Automated risk-based compliance:
QRadar's Risk Manager features an automated knowledge engine that simplifies the assessment of a wide spectrum of network security policies and compliance requirements.
- An automated knowledge engine that provides an intuitive user interface that integrates previously disparate indicators of risk, including configuration data, network activity data, network and security events and vulnerability scan results.
- A comprehensive out-of-the-box library of industry-specific policy templates helps assess risk across multiple regulatory mandates and network security best practices such as PCI, HIPAA, CoCo and ISO 27001, among many others. In addition, the templates are easily extended to align with an organization's internal network security policies.
Simplified multi-vendor configuration audits:
With QRadar Risk Manager, organizations can begin to introduce consistency across network and security configuration through automated configuration collection, analysis, and alerting. QRadar Risk Manager provides automated configuration audit across an organization's multi-vendor switches, routers, firewalls and IDS/IPS. Key configuration audit capabilities include:
- A unique ability to normalize multi-vendor device configuration, QRadar Risk Manager provides a detailed and intuitive assessment of how devices are configured, including defined firewall rules, security policy and network hierarchy and maintain a history of configuration changes, audit configuration rules on a device and compares this across devices.
- Centralized history of enterprise-wide configuration changes, Leveraging this feature users can easily audit configurations across a multi-vendor network with historical context. This powerful capability makes it easier to compare normalized device configurations from a single device or from different devices and is instrumental in building an enterprise-wide representation of a network's topology.
- Topology mapping that provides greater clarity of allowed and denied activity across the entire network which results in improved consistency of device configurations, reduced risk of mis-configurations and a better understanding of the impact of configuration changes.
Advanced security modeling and simulations:
QRadar Risk Manager's Advanced Modeling and Simulation feature leverages the broad array of risk indicators which helps network security professionals prioritize their most significant areas of risk. Key modeling and simulation features include
- The ability to quickly understand the risk impact of proposed changes to a network's configuration before the changes are implemented on the actual network, greatly minimizing the time to roll out new applications and services
- Analysis of VA scan results, in conjunction with active network topology profiling, provides a unique prioritization of the most vulnerable systems.
- Reporting that not only summarizes which assets have vulnerabilities but also exposes those assets that are vulnerable due to network configurations, resulting in improved operational efficiency and security.
Powerful network security visualization:
QRadar Risk Manager offers two network visualization tools that provide unique, risk-focused, graphical representations of the network's configurations. Both visualization tools offer network and security professionals a revolutionary investigative capacity by providing before, during and after vulnerability information. Key visualization features include:
- A comprehensive network topology tool that provides detailed views into how network traffic can or is traversing your network.
- A powerful Connection Monitor tool which provides fast and efficient investigation of network activity. Integrated network mappings add value by enabling network security professionals to assess when traffic can or is occurring to or from specific geographic regions or known high risk networks.
QRadar Risk Manager was designed to help organizations of any type or size efficiently enhance their security profiles and fulfill their compliance and reporting requirements including:
Vulnerability prioritization:
Network security professionals need the right tools to better assess which systems are most vulnerable to attack so that they can prioritize vulnerabilities and act. By delivering advanced analytics that integrate network topology and VA scan results, QRadar Risk Manager can assess not only what vulnerabilities a system has, but also which vulnerabilities can be compromised because of how the network is configured.
Policy Verification:
Centralized policy monitoring leverages the integration of vulnerability scan data with other risk indicators and delivers improved policy verification that is easy to visualize and act upon. QRadar Risk Manager automates policy monitoring and verification with intuitive tools that get the job done.
Risk Assessment:
QRadar Risk Manager is the first solution to successfully integrate risk management, configuration, SIEM, log management, VA scan results, and network behavior analysis to automate risk management functions in mission critical areas, including network and security configuration, policy, and compliance management - giving you the most complete, single console network security solution to determine what the level of risk across your network.