Q1 Labs Streamlines Security Alerts for U.K. Insurance Company
January 11, 2011 Alex Woodie
Q1 Labs has supported the IBM i platform with its security information and event management (SIEM) product, QRadar, for only a few months now. But already it’s landed a SIEM deal with the BGL Group, a provider of a range of insurance products. The deal was announced yesterday.
Founded in 1992, BGL is a privately held group of companies and partnerships that provide insurance coverage for homes, cars, motorcycles, and vans. The company has 3.5 million customers through its subsidiary insurance brokers, such as Budget and Bennetts. It also manages accounts for other U.K. insurance companies through a white label service.
At the center of BGL’s operations is an IBM iSeries server that automates many aspects of its own insurance business, as well as the business it conducts for its partner companies. Surrounding the IBM iSeries applications is a network managed by Cisco devices, including firewalls, intrusion detection and prevention systems, and a SIEM controller.
Prior to bringing in Q1 Labs’ SIEM software, BGL used the SIEM offering from Cisco. However, the insurance company was besieged with false alerts and a high level of complexity in managing the network, according to Q1 Labs. The vendor says BGL’s four-man security team was inspecting about 500 security alerts generated by the Cisco SIEM product based on log data routed iSeries and Windows applications. That volume was threatening to overwhelm the security team.
So BGL went on the hunt for a new SIEM system. Chief among the required functions was support for IBM i environments, and powerful and easy-to-use log filtering capabilities to help minimize false positives.
After looking closely at three SIEM products, BGL decided to switch to Q1 Labs’ QRadar offering, which has supported IBM i and DB2/400 sources in a GA-release for only about four months.
With QRadar sorting through the log data to identify attempts to hack the systems, the number of security alerts plummeted, BGL information security analyst David Ingall says in a Q1 Labs press release. “We went from around 500 alerts a day on the Cisco logs down to less than 12 using QRadar, and we could quickly get to the bottom of any issue in less than 30 minutes,” he says.
QRadar also helped with network troubleshooting, specifically with helping to track down a problem with BGL’s VPN connection to a major customer. The capability to drill down into the historical logs helped the company fix the problem quickly, Q1 Labs says.