detects anomalies, uncovers advanced threats and removes false positives. It consolidates log events and network flow data from thousands of devices, endpoints and applications distributed throughout a network. It then uses an advanced Sense Analytics engine to normalize and correlate this data and identifies security offenses requiring investigation. As an option, it can incorporate IBM X-Force® Threat Intelligence which supplies a list of potentially malicious IP addresses including malware hosts, spam sources and other threats. QRadar SIEM is available on premises and in a cloud environment.
Provide near real-time visibility
Capture log event and network flow data in near real time and apply advanced analytics to reveal security offenses.
Reduce and prioritize alerts
Focus security analyst investigations on a short, manageable list of suspected, high probability incidents.
Optimize threat detection
Sense and track significant security incidents and threats with supporting data and context for easier investigation. Create detailed data access and user activity reports.
Easily manage compliance
Comply with internal organizational policies and external regulations by offering many customizable reports and templates.