IBM® QRadar® VFlow Collector, combined with IBM QRadar SIEM, provides Layer 7 application-layer visibility into virtual network traffic to help you understand and respond to activities in your network. This integrated solution, powered by the IBM Sense Analytics Engine™, supports VMware virtual environments to enable profiling of more than 1,000 applications, better detects threats, meets policy and regulatory compliance requirements, and minimizes risks to mission-critical services, data and assets. It runs on the virtual server and does not require additional hardware.

IBM QRadar VFlow Collector paired with IBM QRadar SIEM provides:

  • Threat detection. IBM QRadar VFlow Collector applies deep packet inspection technology to application-level network flow data to detect new security threats without relying upon vulnerability signatures. You can identify malware, viruses and anomalies through behavior profiling of network traffic including applications, hosts and protocols
  • Policy and regulatory compliance management. You can identify and correct out-of-policy behavior, applications running over nonstandard ports, users logging on to critical servers with clear-text user names and passwords, and the use of unencrypted protocols in sensitive areas of the network
  • Social media monitoring. With IBM QRadar SIEM and IBM QRadar VFlow Collector, you can monitor and analyze activity on social media platforms and multimedia applications to sense and detect potential threats to your network. Near real-time anomaly detection and content capture capabilities make it easier to detect malware, recognize vulnerabilities, and monitor your team’s social communications including their usage patterns
  • Advanced incident analysis and insight. You can perform near real-time comparisons of application flow data with log events sent from security devices. The correlation between log and flow data can help identify serious threats that might otherwise go undiscovered.
  • Continuous asset profiling. Automatically identify and classify new assets found on your network, and discover which ports and services they are running. These profiling capabilities can alert you when new systems or services are added and configuration changes occur