Put Time Back on your Side with

QRadar XDR
IBM Security QRadar XDR
Agenda and Speakers

Lauren Horaist
- Problems SOC teams face today Director of Product
Management, Threat
Solutions Software
- Introduction to QRadar XDR Suite

- Demo: QRadar XDR Suite

Mark Neumann
IBM Executive
- Future of Threat Detection and Technical Sales
Response

Anshul Garg
Sr. Product
Marketing Manager
IBM Security / © IBM Corporation 2021 2
Cybersecurity
is becoming
more challenging

Factors most responsible for making cybersecurity

management and operations more difficult

An increase in the number of remote workers 41%

accessing the corporate network and / or applications
of organizations say cybersecurity
has become more difficult over An increase in the threat landscape 38%

the last two years An increase in the number of cloud applications

our organization uses 32%

Source: ESG, The State of Zero-trust Security Strategies, April 2021

IBM Security / © IBM Corporation 2021 3
Legacy defenses and security teams face
challenges against advanced threats

Costs and complexity Missed threats

Many siloed tools and disjointed Traditional approaches rely on
workflows can increase costs finding what’s known and can
miss new attacks

Poor visibility Struggle to keep up

Digital transformation and Today’s threats are extremely
cloud adoption have expanded complex and automated, humans
monitoring needs, but there can can have difficulty evaluating many
be blind spots fast-moving parts at once

IBM Security / © IBM Corporation 2021 4

How organizations can modernize
threat detection and response

Eliminate silos Unify workflows Automate work

Gain visibility across Work without pivoting Let machines do the heavy
data sources — from between tools lifting — whether mundane
the cloud to the core tasks or complex analysis

IBM Security / © IBM Corporation 2021 5

Enabling faster responses, stronger defenses

Security analysts typical Simplified workflow

workflow complexity using QRadar XDR

Review open incidents Open routed incident

Investigate in tool 2
• Fewer, more accurate
alerts with an open
Choose highest priority Investigate in tool 3 scalable approach
Review root cause analysis

Execute additional investigation • Leverage existing tools

Triage and investigate incident Investigate in tool 4
and avoid vendor lock in
Respond Add relevant response
Determine validity / severity • Streamlined workflow,
Perform root-cause analysis Review automated workflow reduced manual effort
Determine response steps thanks to automation
Mitigation steps 1 click to execute response actions

Incident Incident
• Pre-built detection and
Build / alter playbook
response so teams can
protect your organization,
Close incident
Respond in SOAR
Close incident
even without deep
security expertise

Source: Forrester Report, Adapt Or Die: XDR Is On A Collision Course With SIEM And SOAR, April 2021
IBM Security / © IBM Corporation 2021 6
IBM Security QRadar XDR, an Open, Connected Approach
IBM Security QRadar XDR

IBM Security
QRadar XDR Connect Connect your tools and automate your SOC using IBM and open third-party integrations

Open Source and Standards

EDR SIEM NDR SOAR Threat Intel Open Integrations

IBM Security IBM Security IBM Security IBM Security
QRadar SIEM QRadar NDR QRadar SOAR X-Force

Alien Vault Microsoft Azure

Azure Sentinel MySql

Windows Elastic
Vectra
Defender Search

More EDR Requires QRadar SIEM to integrate More Threat Intelligence Many More
Integrations with QRadar XDR Connect Integrations Open Integrations

IBM Security / © IBM Corporation 2021 7

IBM QRadar XDR Suite

See it in action: Demo

IBM Security / © IBM Corporation 2021 8

IBM QRadar XDR Suite

Product Overview

IBM Security / © IBM Corporation 2021 9

QRadar XDR Suite
XDR Connect
Connect insights across otherwise siloed security tools for
unified workflows, automated enrichment, purpose-built AI to IBM Security QRadar XDR
accelerate investigations, MITRE insights and rapid response.
XDR Connect
Endpoint Detection and Response Triage + Investigation + Hunting + Response + Automation
Automatically detect and stop threats such as ransomware
without requiring manual intervention. Open Source and Standards

Network Detection and Response

Threat
Detect threats and anomalies indicative of threats at the network EDR NDR SIEM SOAR Intel
level, where attackers cannot hide

SIEM Unified Security Platform

with Open Integrations
Address custom detection use cases, gain ML-driven insights
into suspicious user activity, and confidently report on
compliance.

SOAR
Orchestrate and automate response actions to accelerate MTTR
by 8x.
IBM Security / © IBM Corporation 2021 10
Managed Detection and Response Services

Enhance existing MDR services

with new QRadar XDR capabilities

• Improve threat visibility and investigation depth,

speed and consistency with automated analysis
of EDR, NDR and SIEM telemetry sources

• Provide pre-integrated and optimized detection

and response based on QRadar XDR suite, with
plans to include ReaQta

• Lower risk by detecting and responding to threat

faster while leveraging existing investments

• Stop threats faster with protection and

automated route cause analysis and
recommended response actions

IBM Security / © IBM Corporation 2021 11

Future of threat detection and response

Open, unified platform will accelerate threat

detection, investigation and response

Unified User Experience

Case Investigation & Dashboarding
Management Threat Hunting & Reporting

Natively integrated modular components

Data Lake SIEM EDR SOAR

3rd
Party
XDR Identity Data Apps
NDR
Connect Analytics Security
Common Integration Layer

Cloud-native IBM Security Platform

IBM Security / © IBM Corporation 2021 12

Next Steps
Simplifying Threat Detection
and Response
for the Hybrid World

Learn more about Watch the QRadar Reach out to your

QRadar XDR Suite XDR demo IBM rep to schedule
ibm.com/qradar Watch now a deep dive demo

IBM Security / © IBM Corporation 2021 13

Thank you

Follow us on: © Copyright IBM Corporation 2021. All rights reserved. The information contained in these materials is provided for
informational purposes only, and is provided AS IS without warranty, of any kind, express or implied. Any statement of
direction represents IBM’s current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM,
the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in
ibm.com/security the United States, other countries or both. Other company, product, or service names may be trademarks or service marks
of others.

securityintelligence.com Statement of Good Security Practices: IT system security involves protecting systems and information through prevention,
detection and response to improper access from within and outside your enterprise. Improper access can result in
information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems,

ibm.com/security/community
including for use in attacks on others. No IT system or product should be considered completely secure and no single
product, service or security measure can be completely effective in preventing improper use or access. IBM systems,
products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve
additional operational procedures, and may require other systems, products or services to be most effective. IBM does not
xforce.ibmcloud.com warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious
or illegal conduct of any party.

@ibmsecurity

youtube.com/ibmsecurity
Evolving enterprise architectures is forcing enterprises
to rethink their security approach
Previous Enterprise Architectures Current Enterprise Architecture Complexity

Cloud / Cloud / Cloud /

SaaS SaaS SaaS

Traditional Enterprise Cloud / Traditional Enterprise Cloud / Cloud / Cloud / Cloud /

Resources SaaS Resources SaaS SaaS SaaS SaaS

Legacy Network
Legacy Network • Threat prevention
• Threat prevention VPN • Policy enforcement VPN
• Policy enforcement • Monitoring and response
• Monitoring and response

On-premises Users / Endpoints Remote Users / Endpoints On-premises Users / Endpoints Hundreds / Thousands More Remote Users / Endpoints

Source: Scott Crawford, 451 Research, part of S&P Global Market Intelligence
ReaQta, leading AI-based
endpoint security provider

ReaQta’s endpoint security solutions leverage

AI to automatically identify and manage threats,
while remaining undetectable to adversaries

Endpoint Detection & Response

ReaQta-Hive unifies detection, response, and automated hunting

NANO OS AI-Driven Threat Hunting IDENTIFICATION

Live-hypervisor based monitoring Data-mining to find advanced threats
TRACKING
Managed Detection and Response (MDR) Services PROTECTION
24/7/365 ReaQta-MDR service

Single Agent, Multiple Deployment Options

HUNTING
Runs on desktop, server, cloud and mobile operating systems,
deploys as SaaS, on-premises or in air-gapped environments
MITRE MAPPING

IBM Security / © IBM Corporation 2021 23

About ReaQta

– Founded in 2014 by elite cybersecurity

professionals with deep AI / ML expertise Industry Recognition
– Headquarters in Amsterdam and Singapore – Gartner Cool Vendor – Enterprise Security
– 30+ employees in Network and Endpoint Magazine’s Top 10 Endpoint
Security, 2020 Security Solution Providers
in Europe, 2019 - 2020
– Frost & Sullivan’s
European Technology – EDR of choice from the 2020
Innovation Award for Cyber Security Agency of
– #1 in Attack Coverage – #3 in captured Behavioral Cyber Threat Singapore Cybersecurity
Detection, Europe - 2020 Industry Call for Innovation
per Alert Generated Telemetry
– #2 in Alerts Actionability – 90% of attack
“Endpoint Security without the
– #2 in Alerts Quality contained
extra headache or headcount!”
- Energy and Utilities Company

“Great to have a silent assassin

in your corner!” - Financial Company
IBM Security / © IBM Corporation 2021 24
ReaQta in action: Early Detection of Ransomware
By leveraging AI and automation directly on the endpoint, ReaQta detects Ransomware behavior and actively
mitigates threats in real-time

Key capabilities

• Detects unknown Ransomware

variants using a behavioral
engine

• Analyzes file activities and

access, if an encryption attempt
is detected and the process chain
is suspicious, the process is
blocked, and the encrypted files
are restored in real-time

• Uses signature-based protection

to target all known variants both
on-disk and in-memory

IBM Security / © IBM Corporation 2021 25