QRadar Risk Manager

What is QRM

QRadar Risk Manager (QRM) is a separately installed appliance for monitoring device configurations, simulating changes to your network
environment, and prioritizing risks and vulnerabilities in your network.

QRadar Risk Manager is accessed by using the Risks tab on your IBM Security QRadar SIEM Console.

QRadar Risk Manager uses data that is collected by QRadar. For example, configuration data from firewalls, routers, switches, or intrusion prevention systems (IPSs), vulnerability feeds, and third-party security sources. Data sources enable QRadar Risk Manager to identify security, policy, and compliance risks in your network and estimate the probability of risk exploitation.

QRadar Risk Manager alerts you to discovered risks by displaying offenses on the Offenses tab. Risk data is analyzed and reported in the context of all other data that QRadar processes. In QRadar Risk Manager you can evaluate and manage risk at an acceptable level that is based on the risk tolerance in your company.

You can also use QRadar Risk Manager to query all network connections, compare device configurations, filter your network topology, and simulate the possible effects of updating device configurations.

You can use QRadar Risk Manager to define a set of policies (or questions) about your network and monitor the policies for changes. For example, if you want to deny unencrypted protocols in your DMZ from the Internet, you can define a policy monitor question to detect unencrypted protocols. Submitting the question returns a list of unencrypted protocols that are communicating from the internet to your DMZ and you can determine which unencrypted protocols are security risks.