QRadar Security Intelligence Platform, available on premises or cloud, integrates previously disparate functions -- including SIEM, log management, risk management, vulnerability management, incident forensics and network behavior analytics -- into an integrated platform to better protect assets and meet regulatory requirements.
- IBM® QRadar® Log Manager collects, analyzes, stores and reports on network security log events. It converts raw events from devices, servers, operating systems, applications, endpoints and more into actionable, searchable intelligence data.
- IBM® QRadar® Security Information and Event Management (SIEM) helps accurately detect and prioritize threats across the enterprise, provides intelligent insights that enable teams to respond quickly. By consolidating log events and network flow data from thousands of devices and applications, QRadar correlates and aggregates related informaiton into single alerts to accelerate incident analysis and remediation.
- IBM® QRadar® Vulnerability Manager senses security vulnerabilities and helps prioritize remediation activities. It correlates vulnerability data with network topology and connection data to intelligently manage risk. A policy engine automates compliance checks.
- IBM® QRadar® User Behavior Analytics analyzes user activity to detect malicious insiders and determine if a user’s credentials have been compromised. Security analysts can easily see risky users, view their anomalous activities and drill down into the log and flow data that contributed to a user’s risk score.
- IBM® QRadar® Incident Forensics allows to retrace the step-by-step actions of a potential attacker and quickly and easily conduct an in-depth forensics investigation of suspected malicious network security incidents. It reduces the time to investigate from days to hours—or even minutes.
- QRadar's capabilities can be augmented with AI. Radar Advisor with Watson adds cognitive capacity to QRadar by allowing to automatically investigate, qualify security incidents and advise analysts on the nature and extent of an incident.
Key QRadar capabilities are: