by Tech Samurai, June 24, 2008
(Riyadh) - Although the Q1 Labs QRadar (Juniper Security Threat and Risk Management - STRM ) tool looks promising, from a vision perspective, there are several items that, if not in the confirmed road map for delivery in Q408 or Q109, may cause issues on some major tenders that its OEM partners (including Juniper) may have in the Middle East in 2008. The appliance based STRM provides a visionary approach to forensics and security event and incident management. However, some of its most glaring technical short-comings combined with a finicky EMEA market makes its short term revenue prospects in the Middle East questionable.
Functional Issues
Reading logs in real-time from a remote file system - The Q1 vision seemed to be focused in the wrong direction to have missed the need to read log files from a local or remote file system. Only network-only environments expect the file source to exclusively be syslog whereas most enterprise applications write logs to disk. All major SEIM players support this.
Manually opening and adding items to an investigation case - It is really odd that Q1/Juniper doesn't have the ability to manually create investigation cases. Many of the challengers don't provide the ability to create cases automatically. But it appears that only Q1 Labs' STRM might be the only serious SEIM tool on the market that does not provide manual incident creation ability.
Product Support
Fully functional CITRIX Server and gateway log processor - EMEA customers rely heavily on CITRIX and, if not supported by Q408, EMEA customers would have a hard time justifying a purchase of STRM.
Fully functional SAP log processor - Several major and influential enterprises in EMEA rely heavily on SAP and, if not supported by Q408, EMEA customers would have a hard time justifying a purchase of STRM.
Copyright (C) 2008 Tech Samurai.
No comments:
Post a Comment