QRadar SIEM delivers the industry's only SIEM system solution that gives security professionals the visibility they need to protect their networks. QRadar's advanced SIEM technology protects IT assets from a growing landscape of advanced threats as well as meets current and emerging compliance mandates.
QRadar's Next-Generation SIEM is the most intelligent, integrated and automated SIEM system in the industry. What sets QRadar SIEM apart is its unrivaled platform architecture that delivers:
First-generation SIEM technology was designed to monitor traditional security telemetry and reduce the data collected to a subset of suspected security incidents through rules and data correlation. This traditional approach to a SIEM system delivers visibility into servers, hosts and security systems but lacks the ability to collect from all possible sources or efficiently distinguish between true threats and false alarms.
QRadar's Next-Generation SIEM provides value before, during and after an attack because it incorporates behavior and context. This means better security profiling, advanced detection and complete forensics.
First-generation SIEM solutions rely on bringing multiple products together and attempt to deploy them in as a single SIEM solution. The result is an segmented solution that is unnecessarily complex, difficult to manage and even harder to scale. More importantly, filtered and selective data correlation, log duplication, multiple UI's and non-unified reporting and searching limit your ability to truly protect your network.
Without automation you are dependent on your vendor to expend a large amount of time and effort simply configuring your solution for operation. This is even before they consider optimizing your solution in operation. Unlike first-generation SIEM solutions, QRadar's Next-Generation SIEM automates processes for customers from the discovery of log sources, to profiling applications and assets. Valuable out of the box content in the form of rules and building blocks is delivered with minimal customization required.
The 3100 is an enterprise-class network security management appliance that combines SIEM and Log Management and is well suited for organizations ranging from medium sized organizations to large, globally deployed entities. As the flagship of the QRadar family, QRadar 3100 serves as the base platform for geographically dispersed organizations or any organization that requires an integrated solution to monitor their global network with the efficiency of a single Web-based UI.
The 2100 combines the features and functionality of QRadar's powerful SIEM and Log Management and built in network activity monitoring technology in a single appliance. QRadar 2100 is ideal for deployments in smaller enterprises or departments.
The 1501 is an appliance for collecting events in remote locations for periodic forwarding to an Event Processor or an all-in-one appliance. No separate EPS license is required since log data must be forwarded for correlation, analysis and long term storage. Storage capacities are based on worst-case-scenarios for disconnected operations, and policies control forwarding activities.
The 1605 is an expansion appliance that is deployed in conjunction with QRadar 31XX. Designed to integrate seamlessly into Q1 Labs' Total Security Intelligence platform, QRadar 1605 can scale to support deployments from 2,500 to more than 20,000 events per second and can be upgraded with a simple license key.
The 1624 is an expansion appliance that is deployed in conjunction with QRadar Console 31XX. The 1624 Event Processor supports expanded storage, up to 16 Tb, for long term retention of log data and increased capacity for event processing up to 20,000 events per second.
The 1705 is an expansion appliance that is deployed in conjunction with QRadar Console 31XX. Designed to integrate seamlessly into Q1 Labs' Total Security Intelligence platform, the QRadar 1705 enables QRadar deployments to scale from 100,000 network flows (Layer 4 Netflows) per minute to 600,000 with license key upgrades. The appliance can also process Layer 7 QFlow network packet contents when teamed with a 12XX or 13XX QFlow Collector.
The 1724 is an expansion appliance that is deployed in conjunction with QRadar Console 31XX. Designed to integrate seamlessly into Q1 Labs' Total Security Intelligence platform, the QRadar 1724 enables QRadar deployments to scale from 100,000 network flows (Layer 4 Netflows) per minute to 1,200,000 with license key upgrades. The appliance can also process Layer 7 QFlow network packet contents when teamed with a 12XX or 13XX QFlow Collector.
The 1805 delivers a cost-effective solution for event and network activity processing across a distributed organization. This appliance is well suited for organizations looking to introduce event and network activity processing to remote or branch offices or larger highly distributed organizations that need to provide local event and flow collection in locations that do not have high levels of traffic or log rates.
With more data under surveillance and advanced analytic techniques than any security intelligence solution on the market, QRadar detects threats that others miss; providing unparalleled visibility into network and application activity that others cannot.
Uniquely correlating information from security logs, network flow analysis, the application layer, IAM solutions, user activity and asset-based vulnerability management and assessment in one, comprehensive solution.
Simple to deploy and manage, QRadar automates security and network device discovery as well as policy functions. QRadar's appliance-based architecture and embedded database removes the crushing complexity and costs that cripple the deployment and ongoing support of traditional SIEM and log management solutions.
Gartner SIEM Magic Quadrant Report
Get one now >>
The Business Case for a Next-Generation SIEM
Transforming SIEM to SOC 2.0
Learn more about Next-Generation SIEM
Why security intelligence from IBM?IBM Security solutions