April 8, 2016 By Chris Meenan 2 min read


The QRadar team at IBM Security was delighted to see IBM Security QRadar named as the winner of the 2015 SANS Best SIEM Award. Every year, the SANS Institute surveys its more than 200,000 hands-on security practitioners, most of whom use commercial products, and publishes what the community likes best.

SANS Honors Top Security Products

“Each year SANS surveys the SANS community for nominations for the SANS ‘Best of the Year’ awards for products and services that have been successfully used to provide increases in both the effectiveness and efficiency of cybersecurity programs,” the SANS Institute wrote.

“In 2015 the products were voted on by security operations professionals and security managers from around the world, all of whom are actual users of these products. The SANS Best of Awards are not driven by vendors, but by the people actually using these products.”

Organizations have told IBM what they need from a security information and event management (SIEM) solution. The top features included the ability to:

  • Detect attacks in real time using best practices and behavioral analysis.
  • Deploy quickly with minimal intervention from an already overworked and understaffed security team.
  • Integrate with third-party security solutions to create a single pane of glass for all security events, alerts and workflows.
  • Monitor and secure cloud services, including cloud-based deployments.
  • Have a strong partner network and ecosystem to provide support and offer advanced security skills.
  • Maintain compliance with internal and external regulations.

Why QRadar Stands Out

This is quite a list, but the QRadar team is focused on these requirements and relentlessly drives innovations to deliver real value against them. Take, for example, the IBM Security App Exchange, which now has more than 30 available apps and extensions, covering many aspects of security operations workflow, compliance, visualization, monitoring and more.

The product has also expanded deployment options to include new cloud, managed security services provider and software-as-a-service offerings while simultaneously improving out-of-the-box support for on-premises security systems.

QRadar is very busy working on new innovations to transform customers’ security operations with leadership features, including:

  • A single architecture for analyzing log, flow, vulnerability, user and asset data;
  • Real-time and historical security data correlation and behavioral anomaly detection rules to identify high-risk threats;
  • High-priority incident detection among billions of daily incoming data points;
  • Full visibility into cloud, network, application and user activities; and
  • Compliance data collection and reporting using automation to reduce regulatory burdens.

The security environment continues to get tougher, the threats are getting more severe, there are fewer available skills, and there is an abundance of point security solutions — all long on promises, yet short on delivery. This recognition from SANS showed that there are SIEM solutions that can balance advanced technologies with positive user experiences, and QRadar is one of them.

Tour the award winning QRadar platform

More from

What cybersecurity pros can learn from first responders

4 min read - Though they may initially seem very different, there are some compelling similarities between cybersecurity professionals and traditional first responders like police and EMTs. After all, in a world where a cyberattack on critical infrastructure could cause untold damage and harm, cyber responders must be ready for anything.But are they actually prepared? Compared to the readiness of traditional first responders, how do cybersecurity professionals in incident response stand up? Let’s dig deeper into whether the same sense of urgency exists in…

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Stealthy WailingCrab Malware misuses MQTT Messaging Protocol

14 min read - This article was made possible thanks to the hard work of writer Charlotte Hammond and contributions from Ole Villadsen and Kat Metrick. IBM X-Force researchers have been tracking developments to the WailingCrab malware family, in particular, those relating to its C2 communication mechanisms, which include misusing the Internet-of-Things (IoT) messaging protocol MQTT. WailingCrab, also known as WikiLoader, is a sophisticated, multi-component malware delivered almost exclusively by an initial access broker that X-Force tracks as Hive0133, which overlaps with TA544. WailingCrab…

Operationalize cyber risk quantification for smart security

4 min read - Organizations constantly face new tactics from cyber criminals who aim to compromise their most valuable assets. Yet despite evolving techniques, many security leaders still rely on subjective terms, such as low, medium and high, to communicate and manage cyber risk. These vague terms do not convey the necessary detail or insight to produce actionable outcomes that accurately identify, measure, manage and communicate cyber risks. As a result, executives and board members remain uninformed and ill-prepared to manage organizational risk effectively.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today