A SIEM in a class of its own: 

  Next Gen - SIEM                                                                                                                                                                                              Top                                                                                                                                                            

Total intelligence and visibility:

First-generation SIEMs were designed to monitor traditional security telemetry and reduce the data collected to a subset of suspected security incidents through rules and data correlation. This traditional approach to SIEM delivers visibility into servers, hosts and security systems but lacks the ability to collect from all possible sources or efficiently distinguish between true threats and false alarms. 

• As the only SIEM solution designed from the ground up to deliver the benefits of Next-generation SIEM, QRadar SIEM dramatically expands visibility into network activity, virtual activity, user activity and application activity, giving network security professionals unprecedented intelligence into potential offense sources across their entire network.
• QRadar correlates log data from the security and network infrastructure in the context of network activity in order to detect incidents that other products miss and to accurately prioritize incidents.
• Total intelligence also includes being able to provide a full impact analysis before, during and after an attack. First generation SIEM technologies provide value when the attack is going on but they are limited in their ability to profile attackers and targets in advance of an incident for better prioritization and response. They are also extremely limited in their ability to provide full forensics in the wake of a detected incident.

QRadar's Next-Generation SIEM provides value before, during and after an attack because it incorporates behavior and context. This means better security profiling, advanced detection and complete forensics.

  

---

The integrated platform that delivers one-console security and unmatached scalability:

First-generation SIEM solutions rely on bringing multiple products together and attempt to deploy them in as a single SIEM solution. The result is an segmented solution that is unnecessarily complex, difficult to manage and even harder to scale. More importantly, filtered and selective data correlation, log duplication, multiple UIs and non-unified reporting and searching limit your ability to truly protect your network.

• QRadars Next-Generation SIEM was designed from the ground up to work as complete integrated solution. Unlike other offerings on the market that require the integration of multiple, distinct products and interfaces, QRadar provides a solution that, no matter what the scale requirement, offers a common platform and UI for all security intelligence tasks from searching and filtering, to reporting and response and eliminates the false choice between intelligence or simplicity that you are forced to make with first generation SIEMs.

---

Automation that allows you to better monitor, analyze and act:

Without automation you are dependent on your vendor to expend a large amount of time and effort simply configuring your solution for operation. This is even before they consider optimizing your solution in operation. Unlike first-generation SIEM solutions, QRadar's Next-Generation SIEM automates processes for customers from the discovery of log sources, to profiling applications and assets. Valuable out of the box content in the form of rules and building blocks is delivered with minimal customization required.

• This content is also auto-updated on a weekly basis including content from third party intelligence sources. Thousands of out-of-the-box reports relevant to your specific roles, devices compliance regulations and vertical industry are also included. With QRadar SIEM, organizations are now better able to monitor, analyze and act with the most powerful auto-deployment, auto-prioritization, auto-reporting and efficient SIEM available.

 

Auto-discovery of log source Auto-discovery of applications Auto-discovery of assets Auto-grouping of assets Centralized log management

Auto-tuning Automated Config Audits Auto-detect threats Thousands of pre-defined rules Easy-to-use event filtering Advanced security analytics

Thousands of pre-defined reports Asset-based prioritization Auto-update of threats Auto-response Directed remediation

 Appliances                                                                                                                                                                                                Top

 QRadar 3100 Server Appliance:

The 3100 is an enterprise-class network security management appliance that combines SIEM and Log Management and is well suited for organizations ranging from medium sized organizations to large, globally deployed entities. As the flagship of the QRadar family, QRadar 3100 serves as the base platform for geographically dispersed organizations or any organization that requires an integrated solution to monitor their global network with the efficiency of a single Web-based UI.QRadar

2100 All-In-One Appliance

The 2100 combines the features and functionality of QRadar's powerful SIEM and Log Management and built in network activity monitoring technology in a single appliance. QRadar 2100 is ideal for deployments in smaller enterprises or departments. 

Distributed Architecture: 

QRadar 1601 Event Processor:

The 1601 is an expansion appliance that is deployed in conjunction with QRadar 3100. Designed to integrate seamlessly into Q1 Labs' Total Security Intelligence platform, QRadar 1601 can scale to support deployments from 2,500 to more than 10,000 events per second and can be upgraded with a simple license key.   

QRadar 1605 Event Processor:

The 1605 is an expansion appliance that is deployed in conjunction with QRadar 3100. The 1605 Event Processor supports expanded storage, up to 6Tb, for long term retention of log data and increased capacity for event processing up to 20,000 events per second.  

QRadar 1701 Flow Processor:

The 1701 is an expansion appliance that is deployed in conjunction with QRadar 3100. Designed to integrate seamlessly into Q1 Labs' Total Security Intelligence platform, the QRadar 1701 enables QRadar deployments to scale to process and store millions of network communications as second.

QRadar 1801 Combined Event Flow Processor:

The 1801 delivers a cost-effective solution for event and network actvity processing across a distributed organization. This appliance is well suited for organizations looking to introduce event and network actvity processing to remote or branch offices or larger highly distributed organizations that need to provide local event and flow collection in locations that do not have high levels of traffic or log rates.