Product Description: QRadar,™ a network security management platform, is the first product to combine, analyze and manage an unequalled set of surveillance data—network behavior, security events, vulnerability assessment and threat information. It replaces traditional point products and layered architectures with a single command-and-control console. QRadar 5.0 automatically enables administrators to understand which events pose the greatest and most immediate threat to operations through a patented process called Judicial System Logic (JSL) that fuses network and security knowledge together in a single console.
Performance: QRadar is the most scaleable architecture in the market. Tise architecture allows the flexibility to support everything on one server for small to medium businesses or to be broken out into individual components for Service Providers or Large Enterprise deployments.
Events Per Second: QRadar All in One Appliances support up 5000 EPS. Multiple event collectors can be distributed to support higher aggregate volumes of events.
Flow Volumes: QRadar supports up to 400,000 flows per interval. Multiple Flow Colleciton appliances can be distributed to support higher aggregate volumes of flows for larger enterprise or services providers.
Interfaces: Q1 provides a variety of QFlow appliances, ranging from 50MB throughput for the low end and Multi-Gigabit for the high end. Interfaces supported on our appliances:
10/100/1000baseT
1000baseSX
QFlow can also be deployed as software, in which case it can support virtually any promiscuous network interface connection (ATM, Frame Relay T1/E1, DS3 etc).
In conjunction with supporting QFlow and other flow feeds we also support event feeds from the following devices:
Routers/Switches
Cisco, Router (IOS 11.x, 12.x)
Cisco, Catalyst Switches (IOS 11.x, 12.x)
Firewalls/VPN
Check Point, FireWall-1 (NG, FP1, FP2, FP3, R55)
Check Point, FireWall-1 / SiteManager
FDR
Packeteer (PacketShaper)
FP3
Cisco, IOS Firewall
Cisco, PIX Firewall
Linux, Iptables
NetScreen, Firewall (ScreenOS)
Nokia, Firewall
Nokia, IP Series
Intrusion Detection
Enterasys, Dragon
ISS, Proventia
Network Associates, McAfee Entercept
Open source, SNORT
SourceFire, Intrusion Sensor
Cisco IDS
Intrusion Prevention
NetScreen, IDP
Network Associates, McAfee Intrushield
Tipping Point, UnityOne
Host Logs
Microsoft, Windows (NT, 2000, XP, 2003 Hosts, MACS)
(NT, 2000, 2003)
Open source, Linux Login/Logout Log
Redhat, Linux
Sun, Solaris (BSM - Solaris Login/logout Log)
VA
nCircle (IP 360)
Nessus
NMAP
VPN
Check Point, VPN-1
Cisco, VPN 3000 Series Concentrator
Nortel, Contivity
Web Server
Apache, HTTP Server
Microsoft, IIS
Key Features & Benefits:
QRadar correlates security event information with NBA information, which creates ‘network context’ and provides the following solutions:
Anomaly Detection Capabilities : Detects day zero attacks or application policy violations that existing network and security devices cannot yet detect or are incorrectly configured/located to detect
Creation of Asset Profiles : QRadar builds and maintains asset profiles as IP addresses and hosts appear on a network. These real-time, passive profiles are augmented with third-party VA scans that are grouped and weighted by admins according to business importance. These profiles are key sources for prioritizing threats as they occur.
Application Layer Network Knowledge : QRadar collects, visualizes and stores application knowledge (including content capture) from the network (regardless of port). Ths is not only a valuable standalone NBA capability but also an important source of validation and forensics for managing security threats. Administrators can immediately datamine security events for important network information that took place at the same time. This network knowledge can also be automatically appended to threats as part of QRadar’s event processing.
Dynamic Weighting of Information by Severity, Credibility and Relevance : Instead of simply assigning event category severity to threats as they are received, QRadar’s analytics engine (the Judicial System Logic) dynamically builds offenses. These offenses grow or shrink in importance based on severity (reported attack versus the preparedness of the target), relevance (relative importance of the target asset versus all other assets in the network or segment) and credibility (how trusted/tuned/accurate the reporting source(s) are).
Remediation Directed Back to the Infrastructure : QRadar can send remediation actions to multi-vendor network and security infrastructures (Cisco, Juniper, Checkpoint, Enterasys) Network context recommends which remediation device is the most logical/appropriate device to take action.
Highlights: QRadar is particularly suited for organizations that require a simple, powerful
and consolidated way to manage network quickly, efficiently and for a reasonable investment.
End-Users:
Fortune 500 and medium-sized enterprises
Federal government agencies
State & local governments
Universities
Healthcare institutions
Q1 Labs Inc. 1000 Winter Street, Suite 2950
Waltham, MA 02451 USA Tel: 1-781-250-5800
Pros
:
Cons
:
Recommend to others
:
Yes
No
Yes, I want to subscribe to email newsletters from Info Security Products Guide
Yes, I am an end-user and would like to be included in the voters list
Full Name
:
Company Name
:
Title
:
Address
:
City
:
State
:
Country
:
Telephone
:
(with area & country code)
Email Address
:
Renter Email Address
:
I am:
Existing end-user
Prospective Customer
Other:
