Validate your solution integration against IBM Security products. Each of the following tracks provides information and resources to assist you with your product integration options. The integrated solution examples for each track show the types of solutions offered by Business Partners.
IBM security intelligence solutions harness the security-relevant information across your organization, applying advanced intelligence to help you detect threats faster, prioritize risks more effectively, and automate compliance activities.
QRadar Log Manager and QRadar SIEM
The IBM Security intelligence and analytics track describes the integration of security events, assets, vulnerabilities, and configuration information to the QRadar Security Intelligence platform. This track also helps provide a higher level of integration, pre-release updates of events, and joint troubleshooting between vendors.
The vendor relationship helps to create an engineering, support, and product level connection where they can share information for the benefit of our joint customers. This connection encourages product vendors to write and update setup documentation, establish fast and efficient data feeds, and engage in joint testing and training between vendors.
In many cases, there is bi-directional integration between products and even multiple integration points between products.
With our Business Partners, we are able to deliver more powerful correlation across the security data because our IBM Security Intelligence and Analytics community have integrated their products with enhanced formats for data transfer including:
These are the most common forms of integration with QRadar. Other integration opportunities can also be investigated during the validation process.
Depending on your type of integration, you and IBM will use the following documentation:
Integrate your events with QRadar reporting. You will use your product logs, in LEEF format, as input to this integration. Your IBM integration contact will provide the following documents to assist you with the technical validation:
Asset and vulnerability management integration
Asset information from scanners, MAC products, topology products, and configuration management databases (CMDBs) are examples of data sources for this type of integration. Your IBM integration contact will provide the following documents to assist you with the technical validation:
Right click integration
This feature enhances the right-click menu for event and flow viewers. On the IBM Security QRadar SIEM Console appliance, you can add more actions, such as an option to view more information about the source IP or destination IP.
Enhancing the right-click menu for event and flow viewers (209KB)
QRadar REST API integration
This API provides the ability to interact with QRadar SIEM to perform actions and receive data.
Learn more about intelligence and analytics
IBM Security QRadar Incident Forensics
IBM Security QRadar Incident Forensics enables you to retrace the step-by-step actions of a potential attacker and quickly and easily conduct an in-depth forensics investigation of suspected malicious network security incidents. It reduces the time it takes security teams to investigate offense records, in many cases from days to hours or even minutes. It can also help you remediate a network security breach and prevent it from happening again.
IBM Security solutions can help organizations mitigate the risks from unauthorized access and support an effective Identity and Access Management governance strategy.
Access Manager for Mobile
IBM Security Access Manager for Mobile provides mobile access security protection in a modular package. It addresses mobile security challenges by proactively enforcing access policies for web environments and mobile collaboration channels. Highly scalable and configurable, IBM Security Access Manager for Mobile is available as a virtual or hardware appliance to provide faster time to value and lower total cost of ownership.
IBM Security Access Manager for Mobile is one of the two modular offerings available in IBM Security Access Manager appliance. The other modular offering in IBM Security Access Manager appliance is IBM Security Access Manager for Web.
IBM Security Access Manager for Web provides a common security platform for many different application architectures. Use these resources to learn about the most common integration methods that you can use as models for your solution.
This IBM Security product delivers a simple, flexible, and complete identity and access management solution at the enterprise end points. It combines enterprise single sign-on with strong authentication, audit, and compliance services, while integrating seamlessly with provisioning and directory services with no change to your existing infrastructure.
Technical validation with this product involves implementing interoperability with strong authentication solutions with the following possible integrations:
To use serial ID tokens for authentication with IBM Security Access Manager for Enterprise Single Sign-On, a reader device that can read the token IDs typically needs to be integrated with this IBM Security product. To enable hardware vendors and Business Partners to integrate such readers with this IBM Security product, IBM has published a Service Provider Interface (SPI), called Serial ID Reader SPI.
IBM Security Directory Integrator synchronizes identity data residing in directories, databases, collaborative systems, applications used for human resources (HR), customer relationship management (CRM), enterprise resource planning (ERP), and other corporate applications.
By serving as a flexible, synchronization layer between a company's identity structure and the application sources of identity data, IBM Security Directory Integrator eliminates the need for a centralized data store. For those companies that choose to deploy an enterprise solution, this IBM Security product can help ease the process by connecting to the identity data from the various repositories throughout the organization.
The following are possible integration methods and interfaces:
IBM Tivoli Federated Identity Manager provides the necessary framework to support standards-based, federated identity management between enterprises that have established a trust relationship. This product provides capabilities in the areas of federated single sign-on, web services security management, and identity management for service-oriented architecture (SOA) components across the enterprise.
Tivoli Federated Identity Manager provides a number of custom extension points that enable third parties to implement their own logic for various features. These include, but are not limited to, the following modules:
The IBM Security Identity Manager server has a layered, modular design that is composed of:
There are many possible integration methods since IBM Security Identity Manager provides a common Identity Management platform for different application architectures:
IBM Security Privileged Identity Manager secures, automates, and audits the use of privileged identities to help thwart insider attacks and improve security. It reduces the number of privileged accounts required by an organization and streamlines user access requests for increased productivity. A virtual appliance option and redesigned user interface makes IBM Security Privileged Identity Manager simple to install and manage. The optional Privileged Session Recorder tool records privileged user endpoint activities for improved visibility and security compliance.
IBM can help you establish a holistic approach to secure structured, unstructured, online, and offline data across the enterprise.
IBM Application Security solutions can help you deliver and maintain secure mobile and web applications by enabling you to build layers of protection throughout all phases of the development and operations lifecycle.
Identify, prioritize, track, and remediate critical security vulnerability and compliance demands; help reduce costs associated with manual vulnerability testing; and help to protect against the threat of cyber attack by automating security analysis to detect exploitable vulnerabilities.
Get a web application vulnerability testing and reporting solution that goes beyond application security testing to provide a holistic platform for application risk management and governance. This product also provides enterprise-level visibility into application security and regulatory compliance risks.
Prevent data breaches by locating security flaws in application source code. AppScan Source automates static analysis security testing to identify and remediate vulnerabilities in source code while helping security and development teams strengthen application security, protect confidential data, and improve compliance.
You can enhance AppScan Source with domain and programming language specific integrations, such as Advanced Business Application Programming (ABAP) support for SAP, or use the AppScan Enterprise REST API to collate vulnerability information to feed into your web application firewall to mitigate application vulnerabilities on your network.
IBM Infrastructure protection solutions provide in-depth security across your network, servers, virtual servers, mainframes, and endpoints.
The IBM Security Network Intrusion Prevention System Virtual Appliance, is a part of the IBM Adaptive Threat Protection platform. It offers the advanced preemptive protection of our NIPS in a virtual security appliance.
Powered by IBM X-Force research, it operates on virtual platforms to protect both physical and virtual networks with the same high level of security. As a virtual appliance, it is an ideal security solution for cloud services with the ability to secure traffic between virtual machines and enabling flexible deployments in multi-tenant virtual environments.
Note that the IBM Security Network Protection (ISNP) Appliance is also known as IBM XGS Appliance; both names may be used within the product guides.
Learn more about the IBM Security Network Protection XGS integration framework
If you are interested in integrating with security products on the infrastructure track, contact firstname.lastname@example.org.