Cyber Resiliency with IBM QRadar and IBM Spectrum Virtualize for Public Cloud on Azure with IBM Copy Services Manager for Safeguarded Copy

An IBM Redpaper publication

thumbnail 

Published on 08 July 2022, updated 11 July 2022

  1. .EPUB (2.1 MB)
  2. .PDF (3.4 MB)

Apple BooksGoogle Play Books
Share this page:   

ISBN-10: 0738460621
ISBN-13: 9780738460628
IBM Form #: REDP-5685-00


Authors: IBM

    menu icon

    Abstract

    The focus of this Blueprint publication is to highlight the early threat detection capabilities of IBM® QRadar® and to show how to proactively start a cyber-resilience workflow in response to a cyberattack or malicious user actions.

    The workflow uses IBM’s Copy Services Manager as orchestration software to start IBM Spectrum Virtualize for Public Cloud (SV4PC) Safeguarded Copy functions. The IBM SV4PC Safeguarded Copy function creates an immutable copy of the data in an air-gapped form on the same IBM SV4PC on Azure for isolation and eventual quick recovery.

    This document describes the steps that are involved to enable and forward IBM SV4PC audit logs to IBM QRadar. It also describes how to create various rules to determine a threat, and configure and start a suitable response to the detected threat in IBM QRadar. This document also explains how to register a storage system and create a scheduled task by using IBM Copy Services Manager.

    Finally, this document also describes deploying IBM QRadar and SV4PC on Azure. A use case for protecting the MS SQL database (DB) volume that was created on IBM SV4PC is included. Upon threat detection on a database volume, Safeguarded Copy is started for IBM SV4PC volume. The Safeguarded Copy creates an immutable copy of the data. The same data volume can be recovered or restored by using IBM’s Copy Services Manager.

    Table of Contents

    Executive summary

    Scope

    Introduction

    Solution overview

    Lab setup

    Summary

    Authors

    Resources

     

    Others who read this also read