Q1 Labs Rounds Up Partner Posse For Security Event Integration

The Security Intelligence Partner Program, which Waltham, Mass.-based Q1 unveiled on Tuesday, comprises several security vendors -- and more to come -- that have integrated their products with Log Event Enhanced Format (LEEF) or Asset Exchange Information Source (AXIS), Q1 Labs' open standard formats for log, event and asset information management.

Tom Turner, Q1's senior vice president of channels and marketing, said the speed and the completeness of getting event information contextually between security products was lacking and posed a challenge. And collaboration across the security intelligence industry has been a struggle and lacked standards, Turner said. Event and telemetry updates were non-existent and event exchange formats were siloed and offered little context.

"It hasn't always been easy to get security vendors to work together," he said.

Q1 launched LEEF and AXIS to give partners a new way to deliver event, asset/vulnerability management, flow information, and automated updates to the QRadar Security Intelligence Operation System, and the launch of the Security Intelligence Partner Program gives customers and the channel the ability to integrate disparate security products from different vendors and go beyond just logs and events.

For Security Intelligence Partner Program members, Q1 offers an SDK to conduct testing for integration and certification; provides priority placement in integration testing tool; and gives designated engineering contacts to make integration a joint effort.

The inaugural vendor partners participating in the Security Intelligence Partner Program include Barracuda Networks, Bit9, Damballa, Enterasys Networks, FireEye, Imperva, Lieberman Software