13 October 2017 alexandre

SIEM QRadar

Enhanced internal security to protect your assets and information from advanced threats.

IBM Security QRadar SIEM consolidates event data and log sources from thousands of end nodes and applications distributed across a network. It performs immediate normalisation and correlation activities on your raw data to distinguish between real threats and false positives. Optionally, this software can also offer IBM Security X-Force Threat Intelligence, which generates a list of potentially malicious IP addresses (e.g., malware hosts, spam sources and other threats). IBM Security QRadar SIEM can also correlate system vulnerabilities with network and event data to help you prioritize security incidents.

IBM Security QRadar SIEM :

Provides near real-time visibility for threat detection and prioritisation through enhanced monitoring of the entire IT infrastructure.

  • Helps detect inappropriate application use, internal fraud, and advanced, slow, or weak threats that can get lost in the midst of millions of events.
  • Collects logs and events from multiple resources: security devices, operating systems, applications, databases, identity and access management products, etc.
  • Collects network flow data, including Layer 7 data (by application layer), from switches and routers.
  • Obtains information from identity and access management products and infrastructure services (e.g. DHCP, Dynamic Host Configuration Protocol), and receives vulnerability information from network and application vulnerability scanners.

Reduce the number of alerts and prioritise them to focus investigations on a useful list of suspected incidents.

  • Normalizes and correlates events immediately with other data to detect potential threats, and report and monitor compliance.
  • Reduce billions of events and flows to a handful of useful “crimes” and prioritise them according to business impact.
  • Builds a business foundation and detects anomalies to identify behavioral changes associated with applications, hosts, users and different areas of the network.
  • Provides optional IBM Security X-Force Threat Intelligence to identify activity associated with suspicious IP addresses, such as those suspected of hosting malware.

Optimises threat management while providing access to detailed data and generating user activity reports.

  • Tracks significant threats and incidents, sending links to all relevant data and contexts to simplify investigations.
  • Searches through events and stream data in near real time or from historical data to optimize investigations.
  • Enables the addition of IBM Security QRadar QFlow and IBM Security QRadar VFlow Collector devices to give you deeper insight and visibility into your applications (e.g., enterprise resource management), databases, collaboration products and social media via Layer 7 network flow collection.
  • Detects unusual or out-of-hours usage of an application or cloud service, or network activity patterns that are inconsistent with historical usage patterns.
  • Performs federated searches across large, geographically distributed environments.

Facilitates and accelerates the installation process with time-saving tools and features.

  • Automatically discovers log source devices and monitors network traffic to identify and classify hosts and servers – controlling the applications, protocols, services and ports they use – for significant time savings.
  • Includes a centralised user interface that provides function-based and role-based access, as well as a global view for near real-time analysis, incident management and reporting.
  • Consolidates network flow records from a given time range under a single entry to reduce storage consumption and conserve licensing requirements.

Provides access to detailed data and generates user activity reports to help you manage compliance.

  • Controls all access to user data by username and IP address to ensure that data privacy policies are enforced.
  • Includes an intuitive reporting engine that does not require advanced database and reporting skills.
  • Provides the transparency, reliability and measurability to meet regulatory mandates and compliance reporting requirements.

Source : IBM