Since virtual servers are just as susceptible to security vulnerabilities as physical servers, organizations today now must define and implement appropriate precautionary measures to protect their applications and data that reside within the virtual data center. With the QRadar Virtual Activity Monitor (VFlow), IT professionals have increased visibility into the vast amount of business application activity appearing across their virtual networks. The QRadar Virtual Activity Monitor helps organizations better identify these applications for security monitoring, application-layer behavior analysis, and anomaly detection. The QRadar Virtual Activity Monitor also enables operators to capture application content for deeper security and policy forensics.
VFlow provides layer 7 visibility for VMware ESX and ESxi virtual environments; enables the profiling of over 1000 applications out-of-the-box
VFlow runs as virtual host software on the virtual server, not requiring additional hardware. VFlow can analyze port mirrored traffic for a physical network switch which helps bridge the gap between the physical and virtual realm
Provides network and application visibility in both existing and emerging virtual networks
VFlow Collectors are virtual appliances that connect to the virtual switch within a virtual host. VFlow collectors enable collection, classification and visibility within your virtual network and server infrastructure. Similar to QFlow collectors, the collected data from VFlow is leveraged for network activity monitoring as well as for correlation against log activity for superior detection of security threats.
Gartner SIEM Magic Quadrant Report
The Business Case for a Next-Generation SIEM
The Value of QRadar QFlow and QRadar VFlow for Security Intelligence
Transforming SIEM to SOC 2.0
Learn more about VFlow Technology
Why security intelligence from IBM?IBM Security solutions