IBM QRadar SIEM solutions
IBM QRadar is an enterprise Security Information and Event Management (SIEM) product. It collects log data from an enterprise, its network devices, host assets and operating systems, applications, vulnerabilities, and User Activities and Behaviors. IBM QRadar then performs real-time analysis of the log data and network flows to identify malicious activity so it can be stopped quickly, preventing or minimizing damage to the organization.
The IBM QRadar SIEM can be deployed as a hardware, software, or virtual appliance-based product. The product architecture includes event processors for collecting, storing, and analyzing event data and event collectors for capturing and forwarding data. The SIEM product also includes flow processors to collect Layer 4 network flows, QFlow processors for performing deep packet inspection of Layer 7 application traffic, and centralized consoles for Security Operations Center (SOC) analysts to utilize when managing the SIEM. Flow processors offer similar capabilities as event processors, but are for network flows, and consoles are for people to utilize when using or managing the SIEM.
QRadar SIEM consolidates log source event data from thousands of devices, endpoints, and applications distributed throughout a network. It performs immediate normalization and correlation activities on raw data to distinguish real threats from false positives. IBM Security QRadar SIEM can also correlate system vulnerabilities with event and network data, helping to prioritize security incidents.
IBM Security QRadar SIEM
- Provides near real-time visibility for threat detection and prioritization, delivering surveillance throughout the entire IT infrastructure
- Reduces and prioritizes alerts to focus investigations on an actionable list of suspected incidents
- Enables more effective threat management while producing detailed data access and user activity reports
- Supports easier and faster installation, also includes a few time-saving tools and features
- Produces detailed data access and user activity reports to help manage compliance
In addition to the basic SIEM capabilities that enterprise SIEM products typically provide, IBM QRadar SIEM also offers support for threat intelligence feeds. Optionally, an IBM QRadar SIEM can have a license extension purchased that enables use of IBM Security X-Force Threat Intelligence, which identifies IP addresses and URLs that are associated with malicious activity. For each identified IP address or URL, the threat intelligence feed includes a threat score and category, which can help an organization better analyze and prioritize threats. IBM QRadar SIEM is part of the IBM QRadar Security Intelligence Platform, which includes modules for risk management, vulnerability management, forensics analysis, and incident response.
In addition, IBM QRadar can collect log events and network flow data from cloud-based applications, and it can be deployed as a SaaS offering on the IBM cloud where deployment and maintenance is outsourced.
IBM QRadar® Security Intelligence Platform products provide a unified architecture for integrating security information and event management (SIEM), log management, anomaly detection, incident forensics and configuration, and vulnerability management. These products offer advanced threat detection, greater ease of use and lower total cost of ownership. IBM QRadar Security Intelligence Platform delivers 360-degree security intelligence.
IBM QRadar Security Intelligence Platform products deliver:
- A single architecture for analyzing log, flow, vulnerability, user, and asset data.
- Near real-time correlation and behavioral anomaly detection to identify high-risk threats.
- High-priority incident detection among billions of data points.
- Full visibility into network, application, and user activity.
- Automated regulatory compliance with collection, correlation, and reporting capabilities
- Senses and detects inappropriate use of applications, insider fraud, and advanced low and slow threats that can be lost among millions of daily events.
- Collects logs and events from several sources including network assets, security devices, operating systems, applications, databases, and identity, and access management products.
- Collects network flow data, including Layer 7 (application-layer) data, from switches and routers.
- Obtains information from identity and access management products and infrastructure services such as Dynamic Host Configuration Protocol (DHCP); and receives vulnerability information from network and application vulnerability scanners.
IBM Security QRadar Incident Forensics: Allows you to retrace the step-by-step actions of a potential attacker, and quickly and easily conduct an in-depth forensics investigation of suspected malicious network security incidents.
IBM Security QRadar Log Manage: Delivers high-performance for collecting, analyzing, archiving, and storing large volumes of network and security event logs.
IBM Security QRadar Network Anomaly Detection: Enhances IBM Intrusion Prevention System (IPS) solutions by providing greater insight into network behavior and abnormal activity to better identify security threats.
IBM Security QRadarQFlow Collector: Combines with IBM Security QRadar SIEM and flow processors to provide Layer 7 application visibility and flow analysis, helping you understand and respond to activities throughout your network.
IBM Security QRadar Risk Manager: IBM Security QRadar Risk Manager monitors network topology, switch, router, and firewall and Intrusion Prevention System (IPS) configurations to reduce risk and increase compliance.
IBM Security QRadar SIEM: Consolidates log source event data from thousands of devices endpoints and applications distributed throughout a network. It performs immediate normalization and correlation activities on raw data to distinguish real threats from false positives.
IBM Security QRadarVFlow Collector: Combines with IBM Security QRadar SIEM to provide Layer 7 application-layer visibility into virtual network traffic, helping you understand and respond to activities in your network.
IBM Security QRadar Vulnerability Manager: IBM Security QRadar Vulnerability Manager proactively discovers network device and application security vulnerabilities, adds context, and supports the prioritization of remediation and mitigation activities.