QRadar Overview

Business Partner Enablement

2

Q1 Labs Corporate Overview

� Largest independent SIEM vendor, founded in 2001

� Corporate headquarters in Waltham, MA with development offices in New Brunswick, Canada, and Belfast, Ireland

� Privately held organization with approximately 250 employees

� Consistent market leader based on vision and ability to execute

� More than 1800 customers worldwide

� Customers across many different industries - including healthcare, energy, retail, financial, government, education, and communications

� Well established business and channel partners in North America and EMEA

Rep

resen

tati

ve

Cu

sto

mers

A global provider of high-value, next-generation SIEM, Log Management,

Network Activity Monitoring and Risk Management technologies - built on

the industry’s leading Security Intelligence platform

3

2011 Gartner SIEM Magic Quadrant (MQ)

4

Fully Integrated Security Intelligence

• Turnkey log management

• SME to Enterprise

• Upgradeable to enterprise SIEM

• Integrated log, threat, risk & compliance mgmt.

• Sophisticated event analytics

• Asset profiling and flow analytics

• Offense management and workflow

• Predictive threat modeling & simulation

• Scalable configuration monitoring and audit

• Advanced threat visualization and impact analysis

• Network analytics

• Behavior and anomaly detection

• Fully integrated with SIEM

• Layer 7 application monitoring

• Content capture

• Physical and virtual environments

SIEM

Log Management

Risk Management

Network Activity & Anomaly Detection

Network and Application

Visibility

5

One Console Security

• Integrated log, cyber

threat, risk and compliance

management

• Sophisticated event

analytics

• Asset profiling and flow

analytics

Threat Management

• Industry Leading Log

Management

• Out of the box

Compliance reports

• Upgradeable to

enterprise SIEM

Log Management

• Predictive threat modeling & simulation

• Real time policy monitoring

• Scalable configuration monitoring and

audit

• Advanced threat visualization and

impact analysis

SecurityRisk

Management

• Layer 7 application

monitoring

• Content capture

• Network Analysis

Network, User and

Application

Management

6

Solving Customer Challenges with Total Security Intelligence

7

Total Visibility: Product Portfolio, Services and Research

8

Intelligent:

Context & Correlation Drive Deepest Insight

9

#1 in Compliance, the leading driver for SIEM

Three primary use cases:1.) Compliance2.) Threat Mgmt3.) General Deployment (mix of both)

10

QRadar Dashboard – Summary Information

with drilldown capability

11

Offense Manger – Inbuilt Alert and

Incident Manager

The incident created automatically populates with additional relevant information such as physical and logical addresses thereby reducing the time required to remediate.

12

Correlation Rules – Inbuilt Rules will monitor

for key activities.

Correlation rules can be tuned and

thresholds adjusted as required

13

Log Activity – Examine activities across log

sources.

Filters/searches available to examine realtime and historical logs

Results are displayed in easy to understand format

Example: Failed Login to Database

14

Network Activity – Examine network behaviour for

policy/compliance breaches as well as threats

Various standards

reference the need to

monitor network services

e.g. PCI

15

Asset Profiles – Link between log, network,

user and vulnerability data

Shows logical,

physical network detail

as well as machine

name and current

logged-in user

16

Reporting – 100’s of inbuilt reports covering generic

as well as compliancy initiatives

17

Top Reasons Customers Choose Q1 Labs

1. Most intelligent, integrated and automated solution

2. Most sophisticated threat analytics and compliance automation

3. Rapid time to value, with low staffing requirements

4. Easily scales as deployments and security data grow

5. Established market leadership with excellent support

6. Easy to do business with, backed by best channel relationships

7. IBM’s unmatched security expertise and breadth of integrated capabilities

End