The QRadar team at IBM Security was delighted to see IBM Security QRadar named as the winner of the 2015 SANS Best SIEM Award. Every year, the SANS Institute surveys its more than 200,000 hands-on security practitioners, most of whom use commercial products, and publishes what the community likes best.

SANS Honors Top Security Products

“Each year SANS surveys the SANS community for nominations for the SANS ‘Best of the Year’ awards for products and services that have been successfully used to provide increases in both the effectiveness and efficiency of cybersecurity programs,” the SANS Institute wrote.

“In 2015 the products were voted on by security operations professionals and security managers from around the world, all of whom are actual users of these products. The SANS Best of Awards are not driven by vendors, but by the people actually using these products.”

Organizations have told IBM what they need from a security information and event management (SIEM) solution. The top features included the ability to:

  • Detect attacks in real time using best practices and behavioral analysis.
  • Deploy quickly with minimal intervention from an already overworked and understaffed security team.
  • Integrate with third-party security solutions to create a single pane of glass for all security events, alerts and workflows.
  • Monitor and secure cloud services, including cloud-based deployments.
  • Have a strong partner network and ecosystem to provide support and offer advanced security skills.
  • Maintain compliance with internal and external regulations.

Why QRadar Stands Out

This is quite a list, but the QRadar team is focused on these requirements and relentlessly drives innovations to deliver real value against them. Take, for example, the IBM Security App Exchange, which now has more than 30 available apps and extensions, covering many aspects of security operations workflow, compliance, visualization, monitoring and more.

The product has also expanded deployment options to include new cloud, managed security services provider and software-as-a-service offerings while simultaneously improving out-of-the-box support for on-premises security systems.

QRadar is very busy working on new innovations to transform customers’ security operations with leadership features, including:

  • A single architecture for analyzing log, flow, vulnerability, user and asset data;
  • Real-time and historical security data correlation and behavioral anomaly detection rules to identify high-risk threats;
  • High-priority incident detection among billions of daily incoming data points;
  • Full visibility into cloud, network, application and user activities; and
  • Compliance data collection and reporting using automation to reduce regulatory burdens.

The security environment continues to get tougher, the threats are getting more severe, there are fewer available skills, and there is an abundance of point security solutions — all long on promises, yet short on delivery. This recognition from SANS showed that there are SIEM solutions that can balance advanced technologies with positive user experiences, and QRadar is one of them.

Tour the award winning QRadar platform

More from

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…

RansomExx Upgrades to Rust

IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that has been rewritten in the Rust programming language, joining a growing trend of ransomware developers switching to the language. Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language. For example, the sample analyzed in this report was not detected as malicious in the…

Why Operational Technology Security Cannot Be Avoided

Operational technology (OT) includes any hardware and software that directly monitors and controls industrial equipment and all its assets, processes and events to detect or initiate a change. Yet despite occupying a critical role in a large number of essential industries, OT security is also uniquely vulnerable to attack. From power grids to nuclear plants, attacks on OT systems have caused devastating work interruptions and physical damage in industries across the globe. In fact, cyberattacks with OT targets have substantially…

Resilient Companies Have a Disaster Recovery Plan

Historically, disaster recovery (DR) planning focused on protection against unlikely events such as fires, floods and natural disasters. Some companies mistakenly view DR as an insurance policy for which the likelihood of a claim is low. With the current financial and economic pressures, cutting or underfunding DR planning is a tempting prospect for many organizations. That impulse could be costly. Unfortunately, many companies have adopted newer technology delivery models without DR in mind, such as Cloud Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS)…