IBM QRADAR SOAR

IBM Security® QRadar® SOAR, formerly Resilient®, is designed to help your security team respond to cyberthreats with confidence, automate with intelligence and collaborate with consistency. It guides your team in resolving incidents by codifying established incident response processes into dynamic playbooks. The open and agnostic platform helps accelerate and orchestrate their response by automating actions with intelligence and integrating with other security tools.

Use

Respond confidently

Align your team's incident response and increase collaboration by giving them visibility into incident progression, receiving timely notifications, and assigning tasks to team members, including key stakeholders from business units such as IT, legal and HR.

Empower your team to respond more efficiently

Orchestration and automation capabilities build dynamic playbooks that enable your team to adapt faster based on new incident information and focus on high-level investigations by reducing repetitive tasks. The power of the SOAR system is amplified through numerous security tool integrations.

Bridge silos between security and IT teams

Maintain compliance through the robust case management capabilities of a SOAR system. Your team can keep track of security incidents, meet tight audit deadlines, and extend their reach into IT with integrations such as Red Hat Ansible and other popular ticketing system solutions.

Prepare for and respond to privacy breaches

Integrate privacy use cases, such as data breach response and data subject access request, into traditional SOAR technology to guide your team through complex regulations and processes to meet compliance.

Features

Deploy quickly

Install and deploy integrations quickly with AppHost.

Respond easily

Use dynamic playbooks to respond with agility and intelligence.

Customize playbooks

Create, edit and customize playbooks with Playbook Designer.

Key Feature Details

Collaborate with consistency with case management

Ensuring that the right person gets the right information at the right time is crucial to incident response. IBM Security® QRadar® SOAR empowers your security team with robust case management capabilities that enable in-platform notifications and information sharing. It can also extend communications beyond the SOC to involve key players in functions such as IT, Legal, Communications and Human Resources by integrating with popular collaboration tools.

Playbook Designer to create, edit and customize playbooks

Users can create detailed tasks and workflow elements from a single location and quickly process and transform threat/enrichment data without code to accelerate response times. It allows for faster decision-making, with predefined, configurable blocks that present data to a case and have built-in “getting started” experiences and in-context help.

Install and deploy integrations quickly with AppHost

With an extensive orchestration and automation ecosystem formed by more than 160 IBM validated, third-party supported and community applications published via the IBM® App Exchange, IBM Security QRadar SOAR enables numerous integrations with other security tools. AppHost, IBM Security QRadar SOAR's new integration server, makes the installation and configuration of applications quick and simple with a step-by-step installation process that allows for editable settings and configurations.

Visualize and understand relationships across incidents

Leverage the artifact visualization graph to better see and understand the relationship between incidents and the details associated with each incident, which may help uncover a broader campaign or an advanced persistent threat (APT). Information about related closed or open incidents is also displayed in hover and timeline view in IBM Security QRadar SOAR.

Respond with agility and intelligence with dynamic playbooks

IBM Security QRadar SOAR’s playbooks are dynamic and additive, which means that they adapt and change with an incident as the known facts evolve during an incident investigation. This dynamism is critical to your security operations center (SOC) analysts because it amplifies your team’s ability to respond to incidents by providing it with a recommended course of action and giving it the agility to pivot as required by changing events.

Inform strategic business decisions by tracking key metrics

Track metrics and KPIs for incidents and users, including mean time to detect (MTTD) and mean time to respond (MTTR), through IBM Security QRadar SOAR's comprehensive dashboards and reporting capabilities. Based on your results and analysis, you may choose to run simulations to train new employees, test new workflows and incident response plans, or practice different cyber-threat scenarios.

Make complex processes simple with visual workflows

Workflows codify your organization's incident response processes and allow you to leverage automation to eliminate repetitive tasks, orchestration to integrate with other security tools, and human intelligence to make decisions. The visual workflow editor enables your team to design and build complex workflows with a business process management notation (BPMN) engine that requires no special programming or coding skills. Playbooks consist of a single or multiple discrete workflows.

Integrate privacy use cases with the QRadar SOAR platform

Keep up with the ever-increasing challenges to address complex privacy breach reporting requirements and meet compliance standards with IBM Security QRadar SOAR with Privacy. The Global Privacy Regulations Knowledgebase, at the heart of the solution, tracks over 170 global regulations, including GDPR, PIPEDA, HIPAA, CCPA, and all 50 stated breach notification rules, and provides your team with guidance through the breach notification process.

Awards