Having appropriate storage for hosting business-critical data and advanced Security Information and Event Management (SIEM) software for deep inspection, detection, and prioritization of threats has become a necessity for any business. This IBM® Redpaper publication explains how the storage features of IBM Spectrum® Scale, when combined with the log analysis, deep inspection, and detection of threats that are provided by IBM QRadar®, help reduce the impact of incidents on business data. Such integration provides an excellent platform for hosting unstructured business data that is subject to regulatory compliance requirements.
This paper describes how IBM Spectrum Scale File Audit Logging can be integrated with IBM QRadar. Using IBM QRadar, an administrator can monitor, inspect, detect, and derive insights for identifying potential threats to the data that is stored on IBM Spectrum Scale. When the threats are identified, you can quickly act on them to mitigate or reduce the impact of incidents. We further demonstrate how the threat detection by IBM QRadar can proactively trigger data snapshots or cyber resiliency workflow in IBM Spectrum Scale to protect the data during threat.
This third edition has added the section "Ransomware threat detection", where we describe a ransomware attack scenario within an environment to leverage IBM Spectrum Scale File Audit logs integration with IBM QRadar.
This paper is intended for chief technology officers, solution engineers, security architects, and systems administrators.
This paper assumes a basic understanding of IBM Spectrum Scale and IBM QRadar and their administration.
Table of contents
- Securing Data on Threat Detection by Using IBM Spectrum Scale and IBM QRadarFront cover
Securing Data on Threat Detection by Using IBM Spectrum Scale and IBM QRadar
Introduction to IBM Spectrum Scale
- Introduction to IBM QRadar
- IBM QRadar with IBM Spectrum Scale: Identifying threats to data and acting on potential incidents
- IBM Spectrum Scale cluster configuration
- IBM QRadar with IBM Spectrum Scale: Proactively trigger a Data Protection/Cyber Resiliency workflow on threat detection
- Ransomware threat detection
- Supported platforms
- Appendix A: Custom script to take a snapshot
- Appendix B: Sample IBM QRadar rules based on file access pattern or file extensions
- Appendix C: Sample script for basic check on file type
- Appendix D: Sample list of known ransomware file extensions
- Now you can become a published author, too
- Stay connected to IBM Redbooks
- Introduction to IBM Spectrum Scale
- Back cover
- Title: Securing Data on Threat Detection by Using IBM Spectrum Scale and IBM QRadar: An Enhanced Cyber Resiliency Solution
- Release date: September 2021
- Publisher(s): IBM Redbooks
- ISBN: 9780738460017
You might also like
Hands-On Python Foundations Scenarios - Getting started with Python
A comprehensive course for aspiring Python developer to learn how to write their own scripts and …
Mastering Palo Alto Networks
Dominate and take control of all the features that Palo Alto firewalls can offer to protect …
Python Crash Course, 2nd Edition
This is the second edition of the best selling Python book in the world. Python Crash …
Red Hat Certified System Administrator (RHCSA) RHEL 9
14+ Hours of Video Instruction Get intensive, hands-on RHEL 9 training with Sander van Vugt in …