QRadar introduces high availability

Johannesburg, 22 Apr 2010

Q1 Labs' QRadar is a next-gen security information and event management (SIEM) solution that allows IT professionals to centralise separate network security management functions into a single, cohesive framework.

QRadar rolls log, threat and compliance management into one solution; it provides customers with unparalleled monitoring and auditing capabilities of traffic on layers 1 through 7, making it the most intelligent SIEM solution available today.

Murray Benadie, MD of Zenith Systems and vendors of Q1Labs products in South Africa, maintains that for a log management and SIEM solution to be totally effective and legally defensible, it must monitor and record all network activity and logs 100% of the time. Any downtime in log and network flow aggregation and analysis may have serious implications for compliance audits and the security posture of the organisation.

It is with this in mind that Q1Labs has now introduced QRadar 6.3.1, which introduces high availability (HA) functionality.

HA provides automatic failover and full disk replication between a primary and secondary host.

HA functionality provides the following capabilities:

* Heartbeat monitoring between the primary and secondary host. When the heartbeat monitoring detects that the primary host has failed, QRadar services automatically failover to the secondary host.
* Disk replication and shared storage solutions ensure availability of all data in the event of a failover. Disk replication synchronises all data, such as configuration, logs, flows, and reports from the primary host to the secondary host. In a shared storage solution, the primary and secondary host are configured to send data to the same external storage solution.
* A Cluster Virtual IP address is shared between the primary and the secondary host. The Cluster Virtual IP address allows data sources to continue sending logs to QRadar during a failover without needing to be reconfigured with a new IP address. This feature significantly reduces downtime in the event of a failover.

Benadie goes on to say: “With the ever increasing sophistication of IT security threats and the clear obligations of organisations to protect their IT assets, companies can no longer manage individual vertical components of their security architecture in isolation. Combining log management with network behaviour analysis and data from security verticals (eg, IPS/IDS, anti-virus, firewalls etc) in a real-time analysis and interpretation engine, SIEM is no longer a luxury, but a necessity.”

Zenith Systems (www.zenithsystems.co.za)

Zenith Systems is a provider of high-end security and software development services to many of South Africa's corporate and government institutions.

Q1Labs (www.q1labs.com)

Q1 Labs is a global provider of high-value, cost-effective network security management products. The growing company's flagship offering, QRadar SIEM, integrates previously disparate functions - including log management, network behaviour analytics, and security event management - into a total security intelligence solution. QRadar SIEM provides users with crucial visibility into what is occurring with their networks, data centres, and applications to better protect IT assets and meet regulatory requirements. Q1 Labs is headquartered in Waltham, Massachusetts, USA, and the company's customers include healthcare providers, energy firms, retail organisations, utility companies, financial institutions, government agencies, and universities, among others.

Visit Zenith Systems at the 5th Annual ITWeb Security Summit.

Taking place from 11 to 13 May 2010 at the Sandton Convention Centre, the 2010 ITWeb Security Summit brings together leading international and local security experts and industry innovators, as well as a blue-chip audience of IT and security professionals. Register at http://www.securitysummit.co.za.