White Paper
Data Capture and Network Forensics, State-of-the-Market: IBM Security QRadar Incident Forensics vs. Other Industry Tools
Date: 07/20/2014 Length: 15 pages Cost: $99.00

            Linked In    

The ability to capture, consume and correlate multifaceted data from all over the enterprise is a growing need. No single data source or type can provide sufficient forensic capabilities to solve all of today’s security problems. End user research conducted by ENTERPRISE MANAGEMENT ASSOCIATES (EMA) demonstrates that the data needs of security organizations are growing at breakneck speeds reaching volumes associated with Big Data. Log information from network and server infrastructure is no longer sufficient to provide a full picture. Security needs to process a broader and richer data set including network and Big Data repositories. Additionally, the security technology has to be able to correlate commonalities within those variant data streams to produce meaningful data trails and do it in as near to real time as possible. A 2013 study by Ponemon Institute identified that if a security incident can be resolved in less than 60 seconds, the remediation costs could be reduced by as much as 40%. 

Traditional log management tools do not contain the range of data or data mining and analysis capabilities to deliver true security analytics and forensics. Security Incident Event Management (SIEM) tools, provide more capabilities but are also insufficient for full forensic analysis. Fifty-three percent of EMA research respondents understood that Security Analytics and forensics tools augmented their SIEM tools and 46% understood that security analytics and forensics tools were a natural evolution of the traditional SIEM. A good rule to follow is that a SIEM should provide correlation, normalization and alerts on key events and have the ability to query the data to retrieve answers to complex questions about the specific environment. A security analytics solution is able to adapt to the activities and behaviors within its monitored environment providing improved visibility into activities and why they should be investigated. It can ingest non-standard log data types at Big Data proportions to provide visibility into abstract data relationships bringing attention to problems that operators and administrators hadn’ t even thought of.

The introduction of a forensics solution will provide the increased capabilities to reduce false positives and time spent per case, thereby increasing the incident response team’s ability to process the key highest risk incidents first and faster, and create a proper case file to manage all of the required data.

Having the capability of doubling the number of incidents the response team can resolve in minutes makes choosing the right solution imperative. This report evaluates security forensics tools from an operations standpoint and identifies IBM Security QRadar as a leader among those evaluated. The investigation discusses the evaluation criteria for 6 tools widely recognized for their support in forensics data gathering and processing, and provides evaluation input on several other tools.

~Former EMA Analyst - David Monahan

View Table of Contents
View Preview Document


EMA Services

IT Professionals

EMA can help you:

  • Support your decisions
  • Succeed with key projects
  • Align IT with the business

Learn More!

IT Vendors

EMA can help you:

  • Build the right product
  • Reach the right prospects
  • Establish market credibility

Learn More!

EMA Advisory Notes Service

An Affordable Way to Stay on Top of Key Trends & Industry Events

Subscribe now

EMA Premium Research Service

In-Depth Insight into IT Management Benefits, Challenges & Best Practices in the Enterprise

Subscribe now

©1996-2022 Enterprise Management Associates, Inc. All rights reserved.
EMA™, ENTERPRISE MANAGEMENT ASSOCIATES®, and the mobius symbol are registered trademarks or common-law trademarks of Enterprise Management Associates, Inc.
Site Terms & Conditions | Integrity Policy | Site Map | My Account
Subscribe to EMA RSS Feed