a Attivo ThreatMatrix Deception and Response Platform Integrates with IBM® QRadar® Security Intelligence Platform - Attivo Networks
Support Login.

seven + 19 =

 

Attivo ThreatMatrix Deception and Response Platform Integrates with IBM® QRadar® Security Intelligence Platform

IBM® QRadar® Security Intelligence Platform provides a unified architecture for integrating security information and event management (SIEM), log management, anomaly detection, incident forensics, incident response, and configuration and vulnerability management. It uses an advanced Sense Analytics Engine to detect advanced threats while providing greater ease of use and lower total cost of ownership.

 

integration_qradar

IBM QRadar Security Intelligence Platform delivers:

  • A single architecture for analyzing log events, netflows, network packets, vulnerabilities, user and asset data.
  • Real-time correlation employing Sense Analytics to identify high-risk threats, attacks and security breaches.
  • Prioritization of high-priority incidents among billions of daily data points received.
  • Proactive analysis of existing risks due to device configurational issues and known vulnerabilities.
  • Automated incident response.
  • Automated regulatory compliance with data collection, correlation and reporting capabilities.

These products integrate with the Attivo ThreatMatrix BOTsink solution for a stronger adaptive defense. The integration allows

  • The BOTsink engagement server to query the Qradar solution for failed logon errors as the users seek to use Attivo deception credentials to log in.
  • The BOTsink solution will identify and alert on the infected end-point, time stamp it, and provide attack information which can be used to block and quarantine an attack.
  • The BOTsink analysis engine can automatically feed the Qradar solution attack information from attacks that have been analyzed and detected by the ThreatMatrix platform enhancing an organization’s ability to address stolen credential threats.