Advanced analysis of application-level network flow data in virtual environments
IBM® Security QRadar® VFlow Collector, combined with IBM Security QRadar SIEM, provides Layer 7 application-layer visibility into virtual network traffic to help you understand and respond to activities in your network. This combined solution helps support VMware virtual environments to enable the profiling of more than 1,000 applications; better detect threats; meet policy and regulatory compliance requirements; and minimize risks to mission-critical services, data and assets. It runs on the virtual server and does not require additional hardware.
IBM Security QRadar VFlow Collector paired with IBM Security QRadar SIEM provides:
- Threat detection. IBM Security QRadar VFlow Collector uses deep packet inspection technology on application-level network flow data to detect new security threats without relying upon vulnerability signatures. You can identify malware, viruses and anomalies through behavior profiling throughout network traffic including applications, hosts and protocols.
- Policy and regulatory compliance management. You can identify and correct out-of-policy behavior; applications running over nonstandard ports; users logging on to critical servers with clear-text user names and passwords; and the use of unencrypted protocols in sensitive areas of the network.
- Social media monitoring. With IBM Security QRadar SIEM and IBM Security QRadar VFlow Collector, you can monitor and analyze activity on social media platforms and multimedia applications to detect potential threats to your network. Near real-time anomaly detection and content capture capabilities make it easier to detect malware, recognize vulnerabilities, and monitor your team’s social communications including their usage patterns.
- Advanced incident analysis and insight. You can perform near real-time comparisons of application flow data with log events sent from security devices. The correlation between log and flow data can help identify serious threats that might otherwise go undiscovered.
- Continuous asset profiling. Automatically identify and classify new assets found on your network, and discover which ports and services they are running. These profiling capabilities can alert you when new systems or services are added and configuration changes occur.
IBM Security QRadar VFlow Collector resources
- Data sheet: IBM QRadar Security Intelligence Platform (788KB)
Learn more about how IBM QRadar Security Intelligence Platform products can help integrate log management, SIEM, risk management, anomaly detection, and configuration and vulnerability management to deliver improved threat detection and compliance.