Abstract:
In our daily lives, we heavily depend on technology and using the Internet has become an
important part of our daily life. This greatly exposes us to cyber-attacks; we need systems and
devices to maintain the security and confidentiality of information and data. Among the
companies that are interested in the field of information security and data is Sophos, which has
many systems and devices that work to maintain data protection and keep from being stolen and
attacked.
Moreover, IBM is interested in manufacturing and producing information security products such
as IBM QRadar which collects the logs and events from real-time network monitoring, so it can
predict the presence of risks or vulnerabilities on the devices and network.
We have integrated the AI of Sophos Next-Generation (NGFW) firewall and Sophos Intercept X
Deep Learning with IBM QRadar appliance SIEM solution through collecting and analyzing the
data generated from Sophos Central and Next Generation Firewall.
Integrating Sophos Central and Sophos NGFW with IBM QRadar appliance offers a
comprehensive insight into the IT infrastructure to collect enough data about the other systems
inside the network and this gives the possibility to detect advanced attacks. Furthermore,
Increase the performance of network real-time monitoring in IT infrastructure that has a Sophos
Next-Generation firewall and Intercept X endpoint.
As for the result of this project, we have developed a framework that integrates Sophos NGFW
and Intercept X with IBM QRadar based on the integration methodology that we developed.
Moreover, we have augmented Sophos NGFW and Intercept X Deep learning detections into the
QRadar AI engine which decreased false-positives and attacks detection time
