Radar 6.0, a network anomaly detection and security event management (SEM) product, adds identity tracking to its feature set. By tying in user identities to other information, administrators can see who is on a particular host without having to manually correlate IP addresses with user logins. However, this is something of a catch-up feature, as other network anomaly detection and SEM products have had this capability for at least a year.
That said, QRadar is unique in the SEM market. In addition to processing events from other systems, it can monitor network traffic flows using direct packet analysis or flow records from routers and switches, including NetFlow, sFlow and jFlow.