QRadar Network Detection and Response

IBM Security QRadar Network Detection and Response (NDR) provides network visibility and analytics to help you detect hidden threats in your network. Integrated with IBM QRadar SIEM and IBM QRadar Security Orchestration Automation and Response, it provides comprehensive detection and response across on-premises, cloud, and hybrid environments.

The QRadar NDR solution applies machine learning analytics to large amounts of network data, giving security analysts actionable insight into hidden threats. They can make informed triage and response decisions in a timely manner, making it easier to protect the network in the following ways:
  • Eliminating blind spots on the network where threat activity can go undetected.
  • Using advanced analytics to automatically detect suspicious behaviors and activity.
  • Responding quickly with automated response actions, playbooks, and case management.
  • Streamlining workflows with a unified solution that scales to meet the needs of the organization.

The solution includes multiple integrated technologies that you can use to tailor the detection and response capabilities in your QRadar environment. For more information, see Network Detection and Response (NDR) on the IBM website.

QRadar flows

QRadar flow data provides comprehensive network visibility by ingesting NetFlow, J-Flow, sFlow, and IPFIX traffic from devices across your network. Cloud-based flows that are packaged as logs, such as Amazon Web Services (AWS) VPC Flow logs, are converted to native flow records for analysis, enabling seamless visibility across on-premises and cloud environments.

QRadar Network Insights

QRadar Network Insights provides greater depth of visibility by using full packet streams to reconstruct and analyze network sessions in real time. By extracting vital metadata and application content, this telemetry extends the detection capabilities of QRadar NDR and provides deep insight into an attackers’ precise behavior.

QRadar Network Threat Analytics

QRadar Network Threat Analytics uses machine learning to continuously baseline your network environment and analyze network activity as it happens. By automatically identifying new or unusual behaviors that might otherwise go unnoticed, it enhances the detection capability of your QRadar environment and enables threat hunting across your networks.

QRadar DNS Analyzer

QRadar DNS Analyzer provides insight into your local DNS traffic. It identifies malicious activity and enables your security team to detect domain-generated algorithm (DGA), tunneling, or squatting domains that are being accessed from within your network.

QRadar Network Packet Capture

QRadar Network Packet Capture provides highly scalable full packet capture capabilities to store and retrieve packet data for in-depth investigations.

QRadar Incident Forensics

QRadar Incident Forensics facilitates post-incident investigation and response by reconstructing and analyzing full packet capture data. Together with QRadar Network Packet Capture, it complements the real-time network analysis and detection that is provided by QRadar Network Insights and QRadar Network Threat Analytics.