Thwarting potential attacks
The platform currently analyzes 700 events per second, correlating millions of events into a coherent “story” that has helped the MUHC security personnel reduce incident response time and thwart attacks.
“We typically uncover approximately five serious cases a year,” says a CSS senior security analyst. “We can identify threats as they emerge, and act quickly so we can stop them very early on, before they can do any damage.”
The organization’s short-term priority is to include context into events by working with IBM to integrate vulnerability and risk-related information with the existing protection measures in place. This work will increase the level of intelligence in high-priority risk identification to help MUHC reduce the time and effort required in prioritizing actionable events, which, in turn, helps security staff to reduce the organization’s overall risk.
“By combining asset vulnerability information based on the network with application data that provides the actual degree of exposure to an identified threat, we can more quickly see if we have potential holes in our network that require imminent attention, and we can understand the risk, so we can concentrate on the riskiest issues first,” says a CSS senior security analyst.
Teaming with IT to improve operations
A side benefit, according to the MUHC, has been improved network performance and availability.
“We’ve been able to identify and help our IT staff in validating configurations that might affect network or system availability and create noise on the wire, which can reduce the security visibility,” says a CSS senior security analyst. “We have shown in numerous cases the value of the platform to both business and IT executives, and QRadar is now part of organizational processes, such as troubleshooting, forensics, monitoring and alerting. A quick demo caught our executives’ attention and won them over quickly.”
He concludes, “The load of information that we have to treat from infrastructure IT systems, administrative systems, clinical applications and biomedical systems is overwhelming for any security team in a similar context. QRadar helps clear the noise on the wire and enables us to gain the clarity we need to evaluate the threats efficiently. In a world of interconnectivity and network convergence, QRadar also brings value to the business. Monitoring biomedical equipment critical to human life and confirming its availability is a clear example of how security becomes a business enabler and not just an IT ‘toy.’”