IBM QRadar is an enterprise Security Information and Event Management (SIEM) product. It collects log data from an enterprise, its network devices, host assets and operating systems, applications, vulnerabilities, and User Activities and Behaviors. IBM QRadar then performs real-time analysis of the log data and network flows to identify malicious activity so it can be stopped quickly, preventing or minimizing damage to the organization.
The IBM QRadar SIEM can be deployed as a hardware, software, or virtual appliance-based product. The product architecture includes event processors for collecting, storing, and analyzing event data and event collectors for capturing and forwarding data. The SIEM product also includes flow processors to collect Layer 4 network flows, QFlow processors for performing deep packet inspection of Layer 7 application traffic, and centralized consoles for Security Operations Center (SOC) analysts to utilize when managing the SIEM. Flow processors offer similar capabilities as event processors, but are for network flows, and consoles are for people to utilize when using or managing the SIEM.
QRadar SIEM consolidates log source event data from thousands of devices, endpoints, and applications distributed throughout a network. It performs immediate normalization and correlation activities on raw data to distinguish real threats from false positives. IBM Security QRadar SIEM can also correlate system vulnerabilities with event and network data, helping to prioritize security incidents.