1. How Jeskell helped a federal research center tune IBM’s Security Information and Event Management Software - QRadar - to improve correlation, increase actionable intelligence, and reduce network activity reporting by over 2,000 events per second during peak periods.
The client is one of the leading research centers in the country, producing research related to sensitive civilian, military, and space flight technologies. Hundreds of people access their network on a daily basis from both inside and outside the network.
The security and event reporting system was not capturing over 2,000 events per second during peak hours, due to the way their event monitoring was set-up, combined with a limitation on their software license. The lost data posed a security risk to their network. The center contacted Jeskell, to help analyze the problem and recommend a solution. Due to the potential risks involved, the customer needed services quoted within three days and work executed with two weeks. Jeskell rose to the occasion.
Jeskell led a cross departmental working group during the engagement, beginning with a detailed health check of the customers network security environment, while ensuring that each department understood the needs of the other to develop a system wide security posture.
Jeskell discovered that for some events, duplicate logs were being recorded, in addition to identifying some areas where the QRadar software was not fully tuned. To address these issues, Jeskell took the following steps:
- Correcting the reporting procedures from log sources to give only one copy of each event to QRadar.
- Assisting the client to prioritize which types of events and network traffic needed closer scrutiny.
- Assisting the client in developing new rules to increase the accuracy of correlations and reduce the number of reported security offenses to manageable numbers.
- Implementing industry best practices across their QRadar environment.
At the conclusion of the engagement, the client reduced their Events Per Second count dramatically, staying within their licensed limits even during peak hours. The customer not only eliminated dropped events, they also avoided unnecessary licensing costs.
Jeskell provided customized suggestions for QRadar tunings which would enable the customer to reduce the number of reported security incidences from 200 per day to less than 50, by eliminating reported incidences that were not security issues. The customer left with a good understanding of those suggestions to take to their working group for implementation.
The client now has a properly tuned system and a roadmap for further improvement. They have requested quotes for future engagements and personalized QRadar training. Most importantly, they now feel that they are realizing the expected value of QRadar within their security environment.
2. Combining IBM’s Rational Software Development tool and SoftLayer expertise, Jeskell was able to help a startup federal weapons contractor gain cloud computing’s flexibility, scalability, and cost-efficiency for its software development activities.
As a small federal contractor, the client was looking for a cost-effective way to bring IBM Rational into their IT environment. IBM Rational is a software development and testing solution that helps development teams deploy, configure, and update applications. This also includes integrated quality assurance to guarantee that the software development cycle goes smoothly.
The client turned to IBM for assistance to get IBM Rational up and running on their in-house physical servers. Once IBM got the client’s request, they turned to the Jeskell team to lead the project. Given our specialty skills as implementers of IBM Rational tools, we were capable of quickly and efficiently making the solution operational on the client’s system.
As a new company dealing with constant organizational changes, the contractor was also looking to deploy and operate IBM Rational from a cloud-based environment for greater agility, growth management and lower costs. That’s when SoftLayer came into the picture. SoftLayer, provides uncompromising performance for the most demanding workloads, all while delivering total flexibility and excellent cost efficiency. With SoftLayer, clients avoid tieing up scarce capital with dedicated servers in their own data centers, yet still benefit from the total flexibility and predictability of SoftLayer’s hardware assets in the cloud.
With the help of the Jeskell account team, we began to form a migration path that would bring IBM Rational and SoftLayer together.
The SoftLayer cloud suite was the ideal cloud service model to unlock even greater value from IBM Rational technology. For this US Military client in particular, SoftLayer presented a few strategic advantages, including:
- Self-provisioning and faster deployment time
- Enhanced scalability to manage unpredictable workloads
- Lower upfront cost, helping the client allocate financial resources to other needs
The SoftLayer offering was compelling from a strategic and cost standpoint, but the client still had questions about its performance and throughput capability. In short order, Jeskell’s engineering team assembled a benchmark routine to show the client how IBM Rational would truly perform in the SoftLayer cloud. Performance results were outstanding; the client was delighted, and immediately began the migration effort to SoftLayer with Jeskell assistance.
In accordance with IBM best practices (adapted from IBM Rational engineers), we were able to quickly migrate IBM Rational from the physical environment to the SoftLayer cloud. The entire process was drama-free, as Jeskell engineers were hands-on and attentive to all the client’s requirements.
At the end of the day, our client was fully deployed with their desired IBM Rational tool suite in the SoftLayer environment. They were ideally positioned to benefit from all the compelling advantages this solution offers: fast startup, improved flexibility and productivity, and dramatically lower TCO.