizingsecurity gaps for resolutionHighlightsHelp prevent security breaches bydiscovering and highlighting high-riskvulnerabilities from a single, integrateddashboard Prioritize remediation and mitigationactivities by understanding the completenetwork contextEnable seamless integration with IBM Security QRadar SIEM to get dynamic,up-to-date asset information for proactivevulnerability managementConduct rapid network scans—periodically or dynamically—to findsecurity weaknesses and minimize risksAutomate regulatory compliance withcollection, correlation and reportingFor many organizations, managing network vulnerabilities is a lesson infrustration. Vulnerability scans are typically conducted in response tocompliance mandates, and they can reveal up to tens of thousands ofexposures—depending upon network size. Scan results are often acomplex puzzle of misconfigured devices, unpatched software, andoutdated or obsolete systems. And security administrators must struggleto quickly identify and remediate or mitigate the exposures that posethe greatest risk.At the same time, security breaches are dramatically increasing for allkinds of organizations. From e-commerce and social-networking giants tohealthcare, universities, banks, governments and gaming sites, the breadthof breach targets is vast. While the number of disclosed vulnerabilitiescontinues to rise, the number of incidents that result in the loss, theft orexposure of personally identifiable information has been increasing at arate of nearly 40 percent.1 IBM Security QRadar Vulnerability Manager can help organizationsminimize the chances of a network security breach by using a proactiveapproach to finding security weaknesses and minimizing potential risks.It uses a proven vulnerability scanner to collect up-to-date results, butunlike other solutions, it leverages the capabilities of IBM QRadarSecurity Intelligence Platform to present the data within the overallcontext of the network usage, security and threat posture. Designed toconsolidate results from multiple vulnerability scanners, risk management
IBM SoftwareData SheetGet a single, prioritized view of potentialvulnerabilitiessolutions and external threat intelligence resources, QRadarVulnerability Manager operates like a centralized control centerto identify key security weaknesses that need to be addressed tohelp thwart future attacks.QRadar Vulnerability Manager is helping redefine how ITsecurity teams collect and use vulnerability assessment data—transforming a tedious monthly or quarterly scanning andreporting activity into an insightful, continuous monitoringprogram. Its intuitive user interface provides completevisibility across dynamic, multi-layered networks. Organizationscan now:QRadar Vulnerability Manager helps security teams identifyresource configuration issues, understand the impact ofsoftware patching schedules, coordinate with intrusionprevention systems to block open connections, and establishcontinuous monitoring of systems that can’t otherwise beremediated—all from a single, integrated dashboard. By correlating vulnerability data with QRadar SIEM event and threatanalysis, IBM Security QRadar Risk Manager device configuration and network traffic analysis, and external databases, including IBM X-Force threat intelligence, QRadar VulnerabilityManager can help organizations build actionable plans fordeploying their often constrained IT staffing resources. Andsince it is already integrated with QRadar Security IntelligencePlatform, security teams have one less system to install,configure and manage. Select a dashboard view and click through related tabs toreview security offenses, log events, network flows, assetstatuses and configurations, reports, risks and vulnerabilitiesCreate, edit and save asset searches and scans for moreintelligent monitoringMake faster, more informed decisions with a prioritized,consolidated view of scan dataHelp coordinate patching and virtual patching activities, anddirect intrusion prevention systems (IPSs) to block potentialattack paths for maximum impactIBM Security QRadar Vulnerability Manager provides a single, integrated dashboard for viewing multiple vulnerability assessment feeds and threat intelligencesources. This way, security teams can quickly identify the exposures that pose the greatest risk.2
IBM SoftwareData SheetStand-alone, independent vulnerability-scanning solutions cantake considerable time to scan large address spaces for assets,servers and services, and their scan results can be out of datequickly. These point solutions also require additional infrastructure and include different technologies for network, applicationand database scanning—all requiring additional administration.And after identifying an often incomplete sea of vulnerabilities,the point solutions do not include any contextual informationfor helping security teams prioritize their tasks for remediation.QRadar Vulnerability Manager includes an embedded scanningengine that can be set up to run both dynamic and periodicscans, providing near real-time visibility of weaknesses thatcould otherwise remain hidden. Leveraging the passive assetdiscovery capabilities of IBM Security QRadar QFlow andLog Collector appliances, any new asset appearing on thenetwork can be immediately scanned. As a result, organizationscan reduce their exposure to advanced threats between regularscanning cycles and help ensure compliance with the latestsecurity regulations.Thwart advanced threatsUsing the same rules-based approach as QRadar SIEM,QRadar Vulnerability Manager helps minimize false positivesand filters out vulnerabilities already classified as nonthreatening. For example, applications may be installed on aserver, but