AI+SOC 安全产品概览（一）IBM QRadar 与 X-Force 系列

1. QRadar 系列

（1）组成部分：

• 日志数据管理 QRadar Log Insights: A new, cloud-native log management and security observability solution providing simplified data ingestion, sub-second search and rapid analytics. It leverages an elastic security data lake optimized to collect, store and perform analytics on terabytes of data with greater speed and efficiency. It is designed for cost effective security log management alongside federated search and investigation.
• 威胁监测和快速响应 -  QRadar EDR and XDR: Helps companies protect their endpoints against previously unknown, zero-day threats – using automation and hundreds of machine learning and behavioral models to detect behavioral anomalies and respond to attacks in near-real time. It leverages a unique approach that monitors operating systems from the outside, helping avoid manipulation or interference by adversaries. For companies looking to extend their detection and response capabilities beyond the endpoint, IBM also offers XDR with alert correlation, automated investigation, and recommended responses across network, cloud, email, and more, as well as managed detection and response (MDR).
• 响应流程编排 - QRadar SOAR: Recent winner of a Red Dot Design Award for interface & user experience; helps organizations automate and orchestrate incident response workflows and ensure their specific processes are followed in a consistent, optimized and measurable way. It includes 300 pre-built integrations and offers out of the box playbooks for responding to 180+ global data breach and privacy regulations.
• 实时多维度分析和告警 - QRadar SIEM: IBM's market leading QRadar SIEM has been enhanced with the new unified analyst interface which provides shared insights and workflows with broader security operations toolsets. It offers real-time detection, leveraging AI, network and user behavior analytics, and real-world threat intelligence built to provide analysts with more accurate, contextualized and prioritized alerts. IBM also plans to make QRadar SIEM available as a service on AWS by the end of Q2 2023.

（2）特点：

• 威胁调查/挖掘 Threat investigation - Threat Investigator works with Case Management to find cases that warrant an investigation and automatically starts investigating. The investigation fetches artifacts attached to the case and starts data mining. After Threat Investigator completes several rounds of data mining, it generates a timeline of the incident that consists of MITRE ATT&CK tactics and techniques plus a chain graph of the incident.
• 基于云架构 Delivered as SaaS on AWS - The SaaS on AWS delivery method allows you to get up and running quickly, without the need for ongoing updates or management. It enables you to focus on patching important vulnerabilities and reviewing anomalous conditions.
• 联合搜索 Federated search - Federated search allows you to search data in the cloud or on premises in a single, unified way. You can break down data silos and unlock cross-functional insights with an intuitive search experience that requires no data movement, freeing up IT resources.
• 数据主动上送和调阅相结合的数据搜集 Data collection - Data collector makes it possible to get telemetry data set up and ingest with just a few clicks. It supports many protocols, including passive and active. Passive protocols listen for events on specific ports while active protocols use APIs or other communication methods to connect to external telemetry that poll for events.
• 监测和响应集中管理 Detection and response center - 略
• 打通平台，用户使用一致化 Unified user experience - 略

2. XForce 服务

IBM X-Force Security Services | IBM

（1）漏洞识别、分级服务 X-Force Red offensive security services
Identify, prioritize and remediate exploitable vulnerabilities exposing your most important assets to cyber attackers.

（2）事件监测和响应服务 X-Force IR defensive security services
Detect, contain and recover from attacks with incident response (IR) preparedness and 24x7 emergency IR services to reduce breach impacts.

（3）威胁相关服务 X-Force threat intelligence services
Dark, empty conference room with desktop computers and large projector screen
Make security decisions based on threat research from global security intelligence experts who provide industry-leading analysis.