Early Threat Detection and Cyber Resiliency on the IBM DS8000, with QRadar, Copy Services Manager, and Safeguarded Copy

In this video, we show a Proof of Concept, showing the high level overview and actions easily done by a customer to further harden their security posture with QRadar, Copy Services Manager, and Safeguarded Copy. The video shows a live attack on a DS8k, with QRadar detecting these suspicious behaviors and then immediately invoking a Python Script (or Ansible) to then pause replication, and do an Ad-hoc, immediate Safeguarded Copy snapshot, as well as raise an alert for the security team to investigate. This demo also opens further discussions on using similar playbooks for an immediate restoration and recovery playbooks.

Here are links to the publicly available code and paper that goes into more depth:

https://www.redbooks.ibm.com/abstracts/redp5677.html?Open

https://github.com/IBM/cyber-resiliency-solutions