HAWTHORNE, NJ, and LAS VEGAS, NV--(Marketwired - Feb 24, 2014) - STEALTHbits Technologies, Inc., leading supplier of unstructured data and Microsoft infrastructure solutions, announced today the release of a new connector for IBM Security QRadar® SIEM. Unveiled at IBM Pulse2014, The Premier Cloud Conference, the new connector feeds QRadar real-time, detailed security and change event details from Active Directory (AD), Exchange, and File Systems using STEALTHbits' StealthINTERCEPT real-time change and access monitoring platform.
With this release, the StealthINTERCEPT Windows Activity Connector for QRadar will supply QRadar with broader, deeper, more surgical visibility into the change and access events occurring within AD, Exchange, and File Systems than native log facilities can provide alone, making the industry's already leading SIEM platform even better.
The primary problem organizations face in connecting SIEM applications directly to Microsoft event logs is that there's too much data, containing too little information. Active Directory Security Logs, for example, exclude critical change details made to Group Policy Objects; settings that could have far reaching affects from security and compliance to operations. Similarly, enabling diagnostic logging on Windows File Servers typically produces extensive resource overhead, causing servers to crash and outages to occur.
"StealthINTERCEPT is more than just a sound investment for QRadar customers, for anyone running Microsoft technologies... it's a must have. By injecting our interception technology directly into the OS security layer, StealthINTERCEPT is able to feed discreet and critical Active Directory security events into QRadar in real-time; you just can't get this from native logs. And since Active Directory is the hub of security in the Microsoft world, you really need this integration to get the big picture; without it, you're missing half the picture," said Kevin Foisy, Chief Software Architect, STEALTHbits.
The QRadar/StealthINTERCEPT integration provides:
- Real-time Interception - StealthINTERCEPT's kernel-level driver technology filters out the "noise", intercepting the critical events that matter most, while also reducing the application and system overhead that results from enabling native logging facilities.
- Surgical Analysis and Control - StealthINTERCEPT's built-in analysis and filtration capabilities enables administrators to feed just the events they care most about into QRadar, limiting the amount of data QRadar needs to digest and correlate.
- Early Detection - The feed QRadar receives from StealthINTERCEPT is provided in real-time, publishing and producing alerts via QRadar in just milliseconds from the time the event occurred.
- Extended Monitoring Visibility - StealthINTERCEPT provides details about changes and access events that simply aren't available via native logs, such as who modified a Group Policy Object, from where, when, and what the change actually was.
- Faster Remediation - Before and After value capture provides the full picture of what changed and what the previous value of the change was.
- Enhanced Identification - Additional details of who made the change including IP Addresses enhances QRadar's correlation capabilities with other events occurring elsewhere in the environment.
StealthINTERCEPT is already the market visionary on Active Directory, Exchange, and File System security monitoring and protection. With the additional context StealthINTERCEPT feeds to QRadar, customers will obtain a whole new level of insight into security threats and how malicious insiders and outsiders are gaining access to sensitive data and more.
The StealthINTERCEPT Windows Activity Connector for QRadar is now available worldwide.
For more information on the StealthINTERCEPT Windows Activity Connector for QRadar, visit www.stealthbits.com/QRadar
ABOUT STEALTHbits Technologies
STEALTHbits Technologies specializes in the management and security of unstructured data. STEALTHbits' solutions bridge the gap between Active Directory and unstructured data repositories, providing a previously unavailable view of how access is being granted and who has access to critical unstructured data resources like File Systems and SharePoint.
With this enhanced visibility, organizations of any size can efficiently and confidently:
- Identify, Isolate, and Remediate Open Access Risks
- Address high-visibility projects and initiatives like Identity & Access Management, and Active Directory Clean-up and Consolidation
- Fulfill Audit & Compliance requirements across multiple standards
- Obtain complete visibility into where and how access has been granted
Visit www.stealthbits.com for more information.