See our complete list of Top 10 SIEM Products.
Company description: QRadar launched its core security analytics product in 2005, and Q1 Labs was acquired by IBM in 2011. IBM has continued to invest in this product line.
Product description: The product includes ingestion and interpretation of logs (more than 400 support modules for ingesting data), connection to updated threat intelligence feeds, correlation and analytics, profiling; security alerts, data presentation and compliance. It utilizes automation to sense sources of security log data and discover new network flow traffic associated with new assets appearing on the network.
“Many organizations looking at log management and SIEM products are just trying to obtain some centralized visibility into what's going on within the network,” said Patrick Vandenberg, Program Director, IBM Security QRadar. “SIEM is part of a broader security intelligence platform that helps clients both detect risky behaviors and proactively address misconfigurations of firewalls, gateways, routers and switches.”
Markets and use cases: QRadar sees more traction in those that are most likely to have a wealth of valuable data that cybercriminals can exploit on an open marketplace. This includes financial, government and healthcare verticals, but also manufacturers possessing intellectual property, utilities supporting critical infrastructures, communications and transportation companies seeking to preserve business continuity, and retail establishments.
Metrics: QRadar employs a correlation rules engine and behavioral profiling technology to reduce up to billions of raw data points into a manageable list. Its federated database design prevents the network from being hammered with transfers of data or information that isn't associated with a current malicious activity investigation. There is said to be no hard limit of how much security data processing can be accomplished.
“QRadar can easily scale up to the largest enterprise deployments at millions of EPS and billions of events per day,” said Vandenberg.
Security qualifications: It complies with FIPS, CC, Payment Card Industry Data Security Standards (PCI DSS), NERC, GBLA, FISMA, Sarbanes-Oxley (SOx), GPG13, HIPPA, ISO 27001.
Intelligence: Correlation rules or search routines can detect known patterns of malicious behavior. Security teams fine-tune these defined rules for their environments. Real-time detection technology alerts the team when surprises or anomalies occur. In the past year, QRadar has seen the addition of user behavior analytics, real-time forensics or packet scanning technology, and the cognitive capabilities of IBM Watson to help diagnose attacks and breaches using petabytes of both structured and unstructured data.
Delivery: QRadar SIEM is available in cloud, on-premises hardware/software, or virtual machine appliances.
Agents: QRadar is capable of acquiring data through numerous mechanisms and can run fully agentless if necessary. However, it can also make use of agents if there are environmental conditions that mandate or benefit from their use.
Pricing: IBM QRadar (on-premises) starts at $10,400, including 12 months of support. IBM QRadar on Cloud (SaaS) starts at $800 U.S. per month, on annual term.