The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

QRadar and QRM 7.1 are Generally Available!

Posted by Xavier Ashe on October 5, 2012

The QRadar Product Management team is very glad to announce the General Availability (GA) of QRadar SIEM and Risk Manager Version 7.1.  Another major milestone of the QRadar product, QRadar 7.1 delivers several new key features to meet the needs of our current and future customers, a new appliance and new tools to provide more flexibility in deploying the QRadar solution, and great usability features to increase the visibility to more security intelligence data, as well as the ability to better optimize and tune QRadar.

The new features of QRadar SIEM 7.1 consist of:

  • Index Management:  More refined control over the creation of indexes used for searches and exposure of field and index usage statistics, enabling more efficient storage utilization and performance optimization.
  • Store and Forward: Capability of collecting and storing events by a new appliance, Event Collector (EC), in a remote location and forwarding events to an upstream Event Processor for analysis based on a pre-determined policy,  allowing effective log collection at remote network locations with unreliable network connections or bandwidth constraints.
  • Import/Export of Security Contents: Ability to export security and configuration content on a QRadar system to an external, portable format which then can be imported into another QRadar system, with a command line interface, enabling quick deployment of a new QRadar system or sharing of security contents across systems.
  • Vulnerability Details Screen – Enhanced GUI screens to display detailed vulnerability data imported from third party vulnerability scanner products, allowing customers to fully explore the nature and relevance of vulnerabilities on the hosts involved in QRadar detected incidents and offenses.
  • WinCollect: Complete centralized control of local and remote Windows event collection, with bulk adding of servers, per server troubleshooting, automated deployment and update of policy and agent itself.  Also includes tuning for different environments and support for latest capabilities like XPath queries.

The new features of QRM 7.1 consist of:

  • P2P Networks: Support for point-to-point networks, such as VPNs and serial links. This allows customers to add these links to their QRM network topology.
  • Firewall Rule Reporting: Perform comprehensive reporting on firewall rules, including shadowed, most and least used rule reports. Reports can be generated across multiple firewalls and is full integrated into the QRadar reporting engine.
  • Enhanced Policy Monitoring:  Monitor policy question passes and failures, typically required for compliance reporting. Customers can now generate reports that show that network policies have been in compliance over a given period of time, in addition to those which were not compliant.
Advertisements

2 Responses to “QRadar and QRM 7.1 are Generally Available!”

  1. Jeff said

    No upgrade path from QRadar SIEM 7.0 MR2? When will that be made available?

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: