IBM QRadar

IBM® Security QRadar® SIEM consolidates log source event data from thousands of devices endpoints and applications distributed throughout a network. It performs immediate normalization and correlation activities on raw data to distinguish real threats from false positives. As an option, this software incorporates IBM Security X-Force® Threat Intelligence which supplies a list of potentially malicious IP addresses including malware hosts, spam sources and other threats. IBM Security QRadar SIEM can also correlate system vulnerabilities with event and network data, helping to prioritize security incidents.

IBM Security QRadar SIEM: ? Provides near real-time visibility for threat detection and prioritization, delivering surveillance throughout the entire IT infrastructure. ? Reduces and prioritizes alerts to focus investigations on an actionable list of suspected incidents. ? Enables more effective threat management while producing detailed data access and user activity reports. ? Delivers security intelligence in cloud environments. ? Produces detailed data access and user activity reports to help manage compliance. ? Offers multi-tenancy and a master console to help Managed Service Providers provide security intelligence solutions in a cost-effective manner.

Provides near real-time visibility ? Helps detect inappropriate use of applications, insider fraud, and advanced low and slow threats that can be lost among millions of events. ? Collects logs and events from several resources including security devices, operating systems, applications, databases, and identity and access management products. ? Collects network flow data, including Layer 7 (application-layer) data, from switches and routers. ? Obtains information from identity and access management products and infrastructure services such as Dynamic Host Configuration Protocol (DHCP); and receives vulnerability information from network and application vulnerability scanners.