Next-Generation Firewall, Deep Learning Endpoint Protection and Intelligent SIEM Integration

Abstract

In our daily lives, we heavily depend on technology and using the Internet has become an important part of our daily life. This greatly exposes us to cyber-attacks; we need systems and devices to maintain the security and confidentiality of information and data. Among the companies that are interested in the field of information security and data is Sophos, which has many systems and devices that work to maintain data protection and keep from being stolen and attacked. Moreover, IBM is interested in manufacturing and producing information security products such as IBM QRadar which collects the logs and events from real-time network monitoring, so it can predict the presence of risks or vulnerabilities on the devices and network. We have integrated the AI of Sophos Next-Generation (NGFW) firewall and Sophos Intercept X Deep Learning with IBM QRadar appliance SIEM solution through collecting and analyzing the data generated from Sophos Central and Next Generation Firewall. Integrating Sophos Central and Sophos NGFW with IBM QRadar appliance offers a comprehensive insight into the IT infrastructure to collect enough data about the other systems inside the network and this gives the possibility to detect advanced attacks. Furthermore, Increase the performance of network real-time monitoring in IT infrastructure that has a Sophos Next-Generation firewall and Intercept X endpoint. As for the result of this project, we have developed a framework that integrates Sophos NGFW and Intercept X with IBM QRadar based on the integration methodology that we developed. Moreover, we have augmented Sophos NGFW and Intercept X Deep learning detections into the QRadar AI engine which decreased false-positives and attacks detection time