Listen to an introduction to security intelligence
In this "chalk talk" video, Jose Bravo discusses the ability of QRadar to collect context from a variety of sources to prioritize detected security vulnerabilities.
Bravo discusses the concept of "flows" in SIEM systems. He discusses the limitations that most vendors' SIEM systems have because they only collect data from layers 2, 3, and 4 of the network stack. He discusses the QRadar QFlows, which add layer 7 information to the flow analysis. This data gives QRadar the ability to analyze flows from an application perspective.
He also discusses QRadar VFlows, which tap into the hypervisor-routed traffic in virtualization platforms.
Next, he discusses the QRadar asset management databases and its ability to automatically detect IT assets in the environment. Jose discusses QRadar's ability to monitor logins to add a user dimension to its analysis as well.
He then discusses QRadar integration with Guardium, mainframe SMF, IP reputation services, spam site reporting services, identity management systems, and vulnerability scanners.
Also, he talks about QRadar Risk Manager's ability to help prioritize discovered vulnerabilities and its integration with Trusteer to help detect potentially fraudulent activities.