Global Product Excellence Awards - Customer Trust 2006

 

Excellence in Network Security Management

 

Product: QRadar 5.0
Family: QRadar™
Vendor: Q1 Labs, Inc.

Product Description: QRadar,™ a network security management platform, is the first product to combine, analyze and manage an unequalled set of surveillance data—network behavior, security events, vulnerability assessment and threat information. It replaces traditional point products and layered architectures with a single command-and-control console. QRadar 5.0 automatically enables administrators to understand which events pose the greatest and most immediate threat to operations through a patented process called Judicial System Logic (JSL) that fuses network and security knowledge together in a single console.

Performance: QRadar is the most scaleable architecture in the market. Tise architecture allows the flexibility to support everything on one server for small to medium businesses or to be broken out into individual components for Service Providers or Large Enterprise deployments. 

Events Per Second: QRadar All in One Appliances support up 5000 EPS. Multiple event collectors can be distributed to support higher aggregate volumes of events.

Flow Volumes:  QRadar supports up to 400,000 flows per interval.  Multiple Flow Colleciton appliances can be distributed to support higher aggregate volumes of flows for larger enterprise or services providers.

Interfaces: Q1 provides a variety of QFlow appliances, ranging from 50MB throughput for the low end and Multi-Gigabit for the high end.  Interfaces supported on our appliances:

  • 10/100/1000baseT
  • 1000baseSX

QFlow can also be deployed as software, in which case it can support virtually any promiscuous network interface connection (ATM, Frame Relay T1/E1, DS3 etc).

In conjunction with supporting QFlow and other flow feeds we also support event feeds from the following devices:

Routers/Switches
  • Cisco, Router (IOS 11.x, 12.x)
  • Cisco, Catalyst Switches (IOS 11.x, 12.x)

Firewalls/VPN

  • Check Point, FireWall-1 (NG, FP1, FP2, FP3, R55)
  • Check Point, FireWall-1 / SiteManager

FDR

  • Packeteer (PacketShaper)

FP3

  • Cisco, IOS Firewall
  • Cisco, PIX Firewall
  • Linux, Iptables
  • NetScreen, Firewall (ScreenOS)
  • Nokia, Firewall
  • Nokia, IP Series

Intrusion Detection

  • Enterasys, Dragon
  • ISS, Proventia
  • Network Associates, McAfee Entercept
  • Open source, SNORT
  • SourceFire, Intrusion Sensor
  • Cisco IDS

Intrusion Prevention

  • NetScreen, IDP
  • Network Associates, McAfee Intrushield
  • Tipping Point, UnityOne

Host Logs

  • Microsoft, Windows (NT, 2000, XP, 2003 Hosts, MACS)
  • (NT, 2000, 2003)
  • Open source, Linux Login/Logout Log
  • Redhat, Linux
  • Sun, Solaris (BSM - Solaris Login/logout Log)

VA

  • nCircle (IP 360)
  • Nessus
  • NMAP

VPN

  • Check Point, VPN-1
  • Cisco, VPN 3000 Series Concentrator
  • Nortel, Contivity

Web Server

  • Apache, HTTP Server
  • Microsoft, IIS

Key Features & Benefits:

  • QRadar correlates security event information with NBA information, which creates ‘network context’ and provides the following solutions:
  • Anomaly Detection Capabilities : Detects day zero attacks or application policy violations that existing network and security devices cannot yet detect or are incorrectly configured/located to detect
  • Creation of Asset Profiles : QRadar builds and maintains asset profiles as IP addresses and hosts appear on a network. These real-time, passive profiles are augmented with third-party VA scans that are grouped and weighted by admins according to business importance. These profiles are key sources for prioritizing threats as they occur.
  • Application Layer Network Knowledge : QRadar collects, visualizes and stores application knowledge (including content capture) from the network (regardless of port). Ths is not only a valuable standalone NBA capability but also an important source of validation and forensics for managing security threats. Administrators can immediately datamine security events for important network information that took place at the same time. This network knowledge can also be automatically appended to threats as part of QRadar’s event processing.
  • Dynamic Weighting of Information by Severity, Credibility and Relevance : Instead of simply assigning event category severity to threats as they are received, QRadar’s analytics engine (the Judicial System Logic) dynamically builds offenses. These offenses grow or shrink in importance based on severity (reported attack versus the preparedness of the target), relevance (relative importance of the target asset versus all other assets in the network or segment) and credibility (how trusted/tuned/accurate the reporting source(s) are).
  • Remediation Directed Back to the Infrastructure : QRadar can send remediation actions to multi-vendor network and security infrastructures (Cisco, Juniper, Checkpoint, Enterasys) Network context recommends which remediation device is the most logical/appropriate device to take action.

Highlights: QRadar is particularly suited for organizations that require a simple, powerful
and consolidated way to manage network quickly, efficiently and for a reasonable investment.

End-Users:

  • Fortune 500 and medium-sized enterprises
  • Federal government agencies
  • State & local governments
  • Universities
  • Healthcare institutions

VOTE FOR THIS PRODUCT

Your vote here:

1    2    3    4    5   

All voters who request (by ticking in the form below) are eligible to receive a FREE copy of Product Excellence Award Winners (worth US$45) after the results are declared.

Product Excellence Guide

Please type your email correctly as the download link for the Guide will be sent by email.

RATING
VOTE by rating this product on a scale
of 1 to 5 where 5 is best and 1 is worst

Best
5 = BEST

VERY GOOD

4 = VERY GOOD

GOOD
3 = GOOD

SATISFACTORY
2 = SATISFACTORY

WORST

1 = WORST

OVERALL

    VOTE

RATING

 VOTE

PRODUCT
Now please fill in your details below and press the submit button to complete your vote.
VOTING GUIDELINES
1. You can vote only once for this product. If you vote more than once for the same product, our system will accept only the most recent vote from you. Only one vote per product will be accepted from you. After you have cast your vote for this product, you may vote for other products also.
2. You must fill the form completely at least once. After that you may use just your email address to vote for any other product. Our system will identify you through your email address.
3. We give the highest respect to voters privacy and confidentiality and do not sell or rent your addresses. Your contact details help us to validate each vote. Please vote in confidence. We use sophisticated monitoring system to identify and remove suspicious voting patterns.
4. Employees of security vendors, their PR agents and Silicon Valley Communications cannot vote.
5. Please feel free to email editors@infosecurityproductsguide.com if you have any questions.

  Pros of this product :
  Cons of this product :
  Recommend to others : Yes    No   
       
  Yes, I want to receive by email a FREE copy of Product Excellence Guide (worth US$45)
  Yes, I am already subscribed to Info Security Products Guide email newsletter
  Yes, I am a new user and would like to subscribe to your email newsletter
       
  Full Name :
  Company Name :
  Title :
  Address :
  City :
  State :
  Country :
  Telephone :
(with area & country code)
  Email Address :
  Re-enter Email Address :
       
  I am: Existing end-user Prospective Customer Other:
       
   
       
 

HOME |

ADVERTISE WITH US |

TELL US ABOUT YOURSELF |

UPDATED PRIVACY POLICY |

 CONTACT OUR EDITORS |

Copyright © 2006 Silicon Valley Communications - All rights reserved.