First look: Q1 Labs Radar

Posted by Stephen Northcutt on October 20, 2009 – 6:19 pm
Filed under Vendor

Had a wonderful chat with John Burnham and Chris Poulin from Q1 Labs.  Their SIEM product certainly seems to be on par with the current generation. The earlier SIEMs were fairly brutal and required a lot of 3rd party (Professional services from the vendor or specialist consultant) help to bring online and maintain.  These days you expect to be up and running fast.

One of their design decisions was to create their own database.  That saves you a license fee with the big “O”.  They have a smaller rulebase than some vendors in the space, but assert the rules are well chosen.  At the end of the day the value of a SIEM is the reports that are actionable, not the number trees you kill creating reports no one reads.

Another one of the decisions they have made is to partner with other vendors. Examples include:

  • Enterasys
  • Juniper
  • Nortel

As well as channel partners.

I think this is important because you have to use a suite of tools and if you are running Juniper equipment as an example, a SIEM that is integrated with Juniper makes a lot of sense.   They say they are willing to put me in touch with a couple customers.  If you are running Q1 and are willing to leave a comment that would be awesome.

Permalink|Comments RSS Feed - Post a comment|Trackback URL.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word