Advanced network security for private virtualized networks
Free Trial: IBM QRadar Network Security (XGS)
Try QRadar XGS free for 30-days
IBM® QRadar® Network Security for VMware is a virtual appliance solution that provides the same level of threat detection and protection against attacks that our physical appliance provides in legacy physical networks. The virtual version of IBM QRadar Network Security (XGS), it delivers the network visibility, control, and security for VMware environments. The virtual appliance also offers native integration with IBM QRadar Security Intelligence Platform to deliver comprehensive threat detection and enables immediate action to be taken on security intelligence.
IBM QRadar Network Security for VMware provides:
- Visibility into the network, including applications used, websites accessed and actions being performed
- Granular control, including actions within particular web and non-web applications
- Protection against threats to web applications, including SQL injection and cross-site scripting attacks
- IBM Ahead of the Threat® protection backed by IBM X-Force® research
- Protection for systems prior to being patched with IBM Virtual Patch® technology
- Integration with IBM QRadar Security Intelligence Platform for threat detection and prioritized incident response
IBM QRadar Network Security for VMware includes visibility and control features that significantly increase the ability to mitigate attacks that are focused on users and make it possible to reduce activities that users may not know are putting them at risk.
- Deep packet inspection—Analyze hundreds of protocols and file formats to fully classify network traffic, regardless of address, port or protocol.
- SSL visibility—Identify inbound and outbound traffic threats, even making it possible to detect attacks that are trying to hide within encrypted sessions. This is critical today because most applications are deployed with SSL encryption, and visibility into the encrypted traffic is limited.
- Identity and application awareness—Associate users and groups with their network activity, application usage and actions. Based on this information, policies can be created to reduce risk, such as policies that granularly control access to sites that may provide a potential delivery mechanism for phishing and malware.
These capabilities reflect a fundamental difference between the IBM approach to threat protection and that of other security solution providers. IBM QRadar Network Security for VMware protects the vulnerabilities in virtual network traffic, staying ahead of the threat with preemptive protection—rather than waiting until a threat is present and blocking the exploit.
Using a variety of sophisticated technologies, IBM QRadar Network Security for VMware blocks a tremendous range of threats on virtual networks, including:
- Traffic-based threats—protocol anomalies, protocol tunneling, RFC noncompliance and obfuscation techniques
- System and service-level attacks—exploits of unpatched vulnerabilities, code injection, buffer overflows and denial-of-service (DoS) tactics
- Web application exploits—cross-site scripting, SQL injection, cross-site request forgery and cross-path injection attacks
- Compromised users—spear phishing, drive-by downloads, malicious attachments and malware links
- Risky applications—social media, file sharing, remote access and audio/video transmission
The IBM solution uses behavior-based detection techniques to block zero-day attacks, mutations and other threats that target previously unknown vulnerabilities. These techniques include:
- Vulnerability decodes—focused algorithms for mutating threats
- Web injection logic—patented protection against web attacks
- Content analysis—file and document inspection and anomaly detection
- Application-layer heuristics—proprietary algorithms to block malicious use
- Shellcode heuristics—behavioral protection to block exploit payloads
- Protocol anomaly detection—protection against misuse, unknown vulnerabilities and tunneling across multiple protocols