Beruflich Dokumente
Kultur Dokumente
Competitive Considerations
2012
2014 IBM
IBM Corp.
Corp.
Objectives
When you complete this unit, you can understand the following:
- Competitive Landscape & QRadar Position
Competitive Landscape
& QRadar Position
In analysts evaluations,
QRadar continues to
climb past other vendors
year on year, while others
falter and stagnate.
Source: Gartner Magic Quadrant for SIEM 2013, Gartner Critical Capabilities for SIEM 2011, 2012, 2013
IBM Software Group | Security Division
2014 IBM Corp.
Broadest set of
integrated capabilities
Log management (LM)
Next-gen SIEM
Vulnerability management
Application visibility
Risk management
Arbor Networks
Packets
Vulnerabilities
Configurations
Logs
Events
Lancope
RSA
Qualys
AlgoSec
FireMon
Solera Networks
Tenable
Network
Security
Rapid 7
Skybox
Security
LogLogic
HP ArcSight
Riverbed
Technology
RedSeal
Networks
Tufin
Splunk
McAfee
RSA
Network Forensics
Vulnerability Management
Risk Management
Log Manager
SIEM
IBM Software Group | Security Division
2014 IBM Corp.
Enterprise
IT GRC
IBM Security
Systems + QRM
McAfee
HP
RSA
OpenPages +
QRM
HP ESP
Compliance &
Risk
Management
RSA
Archer
Tufin
Red Seal
Tripwire
FireMon
Risk Policy
Assessment /
Analytics
QRM
Tufin
Secure
Track
Red Seal
Vulnerability
Advisor
Tripwire
Enterprise
FireMon
Risk
Analyzer
Device audit,
configuration and
optimization
QRM
Tufin
Secure
Track
Red Seal
Network
Advisor
TripWire
Enterprise
FireMon
Security
Manager
Network topology
modeling and
simulation
QRM
Tufin
Secure
Track
Red Seal
Network
Advisor
Correlation of
network flows with
vulnerability data
QRM
Overall TCO
QRM
FireMon
Security
Manager
FireMon
Security
Manager
Techies favourite
Strengths
Market leader
Hosted offering
Strengths
Hosted offering
Aggressive Price
ArcSight separate LM, SIEM & forensics offerings. Frequent splunk partnering. This
all means separate consoles/reporting/ rules engines. Drives complexity which
product analyzes which data?
QRadars common architecture yields unified console/reporting/analytics/workflow.
Simple, w/easy upgrade.
Performance/Scalability/Upgradeability
To migrate from 5 to 6.0 requires fork lift server replacement. ESM 6.0c (CORR)
scales better than 5, but they have limitations (e.g. biggest storage partition: them 8TB
. . . Us: Unlimited with appliance scale).
QRadar offers simple upgrade/migration, scales horizontally, and easily adds
EPS/retention capacity.
Ease of use
ArcSight focuses primarily on security event data. Minimal support for layer 7 flow
visibility/network data.
QRadar delivers flows . . . and network, asset, vulnerability, and threat intelligence data.
IBM Software Group | Security Division
2014 IBM Corp.
Price
Prospect should ask about TCO. Include purchase, install, maintenance and support
for dedicated hardware resources.
We know of examples where implementation and professional services cost 4 to 5
times QRadars estimate.
Limited functionality
RSAs Security Analytics (RSAs main strategic thrust vs. our Security Intelligence)
Users must be Security Data Scientists, manually hunting for meaningful info. Costly
even for large orgs.
This is where QRadar shines . . . Cite 2 billion log records per day
~25 offenses to
be investigated.
SIEM Alive or Dead?
RSA pushing the notion that SIEM is dead. Translation: we have failed in the SIEM
market and are asserting the new answer is to load data into Hadoop and do manual
investigation/drilling/pivoting.
QRadar is built on a well-architected SIEM base that delivers Security Intelligence,
deriving insights from its rules and from context and data pulled in from numerous data
sources (logs, vulnerability data, and much more)
IBM Software Group | Security Division
2014 IBM Corp.