• E-mail
• Print
• Comment
• Font Size
• Digg
• del.icio.us
• Discuss article

The Tolly Group Verifies Q1 Labs' QRadar is 22X More Effective at Accurately Correlating Network and Security Data Than Cisco Security MARS

Posted on: Wednesday, 29 November 2006, 09:00 CST

Q1 Labs, a leading network security management company, today announced that in an independent test conducted by The Tolly Group, one of the most influential testing validation firms in North America, QRadar 5.2 proved to be a superior alternative to Cisco Security MARS 4.2.1 for detecting, correlating, and responding to threats in converging network and security environments.

In a single 24-hour period identical streams of millions of network flows and hundreds of thousands of security events were forwarded to each product. QRadar correlated and reduced that traffic down to 97 network offenses that needed operator investigation, MARS produced 2,119 network incidents. This amounts to 22 times more incidents that an operator of MARS must investigate and underscores QRadar's ability to reduce huge amounts of data into a few, actionable records. Cisco Security MARS demonstrated poor data reduction capabilities, forcing administrators to drill into thousands of network incidents in order to piece together network priorities.

"QRadar rose to the challenge of providing broad multi-vendor surveillance capabilities, accurate analysis and detection of threats, as well as key network discovery and classification capabilities," said Kevin Tolly, president/CEO and founder of The Tolly Group. "The nature of customer network and security environments demands a dedication to multi-vendor support and best-of-breed analysis if these networks are to be self-defending."

"These tests are not just about how QRadar is functionally different from MARS, but also how each product fundamentally addresses the evolving nature of customer's network and security infrastructures. The tests clearly demonstrate QRadar's ability to perform well in complex network security environments while our Fortune 500 wins prove our superiority when actually evaluated and compared," said Shaun McConnon, CEO of Q1 Labs. "We encourage customers to examine these test results to determine if QRadar can provide greater visibility into their network behavior while accurately and effectively monitoring the millions of events their security devices generate."

The testing was conducted from Monday, October 30 until Wednesday, November 1st. The full Tolly Group test report is available from the following URL: http://www.q1labs.com/downloads.php

Highlights of the Tolly Group Testing Follows:

QRadar correlation and anomaly detection superior to MARS

In every threat scenario the products were subjected to (Denial-of-Service, E-mail-borne worm, zero-day attack), QRadar successfully and swiftly detected the event -- often correlating multiple incidents to develop a clear picture of what actually was occurring, while Cisco Security MARS was able to detect only some of the isolated incidents, and when it did, MARS failed to piece them together to show the big picture.

Multivendor Support: QRadar excels, MARS lacking

Tests revealed that QRadar excelled at supporting multiple flow types, as well as security products, from a wide variety of vendors. Cisco Security MARS was limited to NetFlow (NetFlow v.9 support is not yet available for MARS but is for QRadar) and a smaller set of security vendor products, many of which had out-of-date integrations (Juniper IDP support was limited to the 2.1 version which is three years old) or had out-of-date signature sets (MARS was unable to recognize and correlate a SourceFire signature that had been released on 09 August 2006).

MARS requires manual tuning and discovery, QRadar does not

Tests revealed that QRadar enables operators to discover and classify servers within a network. Once identified, QRadar auto-tunes by defining rules and false positive tuning rules. MARS requires very labor intensive server-by-server manual definition of the assets that it is supposed to protect. Tests also showed that QRadar offers auto-device recognition for products that send out security logs and network flows which is very helpful for customers who need to configure hundreds of products for monitoring. Each device that MARS monitors must be configured manually.

About The Tolly Group

The Tolly Group, an independent testing and strategic consulting organization based in Boca Raton, FL., offers a full range of services designed to furnish both the vendor and end-user communities with authoritative and unbiased information. Additionally, The Tolly Group is recognized worldwide for its expertise in assessing leading-edge technologies. For more information on The Tolly Group's services, visit its Web site at www.Tolly.com, E-mail info@tolly.com, call (561) 391-5610, or fax (561) 391-5810.

About QRadar

QRadar goes beyond traditional security information/event management (SIEM) products or network behavior analysis (NBA) products to create a command-and-control center that can monitor, analyze and remediate threats. QRadar combines, analyzes and manages an unequalled set of surveillance data--network behavior, security events, vulnerability profiles and threat information--to empower enterprises to manage business operations on their networks efficiently from a single console. More information about QRadar is available at: http://www.q1labs.com/products/prod_overview.html

About Q1 Labs

Commanding a unique position at the nexus of security and networking, Q1 Labs is redefining network security management. Q1 Labs' flagship product, QRadar, integrates previously disparate network and security functions into one solution. This convergence ties the impact of security threats directly to specific business assets and services, reduces acquisition and operation costs and increases accuracy. Q1 Labs' installed customer base ranges from government agencies and financial institutions to universities and healthcare providers. Please visit http://www.q1labs.com or call (781) 250-5800 for more information.

Source: Business Wire

More News in this Category