The Tolly Group Verifies Q1 Labs' QRadar is 22X More Effective at Accurately Correlating Network and Security Data than Cisco Security MARS.Independent Tolly Group test shows QRadar excels in threat detection accuracy, data summarization sum·ma·rize intr. & tr.v. sum·ma·rized, sum·ma·riz·ing, sum·ma·riz·es To make a summary or make a summary of. sum and multi-vendor network flow and security event support WALTHAM, Mass. -- Q1 Labs, a leading network security management company, today announced that in an independent test conducted by The Tolly Group, one of the most influential testing validation firms in North America North America, third largest continent (1990 est. pop. 365,000,000), c.9,400,000 sq mi (24,346,000 sq km), the northern of the two continents of the Western Hemisphere. , QRadar 5.2 proved to be a superior alternative to Cisco Security MARS 4.2.1 for detecting, correlating, and responding to threats in converging network and security environments. In a single 24-hour period identical streams of millions of network flows and hundreds of thousands of security events were forwarded to each product. QRadar correlated and reduced that traffic down to 97 network offenses that needed operator investigation, MARS produced 2,119 network incidents. This amounts to 22 times more incidents that an operator of MARS must investigate and underscores QRadar's ability to reduce huge amounts of data into a few, actionable records. Cisco Security MARS demonstrated poor data reduction capabilities, forcing administrators to drill into thousands of network incidents in order to piece together network priorities. "QRadar rose to the challenge of providing broad multi-vendor surveillance capabilities, accurate analysis and detection of threats, as well as key network discovery and classification capabilities," said Kevin Tolly, president/CEO and founder of The Tolly Group. "The nature of customer network and security environments demands a dedication to multi-vendor support and best-of-breed analysis if these networks are to be self-defending." "These tests are not just about how QRadar is functionally different from MARS, but also how each product fundamentally addresses the evolving nature of customer's network and security infrastructures. The tests clearly demonstrate QRadar's ability to perform well in complex network security environments while our Fortune 500 wins prove our superiority when actually evaluated and compared," said Shaun McConnon, CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of Q1 Labs. "We encourage customers to examine these test results to determine if QRadar can provide greater visibility into their network behavior while accurately and effectively monitoring the millions of events their security devices generate." The testing was conducted from Monday, October 30 until Wednesday, November 1st. The full Tolly Group test report is available from the following URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. : http://www.q1labs.com/downloads.php Highlights of the Tolly Group Testing Follows: QRadar correlation and anomaly detection An approach to intrusion detection that establishes a baseline model of behavior for users and components in a computer system or network. Deviations from the baseline cause alerts that direct the attention of human operators to the anomalies. See IDS and anomaly. superior to MARS In every threat scenario the products were subjected to (Denial-of-Service, E-mail-borne worm, zero-day attack See zero-day exploit. ), QRadar successfully and swiftly detected the event - often correlating multiple incidents to develop a clear picture of what actually was occurring, while Cisco Security MARS was able to detect only some of the isolated incidents, and when it did, MARS failed to piece them together to show the big picture. Multivendor Support: QRadar excels, MARS lacking Tests revealed that QRadar excelled at supporting multiple flow types, as well as security products, from a wide variety of vendors. Cisco Security MARS was limited to NetFlow (NetFlow v.9 support is not yet available for MARS but is for QRadar) and a smaller set of security vendor products, many of which had out-of-date integrations (Juniper IDP support was limited to the 2.1 version which is three years old) or had out-of-date signature sets (MARS was unable to recognize and correlate a SourceFire signature that had been released on 09 August 2006). MARS requires manual tuning and discovery, QRadar does not Tests revealed that QRadar enables operators to discover and classify servers within a network. Once identified, QRadar auto-tunes by defining rules and false positive tuning rules. MARS requires very labor intensive Labor Intensive A process or industry that requires large amounts of human effort to produce goods. Notes: A good example is the hospitality industry (hotels, restaurants, etc), they are considered to be very people-oriented. See also: Capital Intensive, Trading Dollars server-by-server manual definition of the assets that it is supposed to protect. Tests also showed that QRadar offers auto-device recognition for products that send out security logs and network flows which is very helpful for customers who need to configure See configuration. (software) configure - A program by Richard Stallman to discover properties of the current platform and to set up make to compile and install gcc. Cygnus configure was a similar system developed by K. hundreds of products for monitoring. Each device that MARS monitors must be configured con·fig·ure tr.v. con·fig·ured, con·fig·ur·ing, con·fig·ures To design, arrange, set up, or shape with a view to specific applications or uses: manually. About The Tolly Group The Tolly Group, an independent testing and strategic consulting organization based in Boca Raton Boca Raton (bō`kə rətōn`), city (1990 pop. 61,492), Palm Beach co., SE Fla., on the Atlantic; inc. 1925. Boca Raton is a popular resort and retirement community that experienced significant industrial development in the 1970s and 80s. , FL., offers a full range of services designed to furnish both the vendor and end-user communities with authoritative and unbiased information. Additionally, The Tolly Group is recognized worldwide for its expertise in assessing leading-edge technologies. For more information on The Tolly Group's services, visit its Web site at www.Tolly.com, E-mail info@tolly.com, call (561) 391-5610, or fax (561) 391-5810. About QRadar QRadar goes beyond traditional security information/event management (SIEM SIEM Security Information and Event Management SIEM Sistema de Información Empresarial Mexicano (Mexican Enterprise Information System) SIEM Società Italiana per l'Educazione Musicale ) products or network behavior analysis (NBA NBA abbr. 1. National Basketball Association 2. National Boxing Association NBA (US) n abbr (= National Basketball Association) → Basketball-Dachverband (= ) products to create a command-and-control center that can monitor, analyze and remediate re·me·di·a·tion n. The act or process of correcting a fault or deficiency: remediation of a learning disability. re·me threats. QRadar combines, analyzes and manages an unequalled set of surveillance dataConetwork behavior, security events, vulnerability profiles and threat informationCoto empower enterprises to manage business operations Business operations are those activities involved in the running of a business for the purpose of producing value for the stakeholders. Compare business processes. The outcome of business operations is the harvesting of value from assets on their networks efficiently from a single console. More information about QRadar is available at: http://www.q1labs.com/products/prod_overview.html About Q1 Labs Commanding a unique position at the nexus of security and networking, Q1 Labs is redefining network security management. Q1 Labs' flagship product A primary product of a company, which is typically why the company was founded and/or what made it well known. For example, MS-DOS, Windows and the Microsoft Office suite have been flagship products of Microsoft. CorelDRAW is a flagship product of Corel Corporation. , QRadar, integrates previously disparate network and security functions into one solution. This convergence ties the impact of security threats directly to specific business assets and services, reduces acquisition and operation costs and increases accuracy. Q1 Labs' installed customer base ranges from government agencies and financial institutions to universities and healthcare providers. Please visit http://www.q1labs.com or call (781) 250-5800 for more information. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion