IBM QRadar VFlow collector takes a different approach to detecting new security threats. Without looking at vulnerability signatures or flow based data , it can identify malware, viruses and anomalies through behavior profiling. This information, when combined with network and security events, will enable a more advanced analysis of the overall security posture of your network. This profiling can also be done throughout your network traffic, including your applications, hosts and protocols. VFlow runs on a virtual server making it more convenient since it doesn’t require any additional hardware and it also supports VMware environments to help profile more than 1000 applications. IBM Qradar VFlow Collector paired with IBM Qradar SIEM provides threat detection, policy and regulatory compliance management, social media monitoring, advanced incident analysis and insight and continuous asset profiling.
By monitoring and analyzing your social media you will have the near real-time ability to detect malware, recognize vulnerability and monitor your team’s communications and usage patterns.
Benefits of IBM Security QRadar VFlow Collector paired with IBM Security QRadar SIEM:
- Threat detection.IBM Security QRadar VFlow Collector uses deep packet inspection technology on application-level network flow data to detect new security threats without relying upon vulnerability signatures. You can identify malware, viruses and anomalies through behavior profiling throughout network traffic including applications, hosts and protocols.
- Policy and regulatory compliance management. You can identify and correct out-of-policy behavior; applications running over nonstandard ports; users logging on to critical servers with clear-text user names and passwords; and the use of unencrypted protocols in sensitive areas of the network.
- Social media monitoring. With IBM Security QRadar SIEM and IBM Security QRadar VFlow Collector, you can monitor and analyze activity on social media platforms and multimedia applications to detect potential threats to your network. Near real-time anomaly detection and content capture capabilities make it easier to detect malware, recognize vulnerabilities, and monitor your team’s social communications including their usage patterns.
- Advanced incident analysis and insight. You can perform near real-time comparisons of application flow data with log events sent from security devices. The correlation between log and flow data can help identify serious threats that might otherwise go undiscovered.
- Continuous asset profiling. Automatically identify and classify new assets found on your network, and discover which ports and services they are running. These profiling capabilities can alert you when new systems or services are added and configuration changes occur.
Overall, adding the IBM Qradar Vflow to Qradar’s Siem will provide you with more more detailed knowledge and information about applications, host and protocols as well as products used for collaboration and social media thanks to monitoring data flows on layer 7.