Advanced analysis of application-level network flow data
IBM Security QRadar QFlow Collector appliances
for security intelligence
IBM® QRadar® QFlow Collector integrates with IBM QRadar SIEM and flow processors to provide Layer 7 application visibility and flow analysis to help you sense, detect and respond to activities throughout your network. This combined solution, powered by the advanced IBM Sense Analytics Enginetm, gives you greater visibility into network activity to better detect threats, meet policy and regulatory compliance requirements, and minimize risks to mission-critical services, data and assets.
IBM QRadar QFlow Collector paired with IBM QRadar SIEM provides:
- Threat detection. IBM QRadar QFlow Collector uses deep packet inspection technology on application-level network flow data to sense and detect new security threats without relying upon vulnerability signatures. You gain visibility to malware, viruses and anomalies through behavior profiling for all network traffic including applications, hosts and protocols.
- Policy and regulatory compliance management. You can identify and correct out-of-policy behavior, applications running over nonstandard ports, users logging on to critical servers with clear-text user names and passwords, and the use of unencrypted protocols in sensitive areas of the network.
- Social media monitoring. With IBM QRadar SIEM and IBM QRadar QFlow Collector, you can monitor and analyze activity on social media platforms and multimedia applications to detect potential threats to your network. Near real-time user behavior anomaly detection and content capture capabilities make it easier to detect malware, recognize vulnerabilities, and monitor your team’s social communications including their usage patterns.
- Advanced incident analysis and insight. You can perform near real-time comparisons of application flow data with log events sent from security devices. The correlation between log and flow data can provide visibility to serious threats that might otherwise go undiscovered.
- Continuous asset profiling. Automatically identify and classify new assets found on your network, and discover which ports and services they are running. These profiling capabilities can alert you when new systems or services are added and configuration changes occur.
IBM QRadar QFlow Collector resources
- Data sheet: IBM QRadar Security Intelligence Platform (788KB)
Learn more about how IBM QRadar Security Intelligence Platform products can help integrate log management, SIEM, risk management, anomaly detection, and configuration and vulnerability management to deliver improved threat detection and compliance.