Cisco Security and IBM QRadar

IBM® Security delivers an integrated system of analytics, real-time defenses and proven experts, so you can make strategic decisions about how to safeguard your business.

Today’s threat landscape demands visibility, automation and contextual insights with a robust, open approach. IBM Security® QRadar® XDR provides a single unified workflow across your tools.

Product Integrations

Secure Workload: The IBM® QRadar®DSM for Cisco Secure Workload collects events from a Cisco Secure Workload platform.

Cyber Vision: Send security events detected by Cisco Cyber Vision on your industrial networks to the QRadar SIEM for a unified view on both IT and OT environments.

ISE: QRadar SIEM integrates with ISE to form a solution that combines leadership IBM Security Intelligence capabilities with valuable contextual information about users, identities, privilege levels, and device types including mobile and BYOD.

Secure Endpoint: QRadar + Cisco Security Endpoint. This integration protects your Windows, Mac, Linux, Android, and iOS devices through public or private cloud deployment. QRadar maintains Device Support Modules (DSM’s) to collect highly contextualized log information from Cisco Security Endpoint and parses it into QRadar. This enables security analysts to better understand the scope and veracity of threats for faster threat detection and response. Cisco Security Endpoint + QRadar enables analysts to quickly determine which events need priority, and also they can confirm the automated response – Quarantine – occurred according to policy.

Secure Malware Analytics: Cisco’s Malware Analytics App integrates with IBM’s QRadar SIEM, enabling analysts to quickly identify, understand and respond to system threats rapidly through the QRadar dashboard. This app combines advanced sandboxing, malware analysis, and threat intelligence into one unified solution. Malware Analytics + QRadar enables analysts to quickly determine possible malicious files that have been submitted to Malware Analytics within their environment and rapidly drill down from QRadar into the Malware Analytics unified malware analysis and threat intelligence platform for deeper analysis. Results from the sandbox analysis of Malware Analytics can be analyzed by QRadar to determine whether the potential threats within the organization are malicious or benign. Integrate the prevention, detection, and response of advanced threats in a single solution with IBM

Secure Firewall: IBM Security's QRadar SIEM solution uses the Firepower eStreamer API to collect a comprehensive set of events from Firepower deployments.

SecureX Threat Response: Cisco SecureX Threat Response provides the capabilities to right-click pivot from an IP Address in QRadar into an investigation in the Threat Response console and hover over 100+ property field types and query threat response for Verdicts.

Umbrella: The Cisco Cloud Security application for QRadar takes cloud security management to the next level. This app leverages Cisco Umbrella, Investigate API, and CloudLock to combine internet threat detection, cloud infrastructure security, cloud application visibility, DNS log analytics, and advanced contextual intelligence in a series of dashboards. Users are able to mitigate threats and investigate anomalies at the click of a button, ensuring workflows remain streamlined to stay ahead of future threats.