QRadar Network Insights use cases
QRadar Network Insights provides in-depth visibility into network communications and application content to empower QRadar® Sense Analytics to detect threat activity. You can use QRadar Network Insights to detect and analyze malware, phishing, insider threats, lateral movement attacks, data exfiltration, and compliance gaps.
Malware detection and analysis
Malware frequently morphs to avoid detection. You can use QRadar Network Insights to detect malware based on file hashes and file activity, and observe and analyze artifacts such as:
- Names
- Properties
- Movement
- Suspicious content
Phishing email and campaign detection
Phishing can hide in plain sight by disguising its activity within the volumes of normal emails.
You can prepare for and react to malicious emails by using QRadar Network Insights to analyze:
- Sources
- Targets
- Subject
- Content
Insider threats
You can integrate QRadar Network Insights with
the User Behavior Analytics app to improve threat detection. Use the QRadar Network Insights analytics to recognize:
- High-risk users
- Potential targets of phishing
- Negative sentiment
- Suspicious behaviors
Lateral movement attack detection
QRadar Network Insights can trace anomalous communications:
- Reconnaissance
- Data transfers
- Rogue and malicious actors
Data exfiltration protection
Data can be exfiltrated through many methods. Use QRadar Network Insights to identify and track
suspicious files such as:
- DNS abnormalities
- Sensitive content
- Aberrant connections
- Aliases
Identify compliance gaps
QRadar Network Insights allows for continuous monitoring of enterprise, industry, and regulatory compliance.