Security Information and Event Management (SIEM) systems are considered to be a cornerstone of enterprise security with their ability to gather data from multiple sources and provide a holistic view of organisations’ health. Flowmon is a network traffic analysis solution that integrates with IBM Security QRadar to provide deep network visibility and behaviour analytics in order to help administrators to derive meaning from the data noise and respond to security incidents swiftly.
“A lot of customers integrate our solution with QRadar. The brand new app offers an exceptional user interface to streamline operations significantly,” comments Petr Špringl, Director of Products at Flowmon Networks. “With the addition of Flowmon network traffic analysis provided through deep integration, enterprises are now able to rapidly analyse and prioritise detected events directly in Qradar, without the need to switch between interfaces.”
Flowmon for QRadar part of collaborative development to stay ahead of evolving threats
QRadar’s centralized analytics collect and process information from all devices in the enterprise network, Flowmon feeds QRadar with detailed insights into the network traffic and automatically informs it about operation problems, anomalies and possible suspicious activities.
Fig 1: Investigation of security events in Flowmon QRadar App Dashboard
With the new app, Flowmon customers can easily link their solution to QRadar and benefit from:
Response to more diversified risk scenarios by adding system log sources (e.g. Authentication and ID management) to analysis.
Streamlined execution of enterprise policies with a high level of automation.
New views on flows and events directly in QRadar without the need to switch between two different interfaces.
The Flowmon solution creates a secure and transparent digital environment where people rule the network regardless of its complexity and nature. Using machine learning, heuristics and advanced analytics, it enables IT professionals to improve performance and reduce risk across on-premise, datacenter and cloud environments.
“We were looking for an advanced network traffic analysis solution that could be seamlessly integrated with IBM Security QRadar for security management. Flowmon proved to be the right choice, augmenting our existing data with network insights and high fidelity when detecting cyber threats. Integration of Flowmon and QRadar via the new app is the next step that creates an interactive workspace for SecOps team. Everything is done in QRadar directly which saves time on investigation and response when hunting threats infiltrating a network,” says Peter Magula, Head of IT Security Department at OTP Bank Slovakia, Member of KBC Group
Flowmon QRadar App Availability
The new Flowmon for QRadar App comes in two packages. The first is the application itself, which provides the Flowmon investigation workflow directly from the IBM QRadar interface. The second package includes the connector (DSM) and log correlation rule set for the received syslog data. Both packages are available as a free-of-charge extension through IBM Security App Exchange for Flowmon customers with valid Gold or Premium support.