Flowmon ADS is a next generation technology enabling the detection of advanced threats that bypass traditional security tools. It is equipped with powerful network behavior analysis intelligence that allows a way to extend SIEM (Security Information and Event Management) functions for the detection of both known and unknown threats in a computer network.
"Attackers often successfully hide their malicious activities. As a result, threats such as botnets, undesired applications or targeted APT attacks can be invisible for systems which send information to SIEM. Thanks to the integration of Flowmon ADS with IBM QRadar, network and security engineers are provided with an advanced solution delivering them dominance over modern cyber threats," says Petr Springl, Product Director at Flowmon Networks.
The rapid evolution of sophisticated threats requires agile changes in SIEM systems. The traditional analysis of data from the ‘logs’ is completed with information about network traffic behavior to fulfil the blank spaces. While IBM QRadar serves as a central ‘brain’ which collects and processes information from all devices in the enterprise network, Flowmon supplies QRadar with detailed insights into the network operations and automatically informs it about operation problems, anomalies and possible suspicious activities that usually precede successful breaches.
The joint solution is already used by customers in Europe and is a part of CyberKombat, an attack/defence experience training program designed to test and develop a security operations centre (SOC) teams’ response to an incident
"The cooperation of these globally renowned technologies results in a comprehensive solution protecting customers from advanced and modern attacks. The two-way native integration empowers customers to deploy the solution very quickly in a few steps resulting in ease of use when investigating incidents and without the need of operating many isolated security systems," adds Springl.
The native integration of Flowmon and IBM QRadar brings many benefits such as the quick resolution of incidents without demanding and expensive manual processes of investigation. If more information is necessary, the IBM QRadar environment menu makes it possible to access the Flowmon system directly and view details of the respective occurrences and records about the network operation. The integration with IBM QRadar is prepared in the form of an installation enabling a solution up and running in a few easy steps.