DATASHEE T
Total Security Intelligence | An IBM Company
Q1Labs.comQ1Labs.com
DATASHEE T
The QRadar Security Intelligence Platform appliances are pre-configured, optimized systems that enable
high performance and rapid deployment using state-of-the-art hardware. They do not require expensive
external storage, third-party databases or ongoing database administration. Organizations use QRadar
appliances to achieve maximum benefit from their security intelligence deployments.
QRadar Log Manager Appliances
QRadar Log Manager Appliances deliver QRadar Log Manager for organizations of all sizes. They are ideal for
organizations that need simplified log management capabilities, with the ability to expand event processing
capacity in the future. They meet the needs of small and midsize organizations, as well as large businesses that are
geographically dispersed and require an enterprise-class scalable solution.
The QRadar appliance architecture offers an easy-to-deploy, scalable model through the use of distributed event
processor appliances. Add-on event processor appliances perform real-time collection, storage, indexing, correla-
tion and analysis of up to 20,000 events (logs) per second each.
The QRadar Log Manager All-in-One Appliance utilizes on-board event collection and correlation capabilities, and
is expandable with event processor appliances.
The QRadar Log Manager Console Appliance utilizes external event collection and correlation, allowing for dedi-
cated search processing, distributed correlation, reporting and central administration of a distributed log manage-
ment deployment. Organizations using a console appliance require at least one add-on event processor.
Common Features:
• Includes3TBor6.2TBofusableon-boardstorageforlong-termdataretention
• Supports750logsources(devices);expandabletotensofthousandsoflogsources
• Dualredundantpowersupplies(auto-sensing)
• EmbeddedhardwareRAID10or5forhighavailabilityandredundancyofOSandstorage
• Optiontodeployturnkey,integratedHAappliance
All-in-One Appliance Features:
• Includesallcapabilities(collection,storage,indexing,correlation,analysisandreporting)forcompre-
hensivelogmanagementinasingleturnkeyappliance
• Supportsupto5,000eventspersecond(fullycorrelated);expandabletotensofthousandsof
eventspersecondwithadd-on1601/1605EventProcessors
QRadar® Security Intelligence Platform appliances combine typically disparate network and security management capabilities into a single, comprehensive solution. Appliance versions are offered for QRadar Log Manager, QRadar SIEM, QRadar Risk Manager, QRadar QFlow and QRadar VFlow (a virtual appliance).
QRadar® Security Intelligence Platform Appliances
2
Total Security Intelligence | An IBM Company
Q1Labs.com
• Providesoneyearofeventstoragefortypicaldeployments*
Console Appliance Features:
• Providesglobalviewofalleventactivity,withfederatedglobalsearchingandcorrelation,andcentralizedmanagement,analysisandreporting
• Doesnotincludeeventprocessingon-board;requiresdeploymentof1601/1605EventProcessorAppliance(s),whichcansupporttensofthousandsof
events per second (fully correlated)
For more information about QRadar Log Manager software, please see the QRadar Log Manager data sheet.
QRadar SIEM Appliances
QRadar 2100 All-In-One Appliance TheQRadar2100All-In-OneAppliancedeliversQRadarSIEMinasingleapplianceforsmallandmedium-sizedorganizations.Itprovidesanintegratedsecuritysolu-
tion that is fast and easy to deploy. With its intuitive user interface, configuration is so simple that you can deploy a QRadar 2100 All-in-One Appliance and begin
protectingyournetworkinminutes.
TheQRadar2100All-in-OneApplianceincludesanembeddedversionofQRadarQFlowCollector,whichprovideslayer7collectionofnetworktrafficflowsand
deep application visibility for advanced threat detection and forensic capabilities. Additional distributed QFlow Collectors can also be used in conjunction with the
QRadar2100All-in-OneApplianceforevenbroadernetworkvisibility.
Features:
• Includesallcapabilities(collection,storage,indexing,correlation,offensemanagement,
analysisandreporting)forcomprehensiveSIEMinasingleturnkeyappliance
• Supports1,000eventspersecond
• Supportsupto50,000bi-directionalflowsperminute
• Includeson-board50MbpsQRadarQFlowCollector,withcollectionvia
passivetaporSPANports
• Supports750logsources(devices);expandabletotensofthousands
of log sources
• Includes1.5TBofusableon-boardstorageforlong-termdataretention
• Providesoneyearofeventandflowstoragefortypicaldeployments*
• SupportsFibreChannelforintegrationwithstorageareanetworks
• 10/100/1000BASE-Tconnectivityformonitoring
• 10/100/1000BASE-Tmanagement
• Dualredundantpowersupplies(auto-sensing)
• EmbeddedhardwareRAID10forhighavailabilityandredundancy
ofOSandstorage
• Optiontodeployturnkey,integratedHAappliance
QRadar 3100/3105 All-In-One and Console AppliancesQRadar3100/3105AppliancesdeliverQRadarSIEMfororganizationsofallsizes.Theyareidealforgrowingorganizationsthatwillneedadditionalnetworkactivity
and event monitoring capacity in the future. They are also the base platform for large businesses that are geographically dispersed and require an enterprise-class
scalable solution.
QRadar Security Intelligence Platform Appliances
QFlow Collection on Passive Tap
Firewall
IDS
2100
QRadar Web Console
Routers, Switches and Other Network Devices Exporting Flow Data
Routers Switches
Sample QRadar 2100 Deployment
3
Total Security Intelligence | An IBM Company
TheQRadar3100/3105All-in-OneApplianceutilizeson-boardeventandflowcollectionandcorrelationcapabilities,andisexpandablewitheventprocessor,flow
processor,andcombinedeventandflowprocessorappliances.ItcandirectlycollectNetFlow,J-Flow,sFlowandIPFIXdata,andutilizeexternalQRadarQFlow
Collectorsforlayer7networkanalysisandcontentcapture.ItcanalsouseQRadarVFlowCollectorsforlayer7analysisandcontentcapturewithinVMwarevirtual
environments.
TheQRadar3100/3105ConsoleApplianceutilizesexternaleventandflowcollectionandcorrelation,allowingfordedicatedsearchprocessing,distributedcorrela-
tion,offensemanagement,reportingandcentraladministrationofadistributedSIEMdeployment.TheconsoleappliancecanutilizeQRadarQFlowCollectorsfor
layer7networkanalysisandcontentcapture,anduseflowprocessorstoaggregateothernetworkactivitydata,suchasNetFlow,J-Flow,sFlowandIPFIX.Itcanalso
useQRadarVFlowCollectorsforlayer7analysisandcontentcapturewithinVMwarevirtualenvironments.Organizationsusingaconsoleappliancerequireatleast
oneadd-oneventprocessor,flowprocessor,orcombinedeventandflowprocessorappliance.
TheQRadarappliancearchitectureoffersaneasy-to-deploy,scalablemodelthroughtheuseofdistributedeventandflowprocessorappliances.Add-onproces-
sorappliancesperformreal-timecollection,storage,indexing,correlationandanalysisofupto20,000events(logs)persecondor600,000bi-directionalflowsper
minute each.
Common Features:
• Includes3TB(3100Appliance)or6.2TB(3105Appliance)ofusable
on-board storage for long-term data retention
• SupportsFibreChannelforintegrationwithstorageareanetworks
(3100Applianceonly)
• OptiontodeployQRadarQFlowandQRadarVFlowCollectorsin
conjunction,forLayer7networkactivitymonitoring
• Supports750logsources(devices);expandabletotensofthousands
of log sources
• Dualredundantpowersupplies(auto-sensing)
• EmbeddedhardwareRAID10(3100Appliance)orRAID5(3105Appliance)for
highavailabilityandredundancyofOSandstorage
• Optiontodeployturnkey,integratedHAappliance
All-in-One Appliance Features:
• Includesallcapabilities(collection,storage,indexing,correlation,offense
management,analysisandreporting)forcomprehensiveSIEMinasingle
turnkeyappliance
• Supportsupto5,000eventspersecond(fullycorrelated);expandabletotens
ofthousandsofeventspersecondwithadd-on1601/1605EventProcessors
• Supportsupto200,000bi-directionalflowsperminute(fullycorrelated);
expandabletomillionsofflowsperminutewithadd-on1701FlowProcessors
• Providesoneyearofeventandflowstoragefortypicaldeployments*
• Optiontodeploy1601/1605EventProcessor,1701FlowProcessor,and/or1801/1802CombinedEventandFlowProcessorAppliancesinconjunction
Console Appliance Features:
• Providesglobalviewofalleventandnetworkflowactivity,withfederatedglobalsearchingandcorrelation,andcentralizedoffensemanagement,
analysis and reporting
Q1Labs.com
QRadar Security Intelligence Platform Appliances
QFlow Collection on Passive Tap
Firewall
IDS
3105
QRadar Web Console
1201 1201
Routers, Switches and Other Network Devices Exporting Flow Data
Routers Switches
Sample QRadar 3105 Deployment
4
Total Security Intelligence | An IBM Company
Q1Labs.com
• Expandabletotensofthousandsofeventspersecond(fullycorrelated)withadd-on1601/1605EventProcessors,andtomillionsofflowsperminute
(fullycorrelated)withadd-on1701FlowProcessors;doesnotincludeeventorflowprocessingon-board
• Requiresdeploymentof1601/1605EventProcessor,1701FlowProcessor,and/or1801/1802CombinedEventandFlowProcessorAppliances
in conjunction
QRadar 3124 All-In-One and Console AppliancesQRadar3124AppliancesdeliverQRadarSIEMforlarge,distributedenterprises–suchasthoserunningsecurityandnetworkoperationscenters(SOCsandNOCs).
These appliances are ideal for customers requiring high capacity and global correlation.
TheQRadar3124All-in-OneApplianceutilizeson-boardeventandflowcollectionandcorrelationcapabilities,andisexpandablewitheventandflowprocessorap-
pliances.ItcandirectlycollectNetFlow,J-Flow,sFlowandIPFIXdata,andutilizeexternalQRadarQFlowCollectorsforlayer7networkanalysisandcontentcapture.
ItcanalsouseQRadarVFlowCollectorsforlayer7analysisandcontentcapturewithinVMwarevirtualenvironments.
TheQRadar3124ConsoleApplianceutilizesexternaleventandflowcollectionandcorrelation,allowingfordedicatedsearchprocessing,distributedcorrelation,
offensemanagement,reportingandcentraladministrationofadistributedSIEMdeployment.TheconsoleappliancecanutilizeQRadarQFlowCollectorsforlayer
7networkanalysisandcontentcapture,anduseflowprocessorstoaggregateothernetworkactivitydata,suchasNetFlow,J-Flow,sFlowandIPFIX.Itcanalsouse
QRadarVFlowCollectorsforlayer7analysisandcontentcapturewithinVMwarevirtualenvironments.Organizationsusingaconsoleappliancerequireatleastone
add-oneventorflowprocessorappliance.
TheQRadarappliancearchitectureoffersaneasy-to-deploy,scalablemodelthroughtheuseofdistributedeventandflowprocessorappliances.Add-onprocessor
appliancesperformreal-timecollection,storage,indexingcorrelationandanalysisofupto20,000events(logs)persecondor1.2millionbi-directionalflowsper
minute each.
Common Features:
• Includesallcapabilities(collection,storage,indexing,correlation,offensemanagement,analysis
andreporting)forcomprehensiveSIEMinasingleturnkeyappliance
• Includes16TBofusableon-boardstorageforvery-long-termdataretention
• OptiontodeployQRadarQFlowandQRadarVFlowCollectorsinconjunction,forlayer7network
activity monitoring
• Supports750logsources(devices);expandabletotensofthousands
of log sources
• Dualredundantpowersupplies(auto-sensing)
• EmbeddedhardwareRAID5forhighavailabilityandredundancy
ofOSandstorage
• Optiontodeployturnkey,integratedHAappliance
All-in-One Appliance Features:
• Includesallcapabilities(collection,storage,indexing,correlation,offensemanagement,
analysisandreporting)forcomprehensiveSIEMinasingleturnkeyappliance
• Supportsupto5,000eventspersecond(fullycorrelated);expandabletotensof
thousandsofeventspersecondwithadd-on1624EventProcessors
• Supportsupto200,000bi-directionalflowsperminute(fullycorrelated);expandable
tomillionsofflowsperminutewithadd-on1724FlowProcessors
• Providesthreeyearsofeventandflowstoragefortypicaldeployments*
QRadar Security Intelligence Platform Appliances
3124
QRadar Web Console
Security Devices Exporting Logs
FirewallIDS
Routers, Switches and Other Network Devices Exporting Flow Data
1201 1624
1724
Routers Switches
Sample QRadar 3124 Distributed Deployment
Q1Labs.com 5
Total Security Intelligence | An IBM Company
• Optiontodeploy1624EventProcessorand/or1724FlowProcessorAppliances
in conjunction
Console Appliance Features:
• Providesglobalviewofalleventandnetworkflowactivity,withfederatedglobalsearchingandcor-
relation, and centralized offense management, analysis and reporting
• Expandabletotensofthousandsofeventspersecond(fullycorrelated)withadd-on1624Event
Processors,andtomillionsofflowsperminute(fullycorrelated)withadd-on1724FlowProcessors;
doesnotincludeeventorflowprocessingon-board
• Requiresdeploymentof1624EventProcessorand/or1724FlowProcessor
Appliances in conjunction
QRadar Risk Manager Appliance Packages
QRadar Risk Manager Add-On and Stand-Alone Appliance PackagesQRadarRiskManagerAppliancePackagesdeliverQRadarRiskManagerfororganizationsofallsizes.QRadarRiskManagerextendsQRadarSIEM,providingmulti-
vendorconfigurationaudit,risk/compliancepolicyassessment,continuousmonitoring,andadvancedthreatsimulation.
QRadarRiskManagercanbedeployedasanadd-ontoanexistingQRadarSIEMappliance(2100,3100,3105or3124)orasastand-alonepackage.
CommonPackageFeatures:
•IncludesQRadarRiskManagerAppliance:
• Includesallcapabilitiesfornetworkriskmanagement(automatedconfigurationmonitoring,networkmodelingandsimulation,andintelligentvulner-
abilityprioritization),inaturnkeyappliance
• Supportsupto50configurationsources(anysupportednetworkorsecuritydevice);expandabletothousandsofconfigurationsources
• Includes5.5TBofusableon-boardstorageforlong-termdataretention
• Dualredundantpowersupplies(auto-sensing)
• EmbeddedhardwareRAID5forhighavailabilityandredundancyofOSandstorage
Add-OnAppliancePackageFeatures:
• ComplementsandeasilyintegrateswithanexistingQRadarSIEMdeployment
• Includesoneserver,aQRadarRiskManagerAppliance(describedabove)
Stand-AloneAppliancePackageFeatures:
•Includestwoservers,aQRadarRiskManagerAppliance(describedabove)andaQRadarSIEMAppliance
•QRadarSIEMApplianceincludes:
• 3TBofusableon-boardstorageforlong-termdataretention
• Providestwoyearsofeventandflowstoragefortypicaldeployments*
• Supportforupto1,000eventspersecond(fullycorrelated);expandabletotensofthousandsofeventspersecondwithQRadarRiskManagerupgrade
andadd-on1601/1605EventProcessors
• Supportforupto25,000bi-directionalflowsperminute(fullycorrelated);expandabletomillionsofflowsperminutewithQRadarRiskManager
upgradeandadd-on1701FlowProcessors
• Supportforupto375logsources(devices);expandabletotensofthousandsoflogsourceswithQRadarRiskManagerupgradeandadd-on
1601/1605EventProcessors
QRadar Security Intelligence Platform Appliances
Risk Manager
Q1Labs.com 6
Total Security Intelligence | An IBM Company
QRadar Security Intelligence Platform Appliances
Complementary Modules
Event Processor AppliancesEventprocessorsprovidescalableeventcollectionandcorrelationfororganizationsofallsizes.TheysupportQRadarSIEM,QRadarLogManagerandQRadarRisk
Manager deployments.
QRadar 1601, 1605 and 1624 Event Processor Appliances
TheQRadar1601,1605and1624EventProcessorsareexpansionappliancesthatcanbedeployedinconjunctionwithQRadarLogManagerandQRadar
3100/3105/3124Appliances.Theyofferturnkeycollection,storage,indexingandreal-timecorrelationoflogdataandcanbedeployedinadistributedmannerthat
supports the largest deployments in the world.
Common Features:
• EventProcessorscanbedeployedinadistributedfashion,tosupportmassivescaling
• Dualredundantpowersupplies(auto-sensing)
• Optiontodeployturnkey,integratedHAappliance
1601Features:
• Supportsupto10,000eventspersecond(fullycorrelated)perappliance;canserveascomponentofdistributedsolutionexpandabletotensof
thousands of events per second
• Includes3TBofusableon-boardstorageforlong-termdataretention
• Providesoneyearofeventstoragefortypicaldeployments*
• SupportsFibreChannelforintegrationwithstorageareanetworks
• EmbeddedhardwareRAID10forhighavailabilityandredundancyofOSandstorage
1605Features:
• Supportsupto20,000eventspersecond(fullycorrelated)perappliance;canserveascomponentofdistributedsolutionexpandabletotensof
thousands of events per second
• Includes6.2TBofusableon-boardstorageforlong-termdataretention
• Providesoneyearofeventstoragefortypicaldeployments*
• EmbeddedhardwareRAID5forhighavailabilityandredundancyofOSandstorage
1624Features:
• Supportsupto20,000eventspersecond(fullycorrelated)perappliance;canserveascomponentofdistributedsolutionexpandabletotensof
thousands of events per second
• Includes16TBofusableon-boardstorageforvery-long-termdataretention
• Providesthreeyearsofeventstoragefortypicaldeployments*
• EmbeddedhardwareRAID5forhighavailabilityandredundancyofOSandstorage
Flow Processor AppliancesFlowprocessorsprovidescalableflowcollectionandcorrelationfororganizationsofallsizes.TheysupportQRadarSIEMandQRadarRiskManagerdeployments.
Q1Labs.com 7
Total Security Intelligence | An IBM Company
QRadar Security Intelligence Platform Appliances
QRadar 1701 and 1724 Flow Processor Appliances
QRadarFlowProcessorsenablethecollection,storageandanalysisofnetworkflowdatainavarietyofformatsincludingNetFlow,J-Flow,sFlow,QFlowand
VFlow.Theycanextractnativeflowinformationfromthenetworkinfrastructure,orprocesslayer7networkdataprovidedbyQRadarQFlowCollectors.The
QRadar1701and1724FlowProcessorsareexpansionappliancesdeployedinconjunctionwithQRadar3100/3105/3124Appliances.Theyofferturnkey
collection,storage,indexingandreal-timecorrelationofflowdataandcanbedeployedinadistributedmannerthatsupportsthelargestdeployments
in the world.
Common Features:
• FlowProcessorscanbedeployedinadistributedfashion,tosupportmassivescaling
• Dualredundantpowersupplies(auto-sensing)
• Optiontodeployturnkey,integratedHAappliance
1701Features:
• Supportsupto600,000bi-directionalflowsperminute(fullycorrelated)perappliance;canserveas
componentofdistributedsolutionexpandabletomillionsofflowsperminute
• Includes3TBofusableon-boardstorageforlong-termdataretention
• Providesoneyearofflowstoragefortypicaldeployments*
• SupportsFibreChannelforintegrationwithstorageareanetworks
• EmbeddedhardwareRAID10forhighavailabilityandredundancyofOSandstorage
1724Features:
• Supportsupto1.2millionbi-directionalflowsperminute(fullycorrelated)perappliance;
canserveascomponentofdistributedsolutionexpandabletomillionsofflowsperminute
• Includes16TBofusableon-boardstorageforvery-long-termdataretention
• Providesthreeyearsofflowstoragefortypicaldeployments*
• EmbeddedhardwareRAID5forhighavailabilityandredundancyofOSandstorage
Combined Event and Flow Processor AppliancesCombinedeventandflowprocessorappliancesprovidescalableeventlogandflowcollectionandcorrelationinoneconsolidatedsystem.Theysupport
QRadarSIEMandQRadarRiskManagerdeployments.
QRadar 1801 and 1802 Combined Event and Flow Processor Appliances
TheQRadar1801and1802CombinedEventandFlowProcessorsprovideeventandnetworkactivitymonitoringandprocessingforremote/branchof-
ficesandforlarge,distributedorganizationsseekingscalablesolutions.TheyareexpansionappliancesthatcanbedeployedinconjunctionwithQRadar
3100/3105/3124andQRadarRiskManagerAppliances.Theseappliancesoffercollectionandreal-timecorrelationofeventandflowdata,andcanbe
deployed in a distributed manner that supports the largest deployments in the world.
Common Features:
• Eventandflowprocessinginasingleappliance
• Providesoneyearofeventandflowstoragefortypicaldeployments*
• SupportsFibreChannelforintegrationwithstorageareanetworks
• Dualredundantpowersupplies(auto-sensing)
• EmbeddedhardwareRAID10forhighavailabilityandredundancyofOSandstorage
• Optiontodeployturnkey,integratedHAappliance
Q1Labs.com 8
Total Security Intelligence | An IBM Company
QRadar Security Intelligence Platform Appliances
1801Features:
• Supports1,000eventspersecond(fullycorrelated);canserveascomponentofdistributedsolutionexpandabletotensofthousands
of events per second
• Supportsupto50,000bi-directionalflowsperminute(fullycorrelated);canserveascomponentofdistributedsolutionexpandableto
millionsofflowsperminute
• Includes1.5TBofusableon-boardstorageforlong-termdataretention
1802Features:
• Supportsupto5,000eventspersecond(fullycorrelated);canserveascomponentofdistributedsolutionexpandabletotensofthousands
of events per second
• Supportsupto200,000bi-directionalflowsperminute(fullycorrelated);canserveascomponentofdistributedsolutionexpandableto
millionsofflowsperminute
• Includes3TBofusableon-boardstorageforlong-termdataretention
Flow Collectors for Layer 7 VisibilityQRadarQFlowandQRadarVFlowCollectorsofferapowerfulsolutionforgatheringrichnetworkactivitydataoverphysicalandvirtualinfrastructures.Theysurpass
traditionalflow-baseddatacapturebycollectinglayer7dataviadeeppacketinspection.Thisenablesapplication-levelnetworkactivityanalysisandanomaly
detection,aswellascontentcaptureforforensicactivities.Thisinformation,whencorrelatedwithnetworkandsecurityevents,enablesamoreadvancedanalysis
oftheoverallsecuritypostureofthenetwork.
QRadar QFlow Collectors
QRadarQFlowCollectorsgathernetworktrafficpassivelythroughnetworktapsandSPANports.Theycandetectmorethan1,000applicationssuchasVoIP,social
media,multimedia,ERP,andpeertopeer(P2P),amongmanyothers.
QRadar 1101 QFlow Collector:
The1101QFlowCollectorisacost-effectivecollectorforlowerbandwidthmonitoring(lessthan100Mbps)inremotelocationsorforInternetconnections.
QRadar 1201 QFlow Collector:
The1201QFlowCollectorprovidesamidrangemulti-portcollectionapplianceforunderutilizedGigabitEthernetconnections(under500Mbps).
QRadar 1202 QFlow Collector:
The1202QFlowcollectorapplianceprovidesline-rategigabitnetworkperformanceandmulti-portflexibility.The1202iswellsuitedforcollectingand
monitoringhighratesofnetworktrafficatthedatacenterandcoreofanenterprise.
QRadar 1301 QFlow Collector:
The1301QFlowcollectorapplianceprovidesline-rategigabitnetworkperformance,multi-portflexibilityandfiberconnectivity.The1301iswellsuitedfor
collectingandmonitoringhighratesofnetworktrafficatthedatacenterandcoreofanenterprise.
QRadar 1302 QFlow Collector:
The1302QFlowcollectorapplianceprovidesline-rategigabitnetworkperformance,multi-portflexibilityandfiberconnectivity.The1302iswellsuitedfor
collectingandmonitoringhighratesofnetworktrafficatthedatacenterandcoreofanenterprise.
QRadar 1310 QFlow Collector:
The1310QFlowCollectordeliversadvancednetworkandapplicationvisibilityandcollectionon10Gbpsnetworks.
Q1Labs.com 9
Total Security Intelligence | An IBM Company
QRadar Security Intelligence Platform Appliances
QRadar VFlow Collectors
QRadarVFlowCollectorsarevirtualactivitymonitorsthatprovidethesamecollectionandvisibilityforvirtualnetworkandserverresourcesasQRadarQFlowCollec-
torsprovideforphysicalresources.QRadarVFlowCollectorsarevirtualappliancesthatconnecttothevirtualswitchwithinaVMwarevirtualhost.AswithQFlowCol-
lectors,thelayer7datacollectedbyVFlowCollectorsisusedfornetworkactivitymonitoringaswellascorrelationagainstlogactivity,forsuperiordetectionofsecurity
threats.Theproductcanalsoanalyzeport-mirroredtrafficforaphysicalnetworkswitch,whichhelpsbridgethegapbetweenthephysicalandvirtualrealms.
