Features
Gain deep visibility into processes and applications running on your endpoints
Download the EDR Buyer's Guide Book a demo
Illustration for QRadar EDR process
IBM Security® QRadar® EDR features Pre-execution prevention

Reviews file source code prior to full execution and stops files from running if malicious code is detected.

 Nano operating system (NanoOS) and dual AI engines

Allows certain detection and autonomous operation capabilities even when endpoints are offline.

 Attack visibility

Detects and correlates alert information, including an attack’s root cause, risk assessment and MITRE ATT&CK framework.

 Threat hunting

Enables real-time, whole-infrastructure search for indicators of compromise (IOC), binaries and behaviors. Automated data mining facilitates the discovery of dormant threats.

 Forensics

Enables remote gathering of forensic information for an investigation, which helps support forensic analysis and reconstruction of an attacker’s activities.

 Threat insights

Helps analysts identify potential threats with metadata-based analysis to expedite triage. Enables detection and prevalence analysis of alert artifacts to discover new binaries as soon as they’re activated.

 Ransomware prevention

Analyzes file behaviors for detecting imminent attacks and can stop malicious processes from executing.

 Signature scanning

Uses heuristics and signature-based prevention.

 Custom playbook

Enables the creation of custom-built detection, response and remediation playbooks through automation.

 API access

Provides direct API access to the QRadar EDR engines, which is useful for automating workflows and integrating with external platforms.

 Cyber assistant

Enables an AI-powered alert management system that autonomously handles alerts. It can learn an analyst’s decision instantly after seeing a given alert only once.

 Behavioral detection

Uses near real-time, behavioral-based anomaly detection and response capabilities to help protect organizations from advanced malware attacks and threats.
On-premises specifications

Endpoints

Node Type x 3

CPU/Cores x3

Memory x3

Local disk x3

1,000/45 million events

Master/worker hybrid

8

24G

300GB

3,000/95 million events

Master/worker hybrid

12

48G

 

300GB

5,000/150 million events

Master/worker hybrid

24

64G

 

300GB

10,000/300 million events

Master

4

16GB

300GB

Worker

36

64GB

300GB

15,000/400 million events

Master

4

16GB

300GB

Worker

38

64GB

300GB

Suggested network
  • 1G networking for 90 million events per day or less
  • 10G for greater than 90 million events per day

Notes

Installation
  • Red Hat OpenShift Cluster Admin level access is required for installation
  • Red Hat OpenShift skills and VMWare licensing are required*
  • Licensing is managed through Audit Snapshots. Audit snapshots can be created in Kubernetes clusters and IBM License Metric Tool (ILMT)
  • For more information about installation options, see IBM Documentation
    *Additional options in development

Backups
  • Backup and restore are supported and documented
Integrations IBM Security® QRadar® SIEM

Integrate QRadar EDR with IBM Security® QRadar SIEM to enrich your SIEM logs with high-fidelity endpoint alerts and no impact to your EPS count.

 Learn how IBM Security® QRadar® SOAR

Integrate QRadar SOAR and QRadar EDR to escalate cases originating from users, endpoint devices and IT assets.

 Learn more
Take the next step

Schedule time to view a demo or get a quote from a QRadar EDR representative.

Book a demo Request a quote
Get QRadar EDR product support Join the discussion: IBM Security Community