Proactive Early Threat Detection and Securing SQL Database With IBM QRadar and IBM Spectrum Copy Data Management Using IBM FlashSystem Safeguarded Copy

Blueprint

thumbnail 

Published on 14 October 2022

  1. .EPUB (1.2 MB)
  2. .PDF (3.8 MB)

Apple BooksGoogle Play Books
Share this page:   

ISBN-10: 0738460850
ISBN-13: 9780738460857
IBM Form #: REDP-5691-00


Authors: Tejas Sapkar and Shashank Shingornikar

    menu icon

    Abstract

    This IBM® blueprint publication focuses on early threat detection within a database environment by using IBM QRadar®. It also highlights how to proactively start a cyber resilience workflow in response to a cyberattack or potential malicious user actions.

    The workflow that is presented here uses IBM Spectrum® Copy Data Management as orchestration software to start IBM FlashSystem® Safeguarded Copy functions. The Safeguarded Copy creates an immutable copy of the data in an air-gapped form on the same IBM FlashSystem for isolation and eventual quick recovery.

    This document describes how to enable and forward SQL database user activities to IBM QRadar.

    This document also describes how to create various rules to determine a threat, and configure and start a suitable response to the detected threat in IBM QRadar.

    Finally, this document outlines the steps that are involved to create a Scheduled Job by using IBM Spectrum® Copy Data Management with various actions.

    Table of Contents

    About this document

    Executive summary

    Scope

    Introduction

    IBM FlashSystem Safeguarded Copy function

    Solution overview

    Use cases

    Lab setup

    IBM FlashSystem

    Brute force attack on a database

    Ransomware attack simulation

    Summary

    Authors

    Resources

     

    Others who read this also read