How do you monitor your vulnerability?

How do you currently monitor your vulnerability? How many different applications do you have in place to accomplish this task? How many different reports do you get? How long does it take to read through all of them and then fix all the issues? With IBM’s Qradar, instead of purchasing another application, you can simply activate Qradar’s Vulnerability manager with a licensing key.

The Vulnerability Manager integrates directly with Qradar so it is able to easily pull results through both scheduled and dynamic vulnerability scans with network asset information, security configurations, flow data, logs and threat intelligence. It then combines that data with asset information from QRadar’s common database, enabling a real-time view of an organization’s security exposure.  From a topology point of view you will be able to see the direct path to where you are exposed so you can locate and fix the issue as soon as possible. From an endpoint point of view, you will be able to see if a device is acting strangely, and if necessary, push a patch to resolve the issue. These alerts and scans are just 2 of the many abilities Qradar’s Vulnerability Manager will bring to your environment.

vulnerability manager lifecycle


  • Helps prevent security breaches by discovering and highlighting over 70,000 known dangerous default settings, mis-configurations, software features and vendor flaws.
  • Provides a consolidated vulnerability viewacross major vulnerability products and technologies.
  • Adds context to identify key vulnerabilitiesand reduce false positives.
  • Integrates with IBM QRadar Security Intelligence Platform for easy installation, faster time to value and reduced deployment cost.
  • Performs intelligent, customizable scheduled and event-driven scanning, asset discovery and asset profiling for 360-degree, enterprise-wide visibility to your network.

vulnerability managerInterested in some more detailed information? Click here or contact us at

Qradar V Flow

IBM QRadar VFlow collector takes a different approach to detecting new security threats. Without looking at vulnerability signatures or flow based data , it can identify malware, viruses and anomalies through behavior profiling. This information, when combined with network and security events, will enable a more advanced analysis of the overall security posture of your network. This profiling can also be done throughout your network traffic, including your applications, hosts and protocols. VFlow runs on a virtual server making it more convenient since it doesn’t require any additional hardware and it also supports VMware environments to help profile more than 1000 applications. IBM Qradar VFlow Collector paired with IBM Qradar SIEM provides threat detection, policy and regulatory compliance management, social media monitoring, advanced incident analysis and insight and continuous asset profiling.

By monitoring and analyzing your social media you will have the near real-time ability to detect malware, recognize vulnerability and monitor your team’s communications and usage patterns.


Benefits of IBM Security QRadar VFlow Collector paired with IBM Security QRadar SIEM:

  • Threat detection.IBM Security QRadar VFlow Collector uses deep packet inspection technology on application-level network flow data to detect new security threats without relying upon vulnerability signatures. You can identify malware, viruses and anomalies through behavior profiling throughout network traffic including applications, hosts and protocols.
  • Policy and regulatory compliance management. You can identify and correct out-of-policy behavior; applications running over nonstandard ports; users logging on to critical servers with clear-text user names and passwords; and the use of unencrypted protocols in sensitive areas of the network.
  • Social media monitoring. With IBM Security QRadar SIEM and IBM Security QRadar VFlow Collector, you can monitor and analyze activity on social media platforms and multimedia applications to detect potential threats to your network. Near real-time anomaly detection and content capture capabilities make it easier to detect malware, recognize vulnerabilities, and monitor your team’s social communications including their usage patterns.
  • Advanced incident analysis and insight. You can perform near real-time comparisons of application flow data with log events sent from security devices. The correlation between log and flow data can help identify serious threats that might otherwise go undiscovered.
  • Continuous asset profiling. Automatically identify and classify new assets found on your network, and discover which ports and services they are running. These profiling capabilities can alert you when new systems or services are added and configuration changes occur.


Overall, adding the IBM Qradar Vflow to Qradar’s Siem will provide you with more more detailed knowledge and information about applications, host and protocols as well as products used for collaboration and social media thanks to monitoring data flows on layer 7.

Qradar Risk Manager

The IBM Qradar Risk Manager is all about bringing intelligence to SIEM. Qradar’s SIEM can already gather event data from firewalls, routers, switches and other devices into a single dashboard and normalize their format. With Risk Manager added,  it will also give you the ability to bring configuration information into the system, as well as routing configuration information so you can build a topology of your network. Once you build the topology and Qradar’s Risk Manager starts analyzing it along with routing rules and firewall rules, you will then be able to compare firewalls and see things that we omitted, changed or added within the configurations. You’ll be able to look at an expanded version of your network, run simulations and most importantly, you’ll be able to identify “attack paths” to vulnerable machines, high risk assets and much more.

Here are some of Qradar’s Risk Manager’s Main Functions:

  • Analyzes firewall configurationsto help identify errors and remove ineffective rules.
  • Provides network topology and connection visualization tools to view current and potential network traffic patterns.
  • Correlates asset vulnerabilities with network configuration and traffic to identify active attack paths and high-risk assets.
  • Supports policy compliance monitoring of network traffic, topology and vulnerability exposures.

Check it out in more detail below


Questions? Comments? Email us!

QRadar QFlow Collector

When our customers are putting together their Qradar Security plan, many times they’ve asked,  “What’s the benefit is of adding Qradar’s QFlow Collector when I already have the event data being collected?” Being able to collect Flow and Event data (Siem and QFlow conmbined) not only gives you a better view as to what is happening on your network it also allows you to the view flow of events that are coming in. This greater visibility will allow you to better detect threats, meet policy and regulatory compliance requirements and minimize risks to mission critical data, services and assets.

With IBM QRadar Qflow and Siem combined you will be able to monitor and analyze activity on social media, and multimedia applications. You will have near real time anomaly detection and content capturing capabilities to make it easier to detect malware, recognize vulnerabilities and monitor your team’s social communications including their usage patterns.

There is also a lot more added value to your policy and regulatory compliance management. You will be able to identify and correct out of date policies and applications running over nonstandard ports as well as complete many other actionable tasks.  You will be able to automatically identify and classify new assets found on your network and discover which ports and services they are running. This will allow you the capability to be alerted when a new system or service is added or configuration changes occur.

Adding Q Flow Collector to your QRadar Security plan gives you greater visibility into network activity and will ultimately minimize risk. Check out the webcast below and full data sheet here.

IBM Qradar Log Manager

How many logs does your system create every day? How do you search and monitor each and every one? It’s impossible to do manually, but with IBM Security QRadar Log Manager, you can process large volumes of data from tons of different sources quickly and efficiently. QRadar Log Manager provides a solid, straightforward foundation for your team through a highly intuitive, centralized user interface. It comes with a default dashboard ready to go, or you can easily customize it to fit your exact needs.

Log Manager is very easy to install and use. You’ll be able to view and manage your events in no time at all. Your default dashboard will allow you to view your events in near real time, or search for specific ones that have already occurred. You can specify your search by picking a certain period of time, searching a log source, searching a source ip or by choosing many other search options. You can easily create rules as well to assist with your log processing. You can use some of the 2,000 prepopulated rules or create your own. You’ll be happy to know that creating rules are also a breeze since you won’t be needing a special language to do so, you just type what you want in plain English and VOILA! You can also customize your dashboard to meet your specific needs as well. Default dashboards are available by function and users can create and customize their own work spaces to monitor specific activities and drill down to a time series view for long-term trending of data. This makes it easier to identify anomalies or possible threats to the organization.

● Generate actionable IT forensics by aggregating and correlating a diverse set of logs and events

●Capture event data from security and network devices, servers, endpoints and applications within a federated repository with a single global view

●Easily perform forensics, application and network troubleshooting across normalized data for simplified searching

●Scale to support hundreds of thousands of events per second, per system

●Help exceed regulatory mandates with rich compliance-reporting capabilities

●Preserve investments by enabling the addition of integrated security information and event management (SIEM) technology

●IBM Security QRadar Log Manager can also help you meet compliance monitoring and reporting requirements.

IBM Security QRadar Log Manager:

  • Captures and processes large volumes of event data from thousands of sources in near real time to provide visibility into developing threats and helps meet continuous compliance-monitoring requirements.
  • Provides rich compliance-reporting capabilities to help meet or exceed regulatory requirements.
  • Scales to support hundreds of thousands of events per second within a single unified database in near real time.
  • Installs in Cloud environments to deliver log management functionality.
  • Offers high-availability and disaster-recovery options to help maintain uninterrupted log source data collection and storage.

Want to learn more about Qradar’s Log Manager? Check out IBM’s case study here !

As always if you have any questions or comments please feel free to email us at!

IBM’s QRadar Incident Forensics

So what do you do when you actually HAVE a security breach? It’s not one of those things that just might happen, businesses experiences multiple attacks each day – how do you handle these? How do you find out how they got into your system in the first place? How do you track their movements and prevent it from happening again? How LONG does it take your team to complete all these actions? With IBM’s Qradar Incident Forensics you will be able to quickly identify and stop network breaches before they cause real damage. Not only that, but this tool will also help reduce the time spent dealing with each incident.

IBM’s Qradar Incident Forensics is able to raw network data related to the each incident that occurs so that you and your team can form a greater understanding of the event ie: Figure out exactly what happened, when it happened, why it happened, and how to prevent a similar attach from happening in the future. Adding an intelligent analytics tool to your IT Security strategy will greatly reduce your team’s time spent manually looking through all the data. Freeing up their time and expertise to be used elsewhere.

Ever wonder exactly what’s behind a cyber attack? Click here to read IBM’s whitepaper to help you gain insight into what, when and how an enterprise security incident occurs.


Qradar’s SIEM (security information and event management) can help you reduce thousands of security events into a manageable list. It will consolidate your log source event data from thousands of endpoints and applications throughout your network into a common database and shared user interface.  Our networks are larger than and more complex than ever before , how big is your security team? How big would you like to be ? With QRadar’s SIEM you don’t need a 10 person team to get things done. With the consolidation and easy to use interface, you can monitor, detect, track and manage your environment all from your intuitive dashboard. This dashboard is shared across all QRadar family components which will help your IT personnel quickly identify and remediate network attacks by rank, ordering hundreds of alerts and patterns of anomalous activity into a drastically reduced number of offenses warranting further investigation.

QRadar SIEM has the ability to consolidate and store thousands of events across your network and then perform immediate correlation activities to distinguish the real threats from false positives.  This tool is

IBM Security QRadar SIEM:

  • Provides near real-time visibility for threat detection and prioritization, delivering surveillance throughout the entire IT infrastructure.
  • Reduces and prioritizes alerts to focus investigations on an actionable list of suspected incidents.
  • Enables more effective threat management while producing detailed data access and user activity reports.
  • Delivers security intelligence in cloud environments.
  • Produces detailed data access and user activity reports to help manage compliance.
  • Offers multi-tenancy and a master console to help Managed Service Providers provide security intelligence solutions in a cost-effective manner.

An amazing option along with Qradar SIEM is access to IBM’s X Force.
IBM X-Force Research and Development is one of the most renowned commercial security research and development teams in the world. These security professionals monitor and analyze issues from many different sources, including its database of more than 88,000 computer security vulnerabilities, its global web crawler with over 25 Billion cataloged web pages and urls, international spam collections and millions of malware collected daily. The X Force team helps customers stay ahead of emerging threats by updating them with the latest security risks, informing them how to protect themselves, and publishing their findings on their blog, quarterly report and also on the X Force Exchange. Check them out in more detail here:

Want to learn more? Click here and download 2015 Q4 X Force Threat Intelligence Quarterly report.