A SIEM Technology Breakthrough:

QRadar's Next-Generation SIEM is the most intelligent, integrated and automated SIEM system in the industry. What sets QRadar SIEM apart is its unrivaled platform architecture that delivers:

• Unified, turnkey deployments and more efficient administration and management
• Distributed correlation that allows for billions of logs and records to be monitored per day
• Single log archival capacity ensures seamless reporting and comprehensive searching within SIEM system 
• Centralized command and control reduces security management solution acquisition costs and improves IT efficiency
• Advanced threat and security incident detection that both reduces the number of false positives and detects threats that other solutions miss
• Compliance-centric workflow that enables the delivery of IT best practices that support compliance initiatives
• Distributed appliance architecture scales to provide log management in any enterprise network

Total intelligence and visibility:

First-generation SIEM technology was designed to monitor traditional security telemetry and reduce the data collected to a subset of suspected security incidents through rules and data correlation. This traditional approach to a SIEM system delivers visibility into servers, hosts and security systems but lacks the ability to collect from all possible sources or efficiently distinguish between true threats and false alarms. 

• As the only SIEM solution designed from the ground up to deliver the benefits of next-generation SIEM technology, QRadar SIEM dramatically expands visibility into network activity, virtual activity, user activity and application activity, giving network security professionals unprecedented intelligence into potential offense sources across their entire network.
• QRadar correlates log data from the security and network infrastructure in the context of network activity in order to detect incidents that other products miss and to accurately prioritize incidents.
• Total intelligence also includes being able to provide a full impact analysis before, during and after an attack. First generation SIEM technologies provide value when the attack is going on but they are limited in their ability to profile attackers and targets in advance of an incident for better prioritization and response. They are also extremely limited in their ability to provide full forensics in the wake of a detected incident.

QRadar's Next-Generation SIEM provides value before, during and after an attack because it incorporates behavior and context. This means better security profiling, advanced detection and complete forensics.

The integrated platform that delivers one-console security and unmatached scalability:

First-generation SIEM solutions rely on bringing multiple products together and attempt to deploy them in as a single SIEM solution. The result is an segmented solution that is unnecessarily complex, difficult to manage and even harder to scale. More importantly, filtered and selective data correlation, log duplication, multiple UI's and non-unified reporting and searching limit your ability to truly protect your network.

• QRadar's Next-Generation SIEM was designed from the ground up to work as complete integrated solution. Unlike other offerings on the market that require the integration of multiple, distinct products and interfaces, QRadar provides a solution that, no matter what the scale requirement, offers a common platform and UI for all security intelligence tasks from searching and filtering, to reporting and response and eliminates the false choice between intelligence or simplicity that you are forced to make with first generation SIEMs.

Automation that allows you to better monitor, analyze and act:

Without automation you are dependent on your vendor to expend a large amount of time and effort simply configuring your solution for operation. This is even before they consider optimizing your solution in operation. Unlike first-generation SIEM solutions, QRadar's Next-Generation SIEM automates processes for customers from the discovery of log sources, to profiling applications and assets. Valuable out of the box content in the form of rules and building blocks is delivered with minimal customization required.

• This content is also auto-updated on a weekly basis including content from third party intelligence sources. Thousands of out-of-the-box reports relevant to your specific roles, devices compliance regulations and vertical industry are also included. With QRadar SIEM, organizations are now better able to monitor, analyze and act with the most powerful auto-deployment, auto-prioritization, auto-reporting and efficient SIEM available.

QRadar 3100 Server Appliance:

The 3100 is an enterprise-class network security management appliance that combines SIEM and Log Management and is well suited for organizations ranging from medium sized organizations to large, globally deployed entities. As the flagship of the QRadar family, QRadar 3100 serves as the base platform for geographically dispersed organizations or any organization that requires an integrated solution to monitor their global network with the efficiency of a single Web-based UI.

QRadar 2100 All-In-One Appliance

The 2100 combines the features and functionality of QRadar's powerful SIEM and Log Management and built in network activity monitoring technology in a single appliance. QRadar 2100 is ideal for deployments in smaller enterprises or departments.

Distributed Architecture:

QRadar 1501 Event Processor:

The 1501 is an appliance for collecting events in remote locations for periodic forwarding to an Event Processor or an all-in-one appliance. No separate EPS license is required since log data must be forwarded for correlation, analysis and long term storage. Storage capacities are based on worst-case-scenarios for disconnected operations, and policies control forwarding activities.

QRadar 1605 Event Processor:

The 1605 is an expansion appliance that is deployed in conjunction with QRadar 31XX. Designed to integrate seamlessly into Q1 Labs' Total Security Intelligence platform, QRadar 1605 can scale to support deployments from 2,500 to more than 20,000 events per second and can be upgraded with a simple license key.

QRadar 1624 Event Processor:

The 1624 is an expansion appliance that is deployed in conjunction with QRadar Console 31XX. The 1624 Event Processor supports expanded storage, up to 16 Tb, for long term retention of log data and increased capacity for event processing up to 20,000 events per second.

QRadar 1705 Flow Processor:

The 1705 is an expansion appliance that is deployed in conjunction with QRadar Console 31XX. Designed to integrate seamlessly into Q1 Labs' Total Security Intelligence platform, the QRadar 1705 enables QRadar deployments to scale from 100,000 network flows (Layer 4 Netflows) per minute to 600,000 with license key upgrades. The appliance can also process Layer 7 QFlow network packet contents when teamed with a 12XX or 13XX QFlow Collector.

QRadar 1724 Flow Processor:

The 1724 is an expansion appliance that is deployed in conjunction with QRadar Console 31XX. Designed to integrate seamlessly into Q1 Labs' Total Security Intelligence platform, the QRadar 1724 enables QRadar deployments to scale from 100,000 network flows (Layer 4 Netflows) per minute to 1,200,000 with license key upgrades. The appliance can also process Layer 7 QFlow network packet contents when teamed with a 12XX or 13XX QFlow Collector.

QRadar 1805 Combined Event Flow Processor:

The 1805 delivers a cost-effective solution for event and network activity processing across a distributed organization. This appliance is well suited for organizations looking to introduce event and network activity processing to remote or branch offices or larger highly distributed organizations that need to provide local event and flow collection in locations that do not have high levels of traffic or log rates.