QRadar Network Anomaly Detection

IBM Security QRadar Network Anomaly Detection enhances IBM intrusion prevention system (IPS) solutions by providing greater insight into network behavior and abnormal activity to better identify security threats. By correlating IPS alerts, vulnerabilities, network traffic and threat intelligence, IBM Security QRadar Network Anomaly Detection helps deliver a more complete, three-dimensional view of your organization’s network activity and security risks.

IBM Security QRadar Network Anomaly Detection:

QRadar 1701 Flow Processor

Extracting native flow information from the network infrastructure, or working in tandem with QFlow collectors, QRadar flow processors enable the collection, analysis and storage of a variety of flow formats including NetFlow, CFlow, JFlow, SFlow, VFlow and QFlow.

  • Scales to 600,000 flows per minute
  • Multiple 1701 flow processors can be deployed for scaling
  • The 1701 provides on-board 2TB of storage for detailed flow data analysis
  • Dual redundant power supplies (auto-sensing)
  • Embedded hardware RAID 10 for high availability and redundancy

Network Anomaly Detection Overview

Provides increased network visibility and threat detection

Delivers automated dashboards and reports

Provides automated asset profiling

Uses workflow management to track threats and support resolution