Automated risk management for monitoring network device configurations and compliance. IBM® QRadar® Risk Manager monitors network topology, switch, router, firewall and Intrusion Prevention System (IPS) configurations and senses conditions that create security risks. It also simulates network attacks and models configuration changes to assess their security impact.
IBM QRadar Risk Manager integrates with IBM QRadar SIEM to obtain event, context and flow data. It correlates vulnerability data—including information from IBM QRadar Vulnerability Manager—with network topology and connection data to prioritize application vulnerabilities and intelligently manage and reduce risk. A policy engine automates compliance checks, enabling risk dashboards, and historical compliance reports.
IBM QRadar Risk Manager:
- Provides network topology and connection visualization tools to view current and potential network traffic patterns
- Correlates asset vulnerabilities with network configuration and traffic data to identify active attack paths and high-risk assets
- Simulates network threats, including the potential spread of an attack across the network
- Monitors network traffic to help improve compliance with policies
Analyzes firewall configurations
- Conducts detailed configuration audits to help increase consistency of firewall rules, including detection of shadowed rules and other configuration errors
- Performs rule change simulations and security impact analysis
- Supports policy compliance monitoring
- Allows active evaluation of multiple security policies using the automated policy monitor
- Supports audit requirements and policy compliance reporting
- Audits and alerts users to risky or out-of-compliance configurations by sensing changes over time
- Enables exceptions to trigger security incidents, log events and generate email notifications