Using QRadar for LGPD
-
Upload
khangminh22 -
Category
Documents
-
view
6 -
download
0
Transcript of Using QRadar for LGPD
IBM SecurityQRadar and LGPD
Caroline Fortunato
19 de julho de 2019
Client Technical Professional – Threat Management
IBM Security / © 2019 IBM Corporation
Extend clarity around incidents and risks with in-depth forensics data
Prioritized incidents
EmbeddedIntelligence
IDENTIFICATION
• Data collection, storage, and analysis
• Real-time correlation and threat intelligence
• Automatic asset, service and user discovery and profiling
• Activity baselining and anomaly detection
REMEDIATION
• Incident forensics
• Around-the-clock management, monitoring and protection
• Incident response
EXTENSIVE DATA
SOURCES
IBM QRadar component architecture
IBM QRadar Security Intelligence
IBM QRadar Data Node
IBM QRadar Processor
IBM QRadar Collector
Deployed in the cloud
IBM QRadar Network Insights
IBM QRadar Scanner
IBM QRadar Network Insights
IBM QRadarForensics
IBM QRadarPacket Capture
IBM QRadar Network Insights
IBM QRadar App Node
5
QRadarSecurity Intelligence Platform
DEPLOYMENTMODELS
USE CASES
ANALYTICSENGINE
UNLIMITEDLOGGING
ADVANCEDTHREAT
DETECTION
INSIDERTHREAT
DETECTION
RISK & VULNERABILITY MANAGEMENT
CRITICAL DATA& GDPR
INCIDENT RESPONSE
CLOUDSECURITY
COMPLIANCE
ON PREM AS A SERVICE CLOUD HYBRID
MACHINELEARNING
POWERFULSEARCH
BEHAVIORAL ANALYTICS
ARTIFICIAL INTELLIGENCE
THREATHUNTING
SECURITYANALYTICS
REAL TIME DETECTION & USER DRIVEN ANALYTICS
DATASTORE
ENDPOINTNETWORK INSIGHTSCLOUD
APPLICATIONS IDENTITYVULNERABILITIES
CONFIGURATIONASSETS3RD PARTY DATA STORES
IBM Security App Exchange
COLLABORATION PLATFORMS
X-Force Exchange
AUTOMATION DASHBOARDS VISUALIZATIONS WORKFLOWS REPORTING
QRadar App Framework underlies development and sharing
QRadar API Components
New
Analytics
Reports Data
SourcesNew
Properties
Event
Types GUI
App Assets
Threat
Intell
Rules
Searches
Responses
Behavoral
RulesDashboards
Reference
DataScanning
Incidents
Open APIs for rapid innovation and creation
Insider Threats Internet of Things Incident ResponseCybersecurityUse Cases
§ More flexibility and less complexity§ Economic and operational benefit§ Seamlessly integrated workflow§ Bundled components support new use cases
VALIDATED CONTENT
– Tested, validated content minimizing risk, ensuring consistency and quality
INNOVATION
– New agile capabilities from partners, IBM, Security research and other vendors
DIFFERENTIATION
– Enables service provider and business partner value add and differentiation
SPEED
– Jump start security operations with feature rich extensions and integrations
IBM Security App Exchange
A Platform for Security Intelligence Collaboration
Single collaboration platform for rapidly delivering new apps and content for IBM Security solutions
• Ensure the right to privacy and protection of personal data of users
• Establish clear rules on the processing of personal data
• Promote economic and technological development
• Establish unique and harmonic rules on the processing of personal data
• Promoting competition and free economic activity, including data portability
• Can result in fines of 2% of companies last year revenue
LGDP Regulamentation: What is it?
• The LGPD will regulate any activity that involves the use of personal data, including in digital media, by natural person or legal entity, in the national territory or in countries where the data are located
1. The data processing operation is carried out in the national territory;
2. The purpose of the treatment activity is the provision or supply of goods or services or the processing of data of individuals located in the national territory;
3. The personal data, object of the treatment, have been collected in the national territory.
LGDP Regulamentation: To who does it apply?
• Collecting data from the log sources where personal data can be registered, accessed, transmitted and stored;
• Correlating data to discover if sensitive data and personal data are being stored or transferred for other locations
• Correlating data to find personal data being accessed without users approval or permission
• Managing users that approve their data being stored and used for marketing and other digital merchandise and users that don´t
• Detect exfiltration or exfiltration attempts of personal data
How does QRadar can help?
Example use case: GDPR / LGPD§ Monitor Sensitive data sources§ Detects Users that should be
monitor due to request for data deletion
§ Reference Set to add list of monitored Users
QRadar API Components
Objected Users Internet of Things Incident ResponseGDPR Use Cases
§ Reports that shows users and data sources critical for GDPR and LGPD
§ Dashboards to monitor transactional activity
New
Analytics
Reports Data
SourcesNew
Properties
Event
Types GUI
App Assets
Threat
Intell
Rules
Searches
Responses
Behavoral
RulesDashboards
Reference
DataScanning
Incidents
Enabling greater flexibility and less complexity
Use Cases LGPD
User data being acessed after user asks for personal data to be deleted
User requests for personal data to be
deleted
Data is deleted from main system and kept
only for compliance
Attendants access data from users in list of
objected users
Offense is triggered
Use case LGPD: Data Being Accessed without users permision
QRadar principles that allow this use case to being met
Data Collection and Normalization
- QRadar Collects data for all log sources
- QRadar normalizes data collector into fields
- QRadar allows field creation and extraction of metadata that would not be parsed natively
Correlation Rules That Trigger and an action
- QRadar allow rules to be tested against data collected and generate offense
- If an rule is triggered, Qradar can start and action (Add a field or more fields to a list, send an email, generate an event and etc.)
Reference Data
- Reference data is a collection of lists that can contain predefined values or values added dynamically by rules
- Reference data can have one or multiples fields (Reference Maps, Refernce Tabel e etc.)
Step 1: User asks to be deleted from database
Logs collected and normalized by QRadar
Custom field extraction
• Personal Data Exfiltration: Use case already exists in QRadar and would need just some changes
• Personal Data Transmisted outside of country
• Remote Connection to Personal Data Servers
Use Case Examples
ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
© Copyright IBM Corporation 2019. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
FOLLOW US ON:
THANK YOU
ibm.com/security/community