Despite the growing number of security events that corporations are facing today – and the bevy of technology solutions designed to help security teams mitigate risk – determining the root cause of an incident is still a significant challenge. According to IDC’s EDR and XDR 2020 Survey, about 17% of alerts simply aren’t investigated, despite teams spending hundreds of hours per week on the task. Why? It’s hard work.
While Security Information and Event Management (SIEM) software is great at alerting security professionals to potential problems, enriching those alerts with the data needed to take corrective action is a tedious, time-consuming process. The more alerts teams receive, the harder it is to keep up. All their time is spent focused on addressing what they deem high-priority events – but failing to investigate all events increases risk and could potentially expose an organization to a serious threat.
To combat this problem, a proactive stance is necessary. Imagine having access to all of the data you need to analyze every threat, determine its root cause, and take corrective action as soon as you receive an alert. While your SIEM tool alone may not be able to provide this level of insight, through integrations, it’s now possible.
Contextualize Security Events & Incidents with IT Asset Data
Lansweeper tackles this problem by integrating seamlessly with many SIEM/SOAR solution providers, and we recently released a collaborative development effort with IBM. The two companies are working together to develop a new app, Lansweeper App for QRadar. The app leverages IBM Security™ QRadar®, IBM’s SIEM solution, and its open application programming interfaces (APIs) to enrich offense notes with complete, always-accurate IT asset data.
QRadar helps security teams detect, prioritize and respond to threats across the enterprise by automatically analyzing and aggregating log and flow data from thousands of devices, endpoints, and apps across the network. It then provides alerts to speed incident analysis and remediation. A key feature of QRadar is the ability to investigate “offenses” to determine the root cause of a network issue. By enriching offense notes with Lansweeper data, Lansweeper App for QRadar will enable security teams to rapidly identify and investigate potential security threats faster, determine the root cause of the issue, gain actionable insights and make data-driven decisions about how to mitigate risk.
Connect to other systems
The Lansweeper Platform connects right into your existing technology stack so you can fuel every IT scenario with up-to-date, accurate data. Leverage data and insights where needed most: auto-populate your CMDB, improve your IT Service Management, enrich security incident alerts, strengthen your Attack Surface Management, and so on. No matter what the IT scenario, the data is there, it’s accurate, and it’s ready to use.
How Does it Work?
Lansweeper App for QRadar enables event data to be combined with contextual information from Lansweeper about users, assets, and vulnerabilities, which can be analyzed for insights that enhance network security event monitoring, and user activity monitoring, and compliance reporting. It uses the IP/MAC address to fetch Lansweeper enrichment data and populate the information in SIEM alerts. This enables security analysts to access contextual data right from within their SIEM solution, eliminating the need to spend time and effort chasing that information down.
Lansweeper’s deep scanning engine and credential-free device recognition (CDR) technology continuously scan the network, automatically detecting and identifying all connected hardware and software assets, including rogue devices and “shadow” IT. Data gathered includes information about installed software, users, location, and more. With this data readily accessible in QRadar’s offense notes, security professionals will substantially reduce the time it takes to isolate and address security incidents while gaining the information they need to take the next right action.
“SIEM solutions aggregate event data produced by security devices, network infrastructure, systems, and applications, and while the primary data source is log data, SIEM technology can also process other forms of data, such as IT Asset data from Lansweeper,” said Cassandra Lloyd, Partner Alliance Manager at Lansweeper. “With Lansweeper data delivered automatically along with QRadar alerts, users save time and effort while gaining the insights they need to rapidly isolate affected assets, accelerate remediation and minimize potential damage.”
Lansweeper App for QRadar is freely available to the security community through IBM Security App Exchange, a marketplace where developers across the industry can share applications based on IBM Security technologies. By downloading the app, users will gain the option to configure QRadar to establish connectivity with Lansweeper, enabling up-to-the-minute, complete, and accurate IT asset data to flow effortlessly into the QRadar solution and automatically enrich offense notes.
A Collaborative Approach to IT Security
As security threats continue to evolve at a record pace, collaborative development amongst the security community will help organizations adapt quickly and speed innovation in the fight against cybercrime. Lansweeper QRadar integration is just one example of how our solution can be used to enhance the functionality of leading SIEM/SOAR solutions.
Through an extensive API library, Lansweeper can integrate seamlessly with your existing technology stack. Learn more about our available integrations here.
Connect to other systems
The Lansweeper Platform connects right into your existing technology stack so you can fuel every IT scenario with up-to-date, accurate data. Leverage data and insights where needed most: auto-populate your CMDB, improve your IT Service Management, enrich security incident alerts, strengthen your Attack Surface Management, and so on. No matter what the IT scenario, the data is there, it’s accurate, and it’s ready to use.