QRadar Log Manager provides numerous advantages over other log management solutions, including:

• Easy Deployment. Simple and easy-to-use solution for secure and efficient log management
• Distributed log collection and archival. Scales to support any size enterprise network
• Policy-driven event correlation. Hundreds of useful, out-of-the box correlation rules provide immediate value to users
• Effective reporting and compliance auditing. Compliance-driven report templates meet specific regulatory reporting and auditing requirements
• Reliable and tamper-proof log storage. Supports extensive log file integrity checks, including NIST Log Management Standard SHA-x (1-256) hashing for tamper-proof log archives
• Simple upgrade to full QRadar SIEM. A fully scalable appliance family, QRadar Log Manager can also be easily upgraded via a software license key to Q1 Labs’ highly acclaimed QRadar SIEM solution – providing users with a seamless migration path to full SIEM capabilities – as an organization’s requirements change and a more comprehensive threat and compliance management system is needed

QRadar SIEM

The Primary Detection Control in Cymbel’s Defense-in-Depth Architecture

QRadar SIEM delivers the industry’s only solution that enables security professionals to gain visibility they need to protect their networks and better protect IT assets from a growing landscape of advanced threats as well as meet current and emerging compliance mandates.

As the most intelligent, integrated, and automated SIEM in the industry, QRadar SIEM delivers deep visibility into network, user, and application activity providing organizations with intelligence into potential and existing threats across their entire network.

Threat Detection and Prioritization

Internet-based threats and fraud continue to proliferate in today’s complex networks. Compounding this problem is a steady rise in insider theft of valuable corporate information. QRadar SIEM consolidates siloed information to more eff ectively detect and manage complex threats. The information is normalized and correlated to quickly deliver intelligence that allows organizations to detect, notify and respond to threats missed by other security solutions with isolated visibility.

QRadar SIEM provides contextual and actionable surveillance across an entire IT infrastructure
allowing an organization to detect and remediate threats such as: inappropriate use of applications,
insider fraud, threats that could be lost in the noise of millions of events, and more.

QRadar SIEM collects the following:

• Security Events – Events from firewalls, VPNs, IDS/IPS, etc.
• Network Activity Content – Layer 7 application context from network and application traffic
• User/ Asset Context – Contextual data from IAM products and vulnerability scanners
• Network Events – Events from switches, routers, servers, hosts, etc.
• Application Logs – ERP, workflow, applications, databases, management platforms, etc.

QRadar SIEM tracks significant incidents and threats and builds a history of supporting and relevant information. Information such as point in time, off ending users or targets, attacker profiles, vulnerability state, asset value, active threats and records of previous off enses all help provide security teams with the intelligence they need to act regardless of where they are.

Application Visibility and Anomaly Detection

QRadar SIEM supports a variety of anomaly detection capabilities to identify changes in behavior against
applications, hosts, servers and areas of the network. For example, off hours or excessive usage of an application
or cloud-based service or network activity patterns which are inconsistent with historical profiles.

The ability to detect application traffic at Layer 7 enables QRadar SIEM to provide accurate analysis and insight
into an organization’s network for policy, threat and general network activity monitoring. To further improve
visibility into the network, QRadar SIEM now has the ability to monitor the usage of applications like Skype and
social media (including Twitter, LinkedIn, etc.) from within the network. This includes insight into who is using
what, analysis and alerts for content transmission and correlation with other network and log activity to reveal
inappropriate data transfers.

QRadar SIEM supports a variety of out of the box anomaly and behavioral detection rules. Users can customize
their own views through a simple to use filtering capability and apply anomaly detection to any time series data.

Advanced Forensics

Real-time, location-based and historical searching of fl ow and event data for analysis and forensics greatly
improves the ability to assess activities and incident resolution. With easy to use dashboards, time series views
with drill down capabilities, packet level visibility of content and hundreds of predefi ned searches and views,
users can quickly aggregate data to summarize and identify anomalies and top activity contributors. Federated
searches can also be performed across large, geographically distributed environments.

Compliance Management

QRadar SIEM brings the transparency, accountability and measurability critical to the success of meeting
regulatory mandates and reporting on compliance. QRadar SIEM’s unique correlation and integration of all
surveillance feeds yields:

• More complete metrics reporting around IT risks for auditors
• Thousands of reports and rules templates to address industry compliance requirements

Organizations can efficiently respond to compliance-driven IT security requirements with QRadar SIEM’s
extensibility to include new defi nitions, regulations and best practices through auto-updates. In addition,
profi les of all the assets on the network can be grouped by business function (e.g. servers that are subject to
HIPAA compliance audits).

QRadar provides prebuilt dashboards, reports and rules templates for the following regulations and control
frameworks: CobiT, SOX, GLBA, NERC/FERC, FISMA, PCI-DSS, HIPAA, & UK GSi/GCSx, GPG, and more.

QRadar Risk Manager

QRadar Risk Manager provides organizations with a pre-exploit solution that allows network security professionals to assess what risks exist during and after an attack, while also answering many “What if?” questions ahead of time, which can greatly improve operational efficiency and reduce network security risks.

Leading organizations choose QRadar Risk Manager to:

• Assess compliance risk
• Prioritize vulnerabilities
• Meet network configuration baselines
• Determine risk of network and configuration changes
• Increase operational efficiency with automated configuration monitoring and audit
• Gain visibility into network traffic
• Monitor high risk networks

Risk Assessment

QRadar Risk Manager integrates risk management, SIEM, log management and network behavior analysis to
automate risk management functions in mission critical areas, including network and security confi guration,
policy, and compliance management. It greatly improves an organization’s ability to assess information security
risk and is delivered in a single, integrated console. The solution automates the assessment of security policies
while leveraging the broadest range of risk indicators, including network and security confi guration data,
network activity data, network and security events, and vulnerability scan results.

Policy Monitoring

QRadar Risk Manager features an automated knowledge engine that simplifi es the assessment of a wide spectrum of information security and compliance policies. With an intuitive question-based template, the knowledge engine integrates previously disparate indicators of risk, including confi guration data, network activity data, network and security events, and vulnerability scan data.

A comprehensive out-of-the-box library of industry-optimized policy templates help assess risk across multiple regulatory mandates and information security best practices such as PCI, HIPAA, CoCo and ISO 27001, etc. These templates can be easily extended to align with an organization’s internal information
security policies.

Device Configuration and Topology

QRadar Risk Manager’s provides automated collection, monitoring, and audit of confi guration of devices across an organization’s switches, routers, firewalls, and IDS/IPS’s. Through a unique ability to normalize device confi guration, QRadar Risk Manager provides a detailed and intuitive assessment of how devices are configured, including defined firewall rules, security policy, and network hierarchy to seamlessly assess when a network configuration allows traffic that is “out of policy” by a regulation, corporate mandate, or industry best practice.

QRadar Risk Manager maintains a history of confi guration changes and allows users to audit this history across a multi-vendor network. This powerful capability allows users to compare normalized device confi gurations, over time, from a single device or from diff erent devices through a single user interface, making it easier to audit confi guration. The collection of device confi guration data is also instrumental in building an enterprise-wide representation of a network’s topology.

This topology mapping helps an organization to understand allowed and denied activity across the entire network, resulting in improved consistency of device confi guration that introduce risk to the network and fl agged configuration changes.

Modeling and Simulation of Network and Security Events

With modeling and simulation, QRadar Risk Manager helps organizations prioritize their most signifi cant areas of risk. With simulation, an organization can quickly understand the risk impact of proposed changes to a network’s confi guration, before the changes are implemented. For example, QRadar Risk Manager’s unique understanding of vulnerabilities, as reported by leading VA scanners, in conjunction with active network topology profiling provided by the device confi guration and topology features, provides a unique prioritization of the most vulnerable systems.

This prioritization is delivered via reports and not only summarizes which assets have vulnerabilities, but exposes those assets that are vulnerable due to the confi guration of the network, resulting in improved operational effi ciency and network security.

Advanced Network Visualization

QRadar Risk Manager offers two network visualization security tools, providing unique, risk-focused, graphical
representations of the network. The end result of both these visualizations off ers network and security teams
a revolutionary investigative capacity by providing before, during and after vulnerability information. The first,
called the “Network Topology”, delivers detailed views into how network traffi c can and does traverse a network. Diff erent than all other network topologies, this insight comes from a unique combination of data sources, including device confi guration, network activity data (from flows), and security events (i.e. firewall allows/ denies).

The second, called the “Connection Monitor” is a fast and effi cient tool for investigating and analyzing historical
network activity. Adding value to these visualizations are network mappings that allow visualizations to assess
when traffic can and does occur with specific geographic regions or known high risk networks.

If you have a question or a comment, or would like more information or a demonstration, please let us know by completing the Contact Us box on the upper right side of this page.