QRadar Virtual Activity Monitors
Since virtual servers are just as susceptible to security vulnerabilities as physical servers, organizations today now must define and implement appropriate precautionary measures to protect their applications and data that reside within the virtual data center. With the QRadar Virtual Activity Monitor (VFlow), IT professionals have increased visibility into the vast amount of business application activity appearing across their virtual networks. The QRadar Virtual Activity Monitor helps organizations better identify these applications for security monitoring, application-layer behavior analysis, and anomaly detection. The QRadar Virtual Activity Monitor also enables operators to capture application content for deeper security and policy forensics.
Improved visibility of industry leading virtual technology:
VFlow provides layer 7 visibility for VMware ESX and ESxi virtual environments; enables the profiling of over 1000 applications out-of-the-box
Cost effective application layer monitoring:
VFlow runs as virtual host software on the virtual server, not requiring additional hardware. VFlow can analyze port mirrored traffic for a physical network switch which helps bridge the gap between the physical and virtual realm
Efficient virtual network monitoring:
Provides network and application visibility in both existing and emerging virtual networks
A virtual solution that delivers advanced security intelligence with total application layer visibility:
VFlow Collectors are virtual appliances that connect to the virtual switch within a virtual host. VFlow collectors enable collection, classification and visibility within your virtual network and server infrastructure. Similar to QFlow collectors, the collected data from VFlow is leveraged for network activity monitoring as well as for correlation against log activity for superior detection of security threats.
- Requires VMware ESX 3.5 and ESXi 3.5
- Requires at least 512MB RAM
- Provides collection of up to 10,000 Flows per Minute (FPM)
- Provides collection of up to 4 virtual interfaces