Q1 Labs Appliance Scales Security Incident Management

The new QRadar 3100 network security management appliance uses a distributed architecture to scale the performance of threat and log management and compliance monitoring.

Q1 Labs at the RSA conference on Feb. 5 hopes to be the Goldilocks of the network and security monitoring vendors with a new line of network security monitoring appliances.

The Waltham, Mass., company believes the new QRadar 3100 network security management appliance, along with two stackable expansion appliances, are just right for enterprises looking for the ease of deployment that appliances offer and the scalability of software-based offerings that are more complex to implement.

The QRadar 3100 along with the 1700 Flow Log Processor and 1600 Event Log Processor use a distributed architecture to scale the performance of threat and log management as well as compliance monitoring.

"The amount of events security products emit can be in the tens of thousands of events per second, and flows can get into the millions," said Chief Operating Officer Brendan Hannigan. "If a customer wants to grow their deployment, they can initially buy our base 3100 appliance, which can get information from flows and events, store it and perform analysis. Then to increase performance they can add our 1700 to boost the ability to process flows or they can add the 1600 [to boost] log processing," he added.

/zimages/1/28571.gifTo read more about Q1 Labs, click here.

The new appliances bring ease of deployment to a new level, according to an existing Q1 Labs customer, who asked not to be identified. "You dont need the ultra geek on site anymore to configure servers and mess with their application. Its all rolled up with their appliances," said the user.

The offerings combine event information from security devices as well as flow information from networking devices, including switches and routers from Cisco Systems, Juniper Networks 3Com and others. The devices aggregate and store the information and provide mechanisms for analyzing and viewing the data. Behavioral analysis is also applied to flow activity.

The Q1 Labs appliances also allow operators to initiate remediation against some 90 different networking devices, which can include blocking a particular entity from communicating, or quarantining a user.

The new distributed architecture in the appliances distributes processing in three tiers, including data collection, event storage and processing. The 3100 acts as a director to distribute the load across the expansion appliances.

Alone the QRadar 3100 provides storage, processing and analysis at 5,000 events per second and 200,000 flows per second. The 1700 Flow Log Processor appliances can be stacked to scale from between 200,000 to one million flows per second, and the 1600 Event Log Processors can be stacked to scale event log collection, processing and storage for between 5,000 to 250,000 events per second.

The appliances are available now and start at $39,000 for the 3100 and $99,000 for the 1600 and 1700.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.