IBM QRadar SIEM
Today’s networks are more complex than ever before, and protecting them from increasingly malicious and sophisticated attackers is a never-ending task. Organizations seeking to protect their customers’ identities, safeguard their intellectual property and avoid business disruption need to proactively monitor their environment so that they can rapidly detect threats and accurately respond before attackers are able to cause material damage. IBM QRadar® Security Information and Event Management (SIEM) is designed to provide security teams with centralized visibility into enterprise-wide security data and actionable insights into the highest priority threats. As a first step, the solution ingests a vast amount of data throughout the enterprise to provide a comprehensive view of activity throughout on-premises and cloud-based environments. As data is ingested, QRadar applies real-time, automated security intelligence to quickly and accurately detect and prioritize threats. Actionable alerts provide greater context into potential incidents, enabling security analysts to swiftly respond to limit the attackers’ impact. Unlike other solutions, only QRadar is purpose-built to address security use cases and intentionally designed to easily scale with limited customization effort required.
IBM Security QRadar SIEM:
- Provides near real-time visibility for threat detection and prioritisation, delivering surveillance throughout the entire IT infrastructure.
- Reduces and prioritises alerts to focus investigations on an actionable list of suspected incidents.
- Enables more effective threat management while producing detailed data access and user activity reports.
- Supports easier, faster installation and includes time-saving tools and features.
- Produces detailed data access and user activity reports to help manage compliance
Provides near real-time visibility
- Helps detect inappropriate use of applications, insider fraud, and advanced low and slow threats that can be lost among millions of events.
- Collects logs and events from several resources including security devices, operating systems, applications, databases, and identity and access management products.
- Collects network flow data, including Layer 7 (application-layer) data, from switches and routers.
- Obtains information from identity and access management products and infrastructure services such as Dynamic Host Configuration Protocol (DHCP); and receives vulnerability information from network and application vulnerability scanners.
Reduces and prioritises alerts
- Performs immediate event normalisation and correlation with other data for threat detection and compliance reporting and auditing.
- Reduces billions of events and flows into a handful of actionable offenses and prioritises them according to their business impact.
- Performs activity baselining and anomaly detection to identify changes in behavior associated with applications, hosts, users and areas of the network.
- Uses IBM Security X-Force Threat Intelligence optionally to identify activity associated with suspicious IP addresses, such as those suspected of hosting malware.
Enables more effective threat management
- Tracks significant incidents and threats, providing links to all supporting data and context for easier investigation.
- Performs events and flow data searches in near real-time streaming mode or on a historical basis to enhance investigation.
- Enables the addition of IBM Security QRadar QFlow and IBM Security QRadar VFlow Collector appliances for deep insight and visibility into applications (such as enterprise resource management), databases, collaboration products and social media through Layer 7 network flow collection.
- Helps detect off-hours or unusual use of an application or cloud-based service, or network activity patterns that are inconsistent with historical usage patterns.
- Performs federated searches throughout large, geographically distributed environments.
Supports easier, faster installation
- Automatically discovers most log source devices and monitors network traffic to find and classify hosts and servers—tracking the applications, protocols, services and ports they use—for significant time savings.
- Includes a centralised user interface that offers role-based access by function and a global view to access near real-time analysis, incident management and reporting.
- Groups network flow records occurring within a narrow time period as a single entry to help reduce storage consumption and conserve license requirements.
Produces detailed data access and user activity reports
- Tracks all access to customer data by username and IP address to ensure enforcement of data-privacy policies.
- Includes an intuitive reporting engine that does not require advanced database and report-writing skills.
- Provides the transparency, accountability and measurability to meet regulatory mandates and compliance reporting.