April 14, 2023
QRadar XDR Live on CP4S SaaS Platform
See It - SOAR-XDRC- Ransomware Watch a video demonstration of the IBM QRadar Ransomware use case being delivered
The objective of this demo is to highlight how you can use QRadar SOAR and XDR Connect running on Cloud Pak for Security to detect and respond to a ransomware attack. Cloud Pak for Security can run on-prem or in the cloud. You can use it to integrate your existing infrastructure without ripping any part and leaving security data at the source. Thus, your current investments in EDR, SIEM, and other security tools are better seamlessly integrated, and your security analyst can do all work from the single the QRadar XDR console.
The Cloud Pak for Security platform can host multiple apps that security analysts can use in daily work. In this demo, we are focusing on Threat Intelligence Insight, Data Explorer, and SOAR app and leveraging the integrations with data from the following sources: - AWS - Guardium - Azure Sentinel - QRadar - Carbon Black - Splunk - Elastic Search The solution also leverages SOAR integration with Active Directory and Ansible scripts to integrate with endpoints. Those integrations can help to orchestrate a response to discovered security incidents. For this ransomware demo, we are using Ryuk ransomware which was very hot topic in 2020 and beyond.According to the securityintelligence.com1:The Ryuk ransomware operators continue to target critical infrastructure and extract high ransom payments from vulnerable groups, including an attack on a large health care organization.
The victims are 90,000 employees and around 400 hospitals, outpatient clinics,and behavioural health centres. Other Ryuk ransomware victims include several oil and gas companies, a U.S. agency, a large engineering and construction services firm, city and county government, a financial software provider, a food and drink manufacturer, a newspaper. In June 2020, the FBI issued an alert warning that Ryuk ransomware operators were targeting K-12 educational institutions.The cybereason.com2 stated that according to federal investigations, since its inception, Ryuk has been used to target large organizations to great effect, having accumulated as much as$61.26 million in ransom payments.Let's show how the SOAR and XDR Connect on Cloud Pak for Security platform detects and responds to ransomware attacks.