Offer security intelligence and IBM Sense Analytics to protect assets and information from advanced threats
How QRadar SIEM can help your business
IBM® QRadar® SIEM detects anomalies, uncovers advanced threats and removes false positives. It consolidates log events and network flow data from thousands of devices, endpoints and applications distributed throughout a network. It then uses an advanced Sense Analytics engine to normalize and correlate this data and identifies security offenses requiring investigation. As an option, it can incorporate IBM X-Force® Threat Intelligence which supplies a list of potentially malicious IP addresses including malware hosts, spam sources and other threats. QRadar SIEM is available on premises and in a cloud environment.
|
Provide near real-time visibility Capture log event and network flow data in near real time and apply advanced analytics to reveal security offenses. |
Reduce and prioritize alerts Focus security analyst investigations on a short, manageable list of suspected, high probability incidents. |
| Optimize threat detection Sense and track significant security incidents and threats with supporting data and context for easier investigation. Create detailed data access and user activity reports. |
Easily manage compliance Comply with internal organizational policies and external regulations by offering many customizable reports and templates. |
Key Features
|
|
| Feature spotlights |
|
|
Sense and detect fraud, insider and advanced threats Deploy a single, highly scalable platform to reduce thousands of security events into a manageable list of suspected offenses. Collect logs and events from many sources including network assets, security devices, operating systems, applications, databases and identity and access management products. Pull network flow data, including Layer 7 (application-layer) data, from switches and routers. |
Quickly and inexpensively add more storage and processing Add QRadar Data Node plug-in storage capabilities to increase your local storage capacity, improve search performance when retrieving data for offense investigations and eliminate bottlenecks without increasing licensing terms. |
|
Perform immediate event normalization and correlation Optimize threat detection and compliance reporting by reducing billions of events and flows into a handful of actionable offenses and prioritize them according to business impact. Perform activity baselining and anomaly detection to identify changes in behavior associated with applications, hosts, users and areas of the network. Use IBM® X-Force® Threat Intelligence (optional) to identify activity associated with suspicious IP addresses, such as those suspected of hosting malware. |
Provide enforcement of data-privacy policies Includes an intuitive reporting engine that does not require advanced database and report-writing skills. Provide the transparency, accountability and measurability to meet regulatory mandates and compliance reporting. |
|
Sense, track and link significant incidents and threats Simplify and enhance investigations by performing event and flow analysis using either near real-time streaming or historical data. Add IBM QRadar® QFlow and IBM QRadar VFlow Collector for deep insight and visibility into applications, databases, collaboration products and social media through deep packet inspection of Layer 7 network traffic. |
Enable threat-prevention collaboration and management Permit access to the IBM Security App Exchange. |
|
Deploy QRadar SIEM on premises or in cloud environments Collect events and flows from applications running both in the cloud and on-premises, or have IBM deploy, manage and maintain your QRadar infrastructure while your staff performs security threat management tasks. |