they may be inactive, and therefore not a securityrisk; devices that appear exposed may actually be protected bya firewall; or endpoints that have vulnerabilities may alreadybe scheduled for patching.Unlike the random, brute-force attacks of the past, today’sorganizations must guard against “advanced persistentthreats”—that is, a complex series of attacks that often takeplace over a prolonged timeframe. Using a range of tacticsfrom zero-day exploits to custom malware to simply trolling forunpatched systems, these attackers consistently probe their targets using a “low-and-slow” approach until they find a securitygap. Organizations can use more intelligent tools like QRadarVulnerability Manager to improve their defenses by regularlyscanning and addressing as many high-impact vulnerabilitiesas possible.QRadar Vulnerability Manager maintains a current networkview of all discovered vulnerabilities, including details such aswhen the vulnerabilities were found, when they were last seen,what scan jobs reported the vulnerabilities, and to whom thevulnerability is assigned for remediation or mitigation. Thesoftware also presents historic views of daily, weekly andmonthly trends, and it can produce long-term trending reports,such as the month-by-month trend of Payment Card Industry(PCI) failure vulnerabilities discovered over the past year.Most vulnerability scanners simply identify large numbers ofexposures and leave it up to security teams to understand theseverity of risks. These tools are often not integrated with theexisting security infrastructure and require additional manualeffort to align with the current network topology, usage information and security processes. Many of these tools are usedsimply for compliance, rather than as an integral part of athreat and security management program.3
IBM SoftwareData SheetIdentifying high-priority vulnerabilitiesSTOPSTOPSTOPAttacks or threat sourcesFirewall—Address blockedSTOPIntrusion prevention solutions—Connection blockedEndpoint managers—Patch scheduledInactive applicationAsset is vulnerableIBM Security QRadar Vulnerability Manager:Real-time visibility and automatic remediationQRadar Vulnerability Manager uses security intelligence to help filter vulnerabilities. This enables organizations to understand how to prioritize their remediation ormitigation activities.Address compliance mandatesWith QRadar Vulnerability Manager, organizations can: Regulatory requirements are forcing organizations of all sizes todevelop vulnerability management programs to help ensureproper control of sensitive IT assets. QRadar VulnerabilityManager helps organizations facilitate compliance by conducting regular network scans and maintaining detailed audit trails.It categorizes each vulnerability with a severity rating and anexposure score. In addition to scanning assets both internallyand externally, QRadar Vulnerability Manager enables securityteams to create tickets to manage remediation activities andspecify exceptions with a full audit trail.Leverage existing appliance infrastructure and securityintelligence data to seamlessly conduct automated scans fornetwork vulnerabilitiesDetect when new assets are added to the network, whenassets start behaving abnormally, or when assets might bepotentially compromised—using log events and network flowdata—and perform immediate scans to help ensure protectionand improve visibilityHelp improve productivity by enabling security teams tofocus on a small, manageable number of high-priority events,eliminating false positives and correlating results withnetwork-blocking activities4
IBM SoftwareData SheetWith QRadar Vulnerability Manager, organizations can: Orchestrate a high volume of concurrent assessments withoutdisturbing normal network operations—multiple stakeholderscan scan and rescan the network as needed for remediationverificationSummarize vulnerability assessments by day, week and monthfor effective reporting and visibility of trendsRun scans from both inside and outside the networkCapture an audit trail of all vulnerability management activities, including discovery, assignments, notes, exceptions andremediation Extend your security intelligenceQRadar Vulnerability Manager combines the real-time securityvisibility of QRadar Security Intelligence Platform with theresults of proven vulnerability-scanning technology. As part ofthe QRadar SIEM architecture, QRadar Vulnerability Managercan be quickly activated via a licensing key—requiring no additional hardware or software. This can result in considerable costsavings, since security teams do not normally have to deploynew technologies or learn a new interface. They can simplygenerate reports from within the familiar QRadar productfamily user interface. Apply proactive securityIn a world where no networks are truly secure, QRadarVulnerability Manager enables organizations to more effectivelyprotect their environments using an extensive line of proactivedefenses, including:Key integrations for QRadar Vulnerability Manager include: IBM Security SiteProtector System: Provides virtualpatching capabilities using network IPS signatures to protectagainst exploits of identified vulnerabilities by blockingassociated connectionsX-Force threat intelligence feed: Supplies up-to-dateinformation on recommended fixes and security advice foractive vulnerabilities, viruses, worms and threatsIBM Endpoint Manager: Streamlines remediation tasksby automatically managing patches to hundreds of thousandsof endpoints, including the latest mobile devices; providesintegrated reporting for real-time monitoring of patchprogressIBM Security AppScan : Supports web application vulnerability assessments, enabling QRadar Vulnerability Managerto provide visibility and prioritization of web applicationvulnerabilities within its integrated dashboardIBM InfoSphere Guardium VulnerabilityAssessment: Supports scanning of database infrastructure,enabling QRadar Vulnerability Manager to provide visibilityand prioritization of database vulnerabilities within itsintegrated dashboardQRadar SIEM: Provides the appliance infrastructure forconducting network scans, the asset database for loggingand tracking vulnerability management activities, the passivenetwork detection capabilities for discovering newly addedassets, and all the contextual security intelligence data neededto build and execute actionable vulnerability managementplansQRadar Risk Manager: Reveals current and historicalnetwork connection data to show how vulnerabilities relateto the overall network topology—including how firewall andIPS rules affect the exploitability of specific assets from internal and external threat sources 5High-speed internal scanning, which helps preserve networkperformance and availabilitySupport for discovery, non-authenticated, authenticated andOpen Vulnerability Assessment Language (OVAL) scansExternal scanning capabilities to see the network from anattacker’s viewpoint and help facilitate complianceSingle-click investigations from dashboard screens and deep,rules-based, rapid searching capabilities to learn more aboutspecific events or identify long-term trendsSuppression of acceptable, false positive or otherwisenon-mitigated vulnerabilities from ongoing reportingVulnerability assignment and remediation lifecyclemanagementFull audit trail for compliance reporting
Why IBM?IBM Security offers one of the most advanced and integratedportfolios of enterprise security products and services. Theportfolio, supported by world-renowned X-Force researchand development, provides security intelligence to help organizations holistically protect their people, infrastructures, dataand applications, offering solutions for identity and accessmanagement, database security, application development, riskmanagement, endpoint management, network security andmore. These solutions enable organizations to effectivelymanage risk and implement integrated security for mobile,cloud, social media and other enterprise business architectures.IBM operates one of the world’s broadest security research,development and delivery organizations, monitors 13 billionsecurity events per day in more than 130 countries, and holdsmore than 3,000 security patents. Copyright IBM Corporation 2013IBM CorporationSoftware GroupRoute 100Somers, NY 10589Produced in the United States of AmericaJune 2013IBM, the IBM logo, ibm.com, AppScan, Guardium, InfoSphere,SiteProtector, and X-Force are trademarks of International BusinessMachines Corp., registered in many jurisdictions worldwide. Otherproduct and service names might be trademarks of IBM or othercompanies. A current list of IBM trademarks is available on the web at“Copyright and trademark information” at ibm.com/legal/copytrade.shtmlQRadar is a registered trademark of Q1 Labs, an IBM Company.For more informationThis document is current as of the initial date of publication and may bechanged by IBM at any time. Not all offerings are available in everycountry in which IBM operates.To learn more about IBM Security QRadar VulnerabilityManager, please contact your IBM representative orIBM Business Partner, or visit:THE INFORMATION IN THIS DOCUMENT IS PROVIDED“AS IS” WITHOUT ANY WARRANTY, EXPRESS ORIMPLIED, INCLUDING WITHOUT ANY WARRANTIESOF MERCHANTABILITY, FITNESS FOR A PARTICULARPURPOSE AND ANY WARRANTY OR CONDITION OFNON-INFRINGEMENT. IBM products are warranted according to theterms and conditions of the agreements under which they are SWI60Additionally, IBM Global Financing can help you acquirethe software capabilities that your business needs in the mostcost-effective and strategic way possible. We’ll partner withcredit-qualified clients to customize a financing solution tosuit your business and development goals, enable effectivecash management, and improve your total cost of ownership.Fund your critical IT investment and propel your businessforward with IBM Global Financing. For more information,visit: ibm.com/financingThe client is responsible for ensuring compliance with laws and regulationsapplicable to it. IBM does not provide legal advice or represent or warrantthat its services or products will ensure that the client is in compliance withany law or regulation.Statement of Good Security Practices: IT system security involvesprotecting systems and information through prevention, detection andresponse to improper access from within and outside your enterprise.Improper access can result in information being altered, destroyed ormisappropriated or can result in damage to or misuse of your systems,including to attack others. No IT system or product should be consideredcompletely secure and no single product or security measure can becompletely effective in preventing improper access. IBM systems andproducts are designed to be part of a comprehensive security approach,which will necessarily involve additional operational procedures, and mayrequire other systems, products or services to be most effective. IBM doesnot warrant that systems and products are immune from the malicious orillegal conduct of any party.1“IBM X-Force 2012 Trend and Risk Report,” IBM Security Systems,March 2013. mlPlease RecycleWGD03027-USEN-00
QRadar Vulnerability Manager combines the real-time security visibility of QRadar Security Intelligence Platform with the results of proven vulnerability-scanning technology. As part of the QRadar SIEM architecture, QRadar Vulnerability Manager can be quickly activated via a lic
