Q1 Labs this week plans to release the latest version of its flagship software as well as add-on software that the company says enables its security management tool to not only detect security issues but also prevent them.
Q1 Labs upgraded its QRadar 4.0 software to now accommodate snap-on software modules, such as QRadar-ICX, which stands for isolate, control and extinguish. The open architecture in QRadar lets customers easily install software modules on a mix-and-match basis, the company says.
QRadar consists of agents and a management console, which summarizes alerts based on pre-defined policies and correlates network events against metrics such as source and destination addresses. The console consolidates events that could represent threats, such as denials of service, worms or Web-based intrusions.
QRadar watches network traffic flows to establish a baseline of normal network behavior. Q1 agents running on servers passively monitor spanning ports on network switches and send data about anomalies to a classification engine, which sits on one or more servers. The classification engine compares the data with modeled behavior and identifies it as a possible internal threat, policy violation or external breach. Alerts are sent to the management console, from which network managers can take action.
The first available add-on, ICX, will work on top of QRadar to help IT managers by blocking external threats such as denial of service attacks and stopping rogue internal activity. The add-on can be customized to look for abnormal behavior specific to a customer's business. QRadar-ICX can be customized for advanced behavior enforcement in the most demanding enterprise environments, the company says.
"QRadar detects the issue and alerts staff and ICX in the meantime can take action to prevent the spread of a problem or the prevent it from getting on the network," says Brendan Hannigan, vice president of marketing for Q1 Labs. The company competes with the likes of Arbor Networks and Mazu Networks, which also offer anomaly-based detection products for security.
QRadar 4.0 is priced starting at about US$60,000 for a basic system, and is scalable. QRadar ICX is a snap-in module to the QRadar 4.0 priced starting at about US$20,000. Both products are slated to be generally available by the end of the month.