Advanced IBM Qradar Incident Forensics enterprise information system cyber incident investigation technology
DOI: 10.31673/2409-7292.2021.031723
DOI:
https://doi.org/10.31673/2409-7292.2021.031723Abstract
The paper analyzes the problem of cybersecurity of the corporate information system and identifies the place, purpose and objectives of the investigation of cyber incidents of the corporate information system. The analysis of existing technologies of investigation of cyber incidents of the corporate information system is carried out. Methods and means of investigating cyber incidents of the corporate information system based on the IBM QRadar Incident Forensics solution are studied. The purpose, main functions and composition of the IBM QRadar Incident Forensics complex are determined. Based on the research conducted in the work, a variant of the technology of investigation of cyber incidents of the corporate information system and recommendations for the application of this technology in the enterprise have been developed. The technology of integration of IBM QRadar SIEM and IBM QRadar Incident Forensics is studied, the application of which increases the efficiency of the specialists of the Center for Cyber Security Management of the corporate information system.
Key words: corporate information system, cybersecurity, cyber incident, cyber incident investigation.
References
1. X-Force Threat Intelligence Index 2020. Produced by IBM X-Force Incident Response and Intelligence
Services (IRIS) [Електронний ресурс] – Режим доступу: https://www.ibm.com/security/digital-assets/xforce-threatintelligence-index-map/#/.
2. IBM Security QRadar Incident Forensics Network visibility to help rapidly and thoroughly investigate malicious activity [Електронний ресурс] – Режим доступу: https://www.ibm.com/downloads/cas/AZ0KAOK5.
3. IBM QRadar Incident Forensics. Version 7.4.2. Installation Guide, 44 p. [Електронний ресурс] https://www.ibm.com/support/knowledgecenter/SS42VS_7.4/com.ibm.qradar.doc/b_forensics_ig.pdf?view=kc.
4. QRadar Incident Forensics installation components. IBM Knowledge Center [Електронний ресурс] https://www.ibm.com/support/knowledgecenter/SS42VS_7.4/com.ibm.qradar.doc/c_qif_ig_cmpts.html.
5. IBM QRadar Incident Forensics. Version 7.4.2. User Guide, 54 p. [Електронний ресурс] https://www.ibm.com/support/knowledgecenter/SS42VS_7.4/com.ibm.qradar.doc/b_forensics_ug.pdf?view=kc.
6. Ішметов І.С. Технологія розслідування кіберінцидентів корпоративної інформаційної системи на базі рішення IBM QRadar Incident Forensics / І.С. Ішметов // Всеукраїнська наукова конференція «Актуальні проблеми кібербезпеки». Тези доповідей. 22 жовтня 2020 року, м. Київ – с. 46-49.
