The 9,000 students at the University of New Brunswick (UNB) in Fredericton, New Brunswick, Canada, have a high degree of freedom for how they use their computers at the school. For instance, students are able to choose any operating system they want to run, and plug their PCs into the campus network.

The campus IT administration sees its role as enabling academic pursuits on the campus network, and not to tightly police how those machines are used. Still, when there is a problem, such as when unusual network traffic threatens to bring down the network, or a malicious code attack breaks out and begins to spread, the network administrators need to be able to respond quickly.

"When we face problems, it would be nice to just tell what is running across the communications lines," says Peter Jacobs, manager of communications and networks for the university.

About five years ago, UNB was running homegrown tools to monitor network traffic, but they saw the requirement as being more than they were willing to handle. Chris Newton, an IT specialist working at UNB at the time, started developing a new technology to meet the challenge.

The software was presented at a technology commercialization event at UNB in October 2000, and there it caught the attention of Brain Flood, an entrepreneur interested in commercializing the technology. In February 2001, Flood and his partners founded Q1 Labs, a privately funded corporation headquartered in Delaware, with offices in New Brunswick and Waltham, Mass.

The QRadar anomaly detection product from Q1 Labs is the result. UNB is a customer and early test site, and a close ally for research and product testing, continuing to feed ideas and suggestions for enhancements into Q1 Labs.

"The Internet used to be friendly," Jacobs says. "But now it's an untamed land that is dangerous to be hanging out in. The QRadar product is like a giant magnifying glass on the network, helping us to understand what is happening."

The monitoring lets the administrators know when they might need to increase bandwidth, and when something might need to be turned off, such as a worm launching an attack, or a student launching a scan of the university network for some reason.