Network anomaly detection vendor Q1 Labs Inc. is getting into the security incident management game with the latest version of its QRadar product, QRadar 5.0.
The new release, set to be announced next week, adds features for collecting, correlating and analyzing data from vulnerability scanners, firewalls and IDS (intrusion detection system) sensors to existing QRadar network anomaly detection technology. The product gives administrators a detailed picture of network security events, said Q1 Labs officials.
QRadar can be deployed as an all-in-one appliance that collects and archives data feeds from different products and provides a management interface for the product. Multiple QRadar collector appliances can be deployed on large networks, with different boxes acting as dedicated collectors and a single QRadar Management Server used to manage the system.
Previous versions of QRadar could flag some events, such as alerts from Cisco Systems Inc. and Check Point Software Technologies Ltd. firewalls, and some security appliances. With Version 5.0, Q1 Labs has increased the number of security events that QRadar recognizes and introduced Judicial System Logic, a relational security engine that can tease specific threats out of correlated security events, vulnerability data and traffic flows, officials said.
For example, the product can flag the appearance of a new service on a machine that was the target of an earlier attack as evidence of compromise.
Asset profiles are combined with security event data to allow QRadar 5.0 to identify business assets that are at risk of or under attack and prioritize response and built-in remediation features.
At CTC Communications Corp., an integrated communications provider in Waltham, Mass., an earlier version of QRadar spotted anomalous behavior caused by a worm infection that was passing unnoticed through the corporate firewall, said Keith Cancel, manager of information systems and network security at CTC.
However, the new version of QRadar has limitations. It only supports feeds from a few products out of the box, such as the open-source Nessus vulnerability scanner and products from nCircle Network Security Inc.
Cancel is excited about the product and the new SIM (security incident management) features that come with Version 5.0, which CTC hasnt yet deployed. “Youre going to be able to get intelligence from diff devices and correlate that with network behavior and anomaly tracking—and thats where the gold is.”
QRadar 5.0 is available immediately and is priced starting at $29,000.
Check out eWEEK.coms for the latest news, views and analysis on servers, switches and networking protocols for the enterprise and small businesses.