IBM Security App Exchange - Digital Guardian App for QRadar
Data Loss Prevention (DLP) and Advanced Threat Protection (ATP) are two of the most cutting edge technologies that are currently available in the cyber security market. One of the industry leading vendors in this space is Digital Guardian, who provide technologies to combat both ATPs and DLP, however introduction of additional solutions can provide a headache to Security teams as it gives them another interface to monitor during a security incident.
IBM and Digital Guardian however have created a seamless integration, meaning security teams don’t have to check numerous interfaces to gather the necessary information about a security incident, they can get it all from QRadar.
As with most security tools, Digital Guardian is capable of forwarding syslog to QRadar, and this forms the basis of the strong integration. The application was developed by the Digital Guardian team, and it can drastically help the security teams to detect and mitigate threats around DLP and ATP events through the use of interactive charts which give an in-depth and dynamic view of the environment.
The Digital Guardian App for QRadar gives users access to the following tabs:
- Agent Action
These tabs are typically only found within Digital Guardian, and the power of having this functionality within QRadar gives security teams the ability to conduct an investigation from one centralised console, saving time and effort during security incidents when every second can count.
The DLP dashboards give the user a whole host of benefits, including:
- A visual representation of all DLP related events within the network, as well as alert data from Digital Guardian
- Contains chart-based and columnar text-based information about all DLP activity
- Provides cross-linkage, selecting an element in one chart will cause the remaining charts to re-query around that specific filter
- Export to Excel option, export query results in CSV format
- Allow users to enter a reason for blocking and quarantining devices
Adding the Digital Guardian App into QRadar, also gives the user access to the Advanced Threat Protection Dashboard, which can provide a whole host of benefits:
- Provides a visual representation of all ATP related events that are seen in your network, as well as alert data from Digital Guardian management Consultant to be available in the QRadar interface
- Provides chart-based and columnar text-based chart information regard ATP activity that has been identified on Digital Guardian protected endpoints
- Provides cross-linkage, allowing a user to select an element in one chart and have the remaining charts to re-query around the selected filter
- Export to excel, giving you the option to export query results into a CSV file to work with further
- Text Entry Box gives the user the ability to enter the reason why a machine was blocked or quarantined
Being able to complete agent actions from the QRadar interface is a huge benefit to Digital Guardian customers, meaning they don’t have to constantly change between different UIs when time is of the essence in a security incident. There are a number of benefits to the agent actions:
- Provides review agent actions submitted from the QRadar SIEM to the DGMC in a columnar list format
- Ability to export query results to CSV, allowing for further data manipulation
- A list breakdown which displays each “action” into columns of time/date of request, IP address of the requested machine, Submitted from DLP/ATP, Requester (User ID), Reason for action (comments)
Adding the Digital Guardian Application into QRadar, gives users a number of features that help speed up investigations and stop the constant movement between different user interfaces. With the integration being simple and easy to complete, this is an integration that would benefit any organisation.