Automation Speeds Reaction Time

Q1 Labs Inc. last week rolled out an enhanced version of its QRadar application, which monitors users, systems, and applications to spot abnormal and potentially malicious activity. The company also unveiled its QRadar-ICX module, which works with QRadar to stop worms, denial-of-service attacks, and other threats.

Such attacks are increasingly threatening and coming more quickly, says Robert Brown, director of information security, privacy, and compliance for health-care provider Borgess Health Alliance Inc., which operates more than 140 patient-care sites and 65 satellite clinics in southern Michigan.

"Viruses beat antivirus software updates. We check for new updates every half-hour, and we can still be vulnerable," he says. Borgess has been using QRadar for about eight months. "Anything that can help you make faster decisions" is welcome, he says.

Some of the defensive enhancements QRadar-ICX provides are the ability to isolate and contain infected systems, preventing them from infecting other systems connected to the network. The module can shut down specific user and application sessions that are being used as part of an attack or that violate a company's security policy. QRadar-ICX also can direct routers and firewalls to help shut down attacks coming from the Internet.

Brown is evaluating these capabilities, but "it will be awhile before we feel comfortable using some of the automated-response capabilities," says Brown, who fears that the app could accidentally block legitimate applications.

Yet Brown is certain that as the speed and efficiency of attacks increase, security technologies will have to keep pace and get increasingly faster as well. "We're at the point where you can no longer rely on human responses to threats," he says.

QRadar 4.0 and QRadar-ICX are available now. QRadar 4.0 is priced starting at $59,900, and QRadar-ICX starts at $19,900.