IBM® Security QRadar® Risk Manager monitors network topology, switch, router, firewall and Intrusion Prevention System (IPS) configurations to reduce risk and increase compliance. It simulates network attacks and models configuration changes to assess their security impact.
IBM Security QRadar Risk Manager integrates with IBM Security QRadar SIEM to obtain event, context and flow data. It can correlate vulnerability data—including information from IBM Security QRadar Vulnerability Manager—with network topology and connection data to prioritize application vulnerabilities and intelligently manage and reduce risk. A policy engine automates compliance checks, enabling risk dashboards and historical compliance reports.
IBM Security QRadar Risk Manager:
- Analyzes firewall configurations to help identify errors and remove ineffective rules.
- Provides network topology and connection visualization tools to view current and potential network traffic patterns.
- Correlates asset vulnerabilities with network configuration and traffic to identify active attack paths and high-risk assets.
- Supports policy compliance monitoring of network traffic, topology and vulnerability exposures.
Analyzes firewall configurations
- Conducts detailed configuration audits to help improve consistency of firewall rules, including detection of shadowed rules and other configuration errors.
- Performs rule change simulations and security impact analysis.
- Audits and alerts users to risky or out-of-compliance configurations by comparing changes over time.
- Improves overall firewall performance by identifying unused or ineffective rules.
Provides network topology and connection visualization tools
- The Topology Viewer enables you to see network devices and relationships including subnets and links.
- The Connection Monitor provides detailed views into network activity—including the ability to search traffic patterns—to aid forensic and firewall change analyses.
Correlates asset vulnerabilities with network configuration and traffic
- Simulates network threats, including the potential spread of an attack across the network.
- Helps reduce risk and prioritize remediation activities.
Supports policy compliance monitoring
- Allows active evaluation of multiple security policies using the automated policy monitor.
- Correlates asset configuration and vulnerability data with log, event and network flow data to monitor network assets and devices.
- Supports audit requirements and policy compliance reporting.
- Enables exceptions to trigger security incidents, log events and generate email notifications.