Log management for protecting IT infrastructures and meeting compliance requirements. IBM® QRadar® Log Manager collects, analyzes, stores and reports on network security log events to help organizations protect themselves against threats, attacks and security breaches. At the heart of the system is the QRadar Sense Analytics engine for converting raw events from network and security devices, servers and operating systems, applications, endpoints and more into actionable, searchable intelligence data.

IBM QRadar Log Manager helps organizations meet compliance monitoring and reporting requirements and it can be seamlessly upgraded to QRadar SIEM for a higher level of threat protection.

IBM QRadar Log Manager:

  • Captures and processes event data from thousands of sources in real time, providing visibility to developing threats and helping to meet continuous monitoring requirements
  • Scales to support millions of events per second within a single unified database in real time
  • Provides rich compliance reporting capabilities to help meet or exceed regulatory requirements
  • Installs in cloud environments to deliver log management functionality
  • Offers high-availability and disaster-recovery options to help maintain uninterrupted log source data collection and storage

Captures and processes all security event data

  • Senses and collects data from a wide variety of network and security devices including routers and switches, firewalls, virtual private networks (VPNs), intrusion detection/prevention systems (IDS/IPS), antivirus applications, hosts and servers, databases, mail and web applications, custom devices, and proprietary applications
  • Analyzes and correlates diverse log data and events to provide actionable insight into compliance risks, potential attacks, inappropriate data access, insider threats and more
  • Uses a customizable dashboard for role-based access by function, and provides a full view of near real-time and historical log data, with extensive reporting for regulatory compliance and threat management
  • Provides a seamless migration path to the full IBM QRadar SIEM product, helping to ease the transition from security information management to true security intelligence

Provides rich compliance reporting capabilities

  • Helps meet auditing and reporting requirements for compliance mandates, using extensive built-in correlation rules and reports, with automated alerting for real-time policy enforcement
  • Supports requirements such as Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), North American Electric Reliability Corporation (NERC) and Federal Energy Regulatory Commission (FERC), Sarbanes–Oxley (SOX) and more
  • Exceeds Federal Information Security Management Act (FISMA) requirements for continuous monitoring to help government agencies develop risk-based IT security strategies

Scales to support millions of events per second

  • Employs architectural configurations ranging from an all-in-one hardware or software solution to enterprise deployments using a centralized console and any number of distributed event processor and event collector appliances
  • Includes a customizable event-indexing capability that dramatically speeds up free-text searching
  • Allows user-defined data retention by time and type of data, and compresses older data to further extend event data retention capabilities
  • Delivers fault-tolerant storage for archiving event logs, with the ability to scale to up to hundreds of terabytes with a federated database architecture
  • Supports extensive log file integrity checks including NIST Log Management Standard SHA-x (1-256) hashing for tamper-proof log archives

Installs in cloud environments

  • Provides SoftLayer cloud installation capability
  • Senses, collects and manages logs in a cloud infrastructure from applications running both in the cloud and on-premises

Offers high-availability and disaster-recovery options

  • IBM QRadar high-availability software lets you take advantage of automatic failover and full disk synchronization between systems, helping support continuous operations in the event of an appliance or server failure
  • Disaster-recovery appliances can help safeguard your log data by mirroring it to a secondary, identical and offsite backup system
  • Advanced plug-and-play appliances can be paired with any element of an IBM QRadar deployment, allowing you to add protection where and when you need it