IBM® Security QRadar® QFlow Collector, combined with IBM Security QRadar SIEM and flow processors, provides Layer 7 application visibility and flow analysis to help you understand and respond to activities throughout your network. This combined solution gives you greater visibility into network activity to better detect threats, meet policy and regulatory compliance requirements, and minimize risks to mission-critical services, data and assets.

IBM Security QRadar QFlow Collector paired with IBM Security QRadar SIEM provides:

  • Threat detection. IBM Security QRadar QFlow Collector uses deep packet inspection technology on application-level network flow data to detect new security threats without relying upon vulnerability signatures. You can identify malware, viruses and anomalies through behavior profiling for all network traffic including applications, hosts and protocols.
  • Policy and regulatory compliance management. You can identify and correct out-of-policy behavior; applications running over nonstandard ports; users logging on to critical servers with clear-text user names and passwords; and the use of unencrypted protocols in sensitive areas of the network.
  • Social media monitoring. With IBM Security QRadar SIEM and IBM Security QRadar QFlow Collector, you can monitor and analyze activity on social media platforms and multimedia applications to detect potential threats to your network. Near real-time anomaly detection and content capture capabilities make it easier to detect malware, recognize vulnerabilities, and monitor your team’s social communications including their usage patterns.
  • Advanced incident analysis and insight. You can perform near real-time comparisons of application flow data with log events sent from security devices. The correlation between log and flow data can help identify serious threats that might otherwise go undiscovered.
  • Continuous asset profiling. Automatically identify and classify new assets found on your network, and discover which ports and services they are running. These profiling capabilities can alert you when new systems or services are added and configuration changes occur.