IBM Security QRadar SIEM and Cisco ASA
IBM QRadar Security Intelligence Platform integrates with Cisco Adaptive Security
Appliances to help customers with their most challenging use cases.
QRadar SIEM provides
• Integrated log, threat, compliance management
• Asset profiling and flow analytics
• Offense management and workflow
QRadar SIEM allows single pane troubleshooting of issues to create a Security
Operations Center. Its powerful rules engine correlates data, detects anomalies and
generates a manageable list of the highest priority risks requiring forensic investigation
and remediation. QRadar SIEM derives value by working with best of breed products.
Cisco ASA provides QRadar with a rich source of contextual data that can be correlated
with other data sources and used by our out of the box rules and reports.
Cisco ASA provides customers with end-to-end network intelligence. It helps
organizations to balance security with productivity, combining the industry's most
deployed stateful inspection firewall with comprehensive, next-generation network
security services, including:






Visibility and granular control of applications and micro-applications, with
behavior-based controls
Robust web security
Advanced threat protection with a comprehensive, highly effective intrusion
prevention system (IPS)
Highly secure remote access
Protection from botnets
Proactive, near-real-time protection against Internet threats
Cisco ASA helps enterprises fight advanced malware, control data and protect networks.
The following use cases are examples of how QRadar can leverage the value of ASA
which customers have already invested and deployed throughout their infrastructure.
IBM Security System and Cisco combine to enable customers to reach compliance and
security goals, and reduce the risk and severity security breaches.
1. External Threat Identified
A utility company with Cisco Application Security Appliances deployed
enterprise-wide is running QRadar. When QRadar receives Authentication
failures from the same IP address across multiple firewalls within 5 minutes,
followed by an authentication succeeded, QRadar generates an offense. When a
IBM Security QRadar SIEM and Cisco ASA
new user is added to the local database for the firewall, QRadar increases the
magnitude of the offense and the network analyst investigates.
2. Denial of Service attack avoided
A financial service organization’s ASA next gen firewalls sends a DOS event to
QRadar. When QRadar observes that there is an unusually high amount of traffic
on one of organization’s subnets, an offense is generated and the SOC analyst
takes action to ensure that all services remain available to customers.
3. Exploit of Web Server vulnerability avoided
A nation-wide retail organization is running QRadar and ASA. ASA send
QRadar an event alerting of a possible attack. Someone is attempting to spoof an
IP address on an inbound connection to the web server running the on-line
shopping application. QRadar generates an offense when the event is correlated
with a vulnerability on the Web server. The incident response team patches the
web server to eliminate the vulnerability immediately.
These examples show how QRadar can leverage the value of best of breed products you
have already invested in throughout your infrastructure and combine that to enable you to
reach compliance and security goals.
Integrating next generation ASA firewalls with QRadar enables the unprecedented
visibility and control. Support for Layer 3 and Layer 4 stateful firewall features,
including access control, network address translation, and stateful inspection, enables
organizations to keep existing stateful inspection firewall policies that are essential for a
host of compliance regulations, while adding Layer 7 context-aware rules that can act
intelligently on contextual information to be extended across the enterprise to meet
complex security threats. QRadar benefits from this rich source of data to correlate with
network traffic, asset vulnerability data and threat sources to alert of threats and breaches
improving the enterprise security posture.