Features:
• Supportsupto10,000bi-directionalflowsperminute(fullycorrelated)
• Supportsupto4virtualinterfaces
QRadar Virtual AppliancesQRadarvirtualappliancesofferanalternativedeploymentformfactorfororganizationsseekingtoleverageVMwarevirtualinfrastructures.Theyarewellsuitedfor
largevirtualandcloudenvironments,smallorganizationstargetingcompactandcost-efficientsolutions,andbranchandremoteofficeswithlowerdatavolumes.
QRadar virtual appliances provide the exact same software as the respective hardware appliances described above, but they are delivered in software-only form and
aresupportedonVMwareESXServer4.1.
Organizationscanfreelyuseanycombinationofvirtualandhardwareappliancestogether,allowingforflexibleexpansionaccordingtotheneedsofeachbusiness.
SIEMandLogManagervirtualappliancesareofferedforbothcentralizedanddistributeddeployments.Aswithhardwareappliances,distributeddeploymentsof
virtual appliances enable total processing capacity well in excess of the individual virtual appliance capacities.
ThefollowingQRadarvirtualappliancesareoffered(inadditiontoQRadarVFlowCollectors):
• QRadar3190SIEMAll-in-One
• QRadar3190SIEMConsole
• QRadar3190LogManagerAll-in-One
• QRadar3190LogManagerConsole
• QRadar1690SIEMEventProcessor
• QRadar1690LogManagerEventProcessor
• QRadar1790FlowProcessor
QRadar3190SIEMAll-in-One,QRadar3190LogManagerAll-in-One,QRadar1690SIEMEventProcessorandQRadar1690LogManagerEventProcessorvirtualappli-
ancessupporteventratesof100,200,500or1,000EPS.QRadar3190SIEMAll-in-OneandQRadar1790FlowProcessorvirtualappliancessupportflowratesof15K,
25Kor50Kflowsperminute.
Q1Labs.com 10
Total Security Intelligence | An IBM Company
QRadar Security Intelligence Platform Appliances
QRadar High AvailabilityQRadar’seasy-to-deployhighavailability(HA)appliancesprovidefullyautomateddisksynchronizationandfailover,forhighavailabilityofdatacollection,correla-
tion,analysisandreportingcapabilities.QRadarHighAvailabilityaddressesthedemandforscalablesolutionsthatenableorganizationstostore,correlateand
analyzelargevolumesofevents,flowsandothernetworkingandassetdatawithoutinterruption.
QRadarHighAvailabilityappliancesoffertheflexibilitytousedisksynchronizationorleveragesharedstorage(SAN/IPSAN)–whicheveroptionbestmeetsyour
availableinfrastructure.Disksynchronizationisabuilt-inQRadarHAfeaturethatisusedtoreplicatedatabetweenaprimaryapplianceandanHAappliance.This
simple-to-deploy solution delivers excellent performance, without the configuration challenges, high costs and ongoing administration requirements of third-party
faulttoleranceproducts.QRadarHAappliancescanbedeployedonaperappliancebasis,enablingdistributedQRadardeploymentstoaddHAappliancesas
needed.
*Actualstoragedurationwillvarybasedoneventandflowsize,eventspersecond,flowsperminute,compressionpolicy,compressionratioandcoalescingratio.
Q1 Labs, an IBM Company
890 Winter Street, Suite 230
Waltham, MA 02451 USA
1.781.250.5800, [email protected]
Copyright 2012 Q1 Labs, an IBM Company. All rights reserved. Q1 Labs, an IBM Company, the Q1 Labs, an IBM Company logo, Total Security Intelligence, and QRadar are trademarks or registered
trademarks of Q1 Labs, Inc. All other company or product names mentioned may be trademarks, registered trademarks, or service marks of their respective holders. The specifications and information
contained herein are subject to change without notice.
DSAPPL0312