Sign up for our free IBM QRadar SIEM webinar

Get to know from our experts the reference SIEM solution and leader year after year in the market: IBM QRadar SIEM. One tool allows to separate the grain from the straw being able to correlate millions of events from servers, computers, network electronics and immense external knowledge bases such as IBM X-Force allowing us to prioritize and optimize the time and efforts of our cybersecurity analysts.

Anticipating sophisticated attacks requires a mature, powerful and flexible SIEM solution to implement the latest attack prevention and information theft methodologies. Given the enormous interest in this technology, we offer once a month an intensive course in webinar format taught in English and totally free.

The next edition will be on Monday, January 18, 2021 at 15:oo London, 10:00 New York

In this first webinar, we’ll talk about existing architectures, from All-In-One environments to the ability to deploy some or even all of the cloud infrastructure, protecting our environments on AWS, Azure, or Google Cloud. We’ll stop to discuss what’s new in the latest releases, multi-client environments, and the challenges of environment migrations and updates. We will discuss the philosophy of the product and how to make the most of its powerful rule engine. We will discuss solution costs, licensing options and discuss the latest success stories among our customers. This workshop is based on our popular cybersecurity analyst courses, QRadar SIEM management and advanced product usage. The webminar will be fundamentally practical and during it, we will perform various live demonstrations.

Online seminar agenda

  • Introduction of IBM QRadar SIEM
  • On-site and cloud solution architecture
  • What’s new in the latest versions
  • Improvements over competitors: Splunk, LogRhythm, Exabeam, Rapid7, Fireye
  • Product demonstration
  • Success stories
  • Open debate, pleas and questions.

Although it is an online seminar, places are limited. Sign up right now. We will send you an email a few days in earlier with all the details and information needed to connect.

 

Myths and truths about security in Red Hat OpenShift

Many of our customers are planning to start using Red Hat OpenShift, our preferred container orchestration platform. Its advantages can be summed up in that it allows a progressive modernization of existing applications and the deployment of many others that, for what to deny, with a design based on micro-services are imposed on many new IT architectures. Just thinking about never having to “prepare” a machine again (installing operating system, configuring network, security, installing libraries and dependent software) every time we want to deploy an environment justifies giving this technology a try.


Kubernetes
is to containers what OpenStack went to Cloud environments. An open source solution, which allows us to share a portion of the infrastructure available in our data centers: servers, networks, storage in resource pools on which to deploy, automatically various workloads. Through a self-provisioning portal, our developers will be able to not only deploy the environments they need to make their applications work perfectly, but also automatically and continuously verify that those applications are working properly. If a developer’s “commit” at the last minute of the day causes a bug, you can go back to the previous day’s version without anyone having to intervene.

If we add to this the ability to make gradual deployments, where a small percentage of users enjoy a new version of our application while the rest continue to use the latest stable version; high availability that works without any additional configuration, resource allocation (developers, memory, CPU, disk space, IP address assignment) per project, or the ability to measure in real time what part of our infrastructure we are using, at what level of efficiency and with what results, few system managers will say no to such a wonder. Not forgetting the ability to automatically scale applications by adding or removing containers as needed.

Luckily or unfortunately, noor all is in the hands of the system managers. What about security? What do CISOs think? Let’s to go over some “myths.”

OpenShift is tremendously safe by design. In our opinion, its basic technology (containers) is as secure as the Linux Kernel is at all times. That is, container processes are separated by linux kernel “namespaces”, the resources they use by “cgroups” and their security, and their context by SELinux. It’s powerful, yes, but we’re still sharing a kernel among many containers in each one. and the kernel needs to be patched, also for security reasons. The inclusion of RHCOS (Red Hat Core OS) has allowed us to make great progress in recent times in terms of the security of the operating system on which this Kubernetes distribution runs. However, since the RHCOS nodes are intended to operate with little change, it is important that any security-related improvements to those nodes are done with extreme care. it’s not going to be that we get the opposite effect.

The images we download are always verified and your code audited by Red Hat. Well, actually access to container images (downloaded or own) are managed in a similar way to RPMs. There are public or private repositories that we connect to, with their keys and their signatures. Vulnerabilities keep coming out every day so we need to have some kind of solution that monitors the contents of the container images available in our repositories, especially images downloaded and installed in our environment.

OpenShift supports JFrog Artifactory, Black Duck Hub, and Docker Trusted Registry. Red Hat CloudForms SmartState can also be used to mark vulnerable images in such a way that OpenShift prevents those images from being used. They are also useful for applications that perform static application security (SAST) testing and dynamic application security (DAST) testing, such as HP Fortify and IBM AppScan.

OpenShift has a robust and secure authentication system. Each OpenShift cluster actually uses user, group, and role accounts.

To manage each user’s access to OpenShift components and be able to verify each user’s identity, the cluster will connect to different identification providers (OpenID, LDAP, Active Directory, Github, etc.). Each of which will have its own configuration, advantages and disadvantages.

Isolation of networks and communications between OpenShift projects is sufficient. It is robust, because it is based on the network components of Kubernetes, but there are operators and plug-ins that can help us isolate the different networks or give dedicated accesses to certain network cards using technologies like SR-IOV. Plugins such as Multus-CNI that allow this and other functions, complementing the features of the Cluster Network Operator (CNO), the CNI’s “Container Network Interfaces” and CoreDNS .

Interested in knowing more about OpenShift? You may be interested in our three-day intensive Red Hat OpenShift 4.X course. We also offer official IBM training if you want to deploy IBM Power Systems servers.

 

Install IBM QRadar Community Edition 7.3.3 in ten minutes

After a long wait, the free version of IBM QRadar SIEM is finally available. This edition, called “Community” contains all the features of QRadar SIEM and requires little memory (works with just 8 or 10GB) compared to the at least 24G required for a minimum commercial version environment. It also includes a license that does not expire and allows you to install all kinds of plugins and applications. The objective is its private use for learning, demos, testing and fundamentally, development of applications compatible with QRadar. That’s why its capabilities are limited to managing up to 50 events (logs) per second and 5,000 network packets per minute, which isn’t bad :)

Keep in mind that one of the main drawbacks that does not bring support for all devices and environments of the commercial version. If we want to monitor a database, or a firewall, we will need to install each of the modules manually

What are the hardware requirements?

  • Memory: 8GB RAM or 10GB if apps are installed, i.e. a modern laptop can run.
  • Disk: 250 GB although our experience tells us that with about 30G is enough for ephemeral environments. Space is being used as SIEM is kept in use. If virtual machines are created and destroyed for short tests, it doesn’t take that long.
  • CPU: 2 cores, but 4 or 6 would be even better.
  • Network: Internet access, a private network, and FQDN hostname.

How do I install it?

IBM provides for this version an image in downloadable OVA format from this link. We no longer have to launch the installer on a CentOS system created by us and with the usual small bugs to correct, which is appreciated. Just have to create an IBM account, something that can be done on the spot and for free. The OVA image can be deployed to VMWare, KVM, or VirtualBox.

The installation process is quick and simple as shown in the following video:

 

New Free QRadar CE version 733New Free QRadar CE version 733

After which, you can start exploring and working by following the clues available in the”Getting started guide”

Once the environment is up and running, you can install applications

QRadar CE 733 Add an App from the App ExchangeQRadar CE 733 Add an App from the App Exchange

And even monitor the network of our house: phones, laptops, home automation systems, etc.

Use The Free QRadar CE to Monitor your Home's Network (flows)Use The Free QRadar CE to Monitor your Home's Network (flows)

Want to know more about IBM QRadar SIEM?

We offer professional services (consultation, deployment and support), official courses and certification bootcamps. Contact us without obligation.

 

Certified QRadar Analyst SIEM 7.3.2 C0003502 training

Which IBM QRadar SIEM certification shall I choose?

QRadar SIEM is a comprehensive network security management platform that provides policy compliance support and context by combining knowledge of network flows, correlation of security events, and assessment of vulnerabilities in connected systems. In QRadar there are three certifications oriented to different roles within the product and that have been updated in July 2019.

IBM Certified Associate Administrator IBM QRadar SIEM V7.3.2

Scan “IBM Security QRadar SIEM V7.3.2 Fundamental Administration”. Test C1000-026

This is an entry-level certification for system administrators responsible for maintaining QRadar platforms. The ability to provide basic support as well as ibm Security QRadar SIEM V7.3.2 technical knowledge is evaluated. This includes the implementation and management of the solution set. Administrators should also be familiar with the capabilities of the product. The ability to plan, install, configure, deploy, migrate, update, monitor, and resolve simple issues is measured.

IBM Certified Associate Analyst IBM QRadar SIEM V7.3.2

Upgrade IBM QRadar SIEM V7.3.2 Fundamental Analysis. Test C1000-018

This entry-level certification is intended for security analysts who want to validate their knowledge in IBM Security QRadar SIEM V7.3.2. Analysts will need to master the basics of networking, security and SIEM and QRadar. The ability to use the product correctly (already installed and configured) is evaluated, including the use of the graphical environment for rule management, security incidents, reporting, and correlations of events and network flows.

IBM Certified Deployment Professional – IBM QRadar SIEM V7.3.2

Test IBM QRadar SIEM V7.3.2 Deployment. Test C1000-018

This is without a doubt the most complex certification of the three. Primarily aimed at security architects, technical pre-sales and staff who perform QRadar professional services for the various IBM Business Partners. These individuals will be responsible for planning, installing, configuring, optimizing performance, tuning, troubleshooting, and managing IBM QRadar SIEM in version 7.3.2. The ability to complete any task with little or no help with documentation, colleagues or support from the manufacturer is evaluated.

Which one to choose?

Our recommendation is to start with the administrator or analyst exam, depending on your role. We have several courses, seminars and intensive workshops that will help you prepare them. If you do not know anything about the product, we recommend you perform the official training of analyst and administrator that we also teach.

IMPORTANT Until September if you use the HUCSECURE code you will get a 50 discount when you register for the exam.

 

Critical Vulnerability in Siemens STEP 7 TIA Portal

What happened?

A critical vulnerability has been found in Siemens STEP 7 TIAPortal, one of the most widely used design and automation programs for industrial control systems (ICS) worldwide. Users are urged to confirm that their systems have been upgraded to the latest version.

The critical vulnerability has been discovered by Tenable Research and would allow an attacker to take administrative action.

What’s the attack vector?

Jumping the authentication mechanism on the TIA Manager server through the node.js server web sockets

What is the impact on the business?

An attacker could compromise a TIA Portal system and use its access to add malicious code to adjacent industrial control systems. Attackers could also use the access gained through exploiting this vulnerability to steal sensitive data in existing OT configurations to continue progressing and plan attacks targeting critical infrastructure.

In the worst case, a vulnerable TIA Portal system can be used as a springboard in an attack that causes catastrophic damage to the OT team, disrupts critical operations, or conducts cyber espionage campaigns.

What’s the solution?

Siemens has released an update and security notice for this vulnerability.

Should I be worried?

Modern industrial operations often encompass complex IT and OT infrastructures, with new security challenges for critical environments, while making cybersecurity threats even more difficult to detect, investigate, and remedy.

Solutions?

OT/ICS/SCADA monitoring and management services have become easier thanks to our solution based on a QRadar SIEM and Indegy ICS.

SiXe Ingeniería
×