IBM Security QRadar Log Manager

Captures and processes large volumes of event data

• Collects data from a wide variety of network and security devices including routers and switches, firewalls, virtual private networks (VPNs), intrusion detection/prevention systems (IDS/IPS), antivirus applications, hosts and servers, databases, mail and web applications, custom devices, and proprietary applications.
• Analyzes and correlates diverse log data and events to provide actionable insight into compliance risks, potential attacks, inappropriate data access, insider threats and more.
• Uses the customizable dashboard for role-based access by function, and provides a full view of near real-time and historical log data, with extensive reporting for regulatory compliance and threat management.
• Provides a seamless migration path to the full IBM Security QRadar SIEM product, helping to ease the transition from security information management to true security intelligence.

Provides rich compliance-reporting capabilities

• Helps meet auditing and reporting requirements for compliance mandates, using extensive built-in correlation rules and reports, with automated alerting for near real-time policy enforcement.
• Supports requirements such as Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), North American Electric Reliability Corporation (NERC) and Federal Energy Regulatory Commission (FERC), Sarbanes–Oxley (SOX) and more.
• Exceeds Federal Information Security Management Act (FISMA) requirements for continuous monitoring to help government agencies develop risk-based IT security strategies.

Scales to support hundreds of thousands of events per second

• Employs architectural configurations ranging from an all-in-one hardware or software solution to enterprise deployments using a centralized console and any number of distributed event processor and event collector appliances.
• Delivers up to 16 terabytes of fault-tolerant storage per appliance for archiving event logs, with the ability to scale to up to hundreds of terabytes with a federated database architecture.
• Supports extensive log file integrity checks including NIST Log Management Standard SHA-x (1-256) hashing for tamper-proof log archives.
• Includes a customizable event-indexing capability that dramatically speeds up free-text searching.
• Allows user-defined data retention by time and type of data, and compresses older data to further extend event data retention capabilities.

Offers high-availability and disaster-recovery options

• IBM Security QRadar high-availability software lets you take advantage of automatic failover and full disk synchronization between systems, helping support continuous operations in the event of an appliance or server failure.
• Disaster-recovery appliances can help safeguard your log data by mirroring it to a secondary, identical and offsite backup system.
• Advanced plug-and-play appliances can be paired with any element of an IBM Security QRadar deployment, allowing you to add protection where and when you need it.