Thursday, 19 July 2012 08:05 3156No Commentshttp%3A%2F%2Fblog.q1labs.com%2F2012%2F07%2F19%2Fa-virtual-sweep-q1-labs-nabs-top-honors-in-informationweek-customer-survey%2FA+Virtual+Sweep+%E2%80%93+Q1+Labs+Nabs+Top+Honors+in+InformationWeek+Customer+Survey2012-07-19+13%3A05%3A59Michael+Applebaumhttp%3A%2F%2Fblog.q1labs.com%2F%3Fp%3D3156

Posted by Michael Applebaum in Cybersecurity, In the Industry, Q1 Labs, Security Intelligence, SIEM, Threat Management

There’s nothing more gratifying than getting positive feedback from the people whom you wake up every day to serve – your customers.  That’s why we were thrilled when a new InformationWeek customer survey on the SIEM market was just published, with the headline “IT Rates IBM’s Q1 Labs Top SIEM Performer”. To be clear, this was not a “sponsored vendor test”, but was conducted independently of the vendors named.

Reflecting input from 300+ SIEM users in North America, this was a wide-ranging survey covering product capabilities, vendor support, cost of ownership and more.  (Download the full report here.)  If this were the Oscars, we’d be talking about a virtual sweep for Q1 Labs.  Thank you, North America!

The report is overflowing with SIEM product and market insight, so let me highlight some of the more interesting findings.

The Punchline

Let’s get right to it:  “Users and evaluators of IBM/Q1 Labs rated it [the] leader for overall performance.”  As the report explains, these performance ratings are based on a set of 10 general criteria, including product reliability, product performance, flexibility, operation cost and many others.

Q1 Labs was also the highest rated vendor for product features, reflecting outstanding performance across 11 distinct categories.  These include event correlation, real-time analysis for alerts, root cause analysis and investigation of archived logs, operational dashboard, and seven other sets of capabilities.

Who’s Who in SIEM

Of the 17 vendors InformationWeek asked users about, only 8 vendors received a sufficient number of responses (10% or more of total respondents) to be included in the results.  The other 9 were dropped from consideration.

Vendors notably failing to make the cut include EMC/RSA, a legacy first-generation SIEM vendor, and McAfee/NitroSecurity, which claims to be an up-and-comer but only generated responses from a paltry 2% of customers.

Top Evaluation Criteria

The top three evaluation criteria according to customers are product reliability, product performance, and flexibility.  In other words:  Does the product deliver robust capabilities; can it be tailored for my specific needs; and can I rely on it?

Customers rated Q1 Labs as #1 in all three of these critical dimensions.  QRadar’s flexibility is something in which we take particular pride, because many SIEM users say flexibility has more impact on their overall experience than anything else.  They care about practical questions such as:

• How easily can you create or change a correlation rule or a report, to meet your particular business needs?
• How quickly can you adjust a log source integration module for an uncommon data source?  (Most SIEM vendors would discourage users from even trying this themselves.  We do not.)
• Can you easily upgrade a log management product to a full SIEM product – without buying new hardware, migrating to a completely different database, changing your architecture, or paying for expensive professional services?
• Is it possible to expand the scale of your deployment linearly by simply deploying more appliances – or do you need to re-architect the whole solution once you reach a certain scale (at considerable expense)?

We were proud that customers rated Q1 Labs higher than any other vendor on “Flexibility in meeting your organization’s needs.”  This aspect of SIEM really matters.

Survey respondents also commented on the total cost of ownership for SIEM.  While we take pride in QRadar’s advanced capabilities, our commitment to Intelligence, Integration and Automation isn’t just about building the most powerful analytics.  It’s also about finding ways to make life easier for security and risk management professionals, which translates into lower operational costs.

We were grateful to see this reflected in the InformationWeek survey, where a broad cross-section of SIEM users rated Q1 Labs very highly on both acquisition cost and operation cost (meaning: offering an affordable cost).

Our decade-plus work to understand customers’ challenges with SIEM and related technologies has led to several innovations that simplify security operations:

• The unified architecture of the QRadar Security Intelligence Platform greatly enhances ease of use and lowers the total cost of ownership.  By offering log management, SIEM, behavioral profiling & anomaly detection, network flow collection & analytics, and vulnerability & security configuration management in one modular platform, we follow the KISS Principle (Keep It Simple, Security pros!).  Users don’t have to struggle with different user interfaces, databases, data taxonomies or administration requirements – weaknesses of many other SIEM products, especially legacy first-generation ones.
• Capabilities like automated discovery of log sources, applications and assets, and auto-grouping of assets, save users time upfront and on an ongoing basis.
• Embedded security knowledge in the form of thousands of pre-defined rules, reports and searches that help users share insight faster with their colleagues and auditors.

The next most important criterion for customers, according to the survey, is quality of postsales support.  Again, IBM/Q1 Labs was honored with the highest rating of any vendor.  Q1 Labs has always held a deep commitment to client success, and frankly our customer support team are some of the most capable and dedicated professionals you’ll ever work with.  This note from a Q1 Labs customer to a Q1 Labs business partner crossed my inbox just last week, and adds a personal perspective to the survey discussion:

“Just want to send you a special thanks for recommending QRadar SIEM.  It’s much better than [competitor product] which we had for years.  It gives us a lot more visibility into our network and security environment.  It has even accomplished several of our custom requirements since it was deployed just a month ago.  In my own experience, the Q1 Labs support is very knowledgeable too, easy to get a hold of, always trying to help, and very fast to escalate to the developers if the support people don’t have the solution.”

In my next post, I’ll share more insights from the InformationWeek customer survey, including detailed findings about the vendors’ product features and customers’ reasons for switching vendors.  Stay tuned!

PS:  See related post about why IBM/Q1 Labs was chosen as a Leader in the most recent Gartner Magic Quadrant for SIEM.