IBM® Security QRadar® Log Manager is a high-performance system for collecting, analyzing, archiving and storing large volumes of network and security event logs. It analyzes data from network and security devices, servers and operating systems, applications, endpoints and more to provide near real-time visibility into developing threats. IBM Security QRadar Log Manager can also help you meet compliance monitoring and reporting requirements.
IBM Security QRadar Log Managers:
- Captures and processes large volumes of event data from thousands of sources in near real time to provide visibility into developing threats and helps meet continuous compliance-monitoring requirements.
- Provides rich compliance-reporting capabilities to help meet or exceed regulatory requirements.
- Scales to support hundreds of thousands of events per second within a single unified database in near real time.
- Installs in Cloud environments to deliver log management functionality.
Captures and processes large volumes of event data
- Collects data from a wide variety of network and security devices including routers and switches, firewalls, virtual private networks (VPNs), intrusion detection/prevention systems (IDS/IPS), antivirus applications, hosts and servers, databases, mail and web applications, custom devices, and proprietary applications.
- Analyzes and correlates diverse log data and events to provide actionable insight into compliance risks, potential attacks, inappropriate data access, insider threats and more.
- Uses the customizable dashboard for role-based access by function, and provides a full view of near real-time and historical log data, with extensive reporting for regulatory compliance and threat management.
- Provides a seamless migration path to the full IBM Security QRadar SIEM product, helping to ease the transition from security information management to true security intelligence.
Provides rich compliance-reporting capabilities
- Helps meet auditing and reporting requirements for compliance mandates, using extensive built-in correlation rules and reports, with automated alerting for near real-time policy enforcement.
- Supports requirements such as Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), North American Electric Reliability Corporation (NERC) and Federal Energy Regulatory Commission (FERC), Sarbanes–Oxley (SOX) and more.
- Exceeds Federal Information Security Management Act (FISMA) requirements for continuous monitoring to help government agencies develop risk-based IT security strategies.
Scales to support hundreds of thousands of events per second
- Employs architectural configurations ranging from an all-in-one hardware or software solution to enterprise deployments using a centralized console and any number of distributed event processor and event collector appliances.
- Delivers up to 16 terabytes of fault-tolerant storage per appliance for archiving event logs, with the ability to scale to up to hundreds of terabytes with a federated database architecture.
- Supports extensive log file integrity checks including NIST Log Management Standard SHA-x (1-256) hashing for tamper-proof log archives.
- Includes a customizable event-indexing capability that dramatically speeds up free-text searching.
- Allows user-defined data retention by time and type of data, and compresses older data to further extend event data retention capabilities.
Installs in Cloud environments to deliver log management functionality
- Provides SoftLayer cloud installation capability.
- Collects and manages logs in a cloud infrastructure from applications running both in the cloud and on premise.