The IBM Qradar Risk Manager is all about bringing intelligence to SIEM. Qradar’s SIEM can already gather event data from firewalls, routers, switches and other devices into a single dashboard and normalize their format. With Risk Manager added, it will also give you the ability to bring configuration information into the system, as well as routing configuration information so you can build a topology of your network. Once you build the topology and Qradar’s Risk Manager starts analyzing it along with routing rules and firewall rules, you will then be able to compare firewalls and see things that we omitted, changed or added within the configurations. You’ll be able to look at an expanded version of your network, run simulations and most importantly, you’ll be able to identify “attack paths” to vulnerable machines, high risk assets and much more.
Here are some of Qradar’s Risk Manager’s Main Functions:
- Analyzes firewall configurationsto help identify errors and remove ineffective rules.
- Provides network topology and connection visualization tools to view current and potential network traffic patterns.
- Correlates asset vulnerabilities with network configuration and traffic to identify active attack paths and high-risk assets.
- Supports policy compliance monitoring of network traffic, topology and vulnerability exposures.
Check it out in more detail below
Questions? Comments? Email us! firstname.lastname@example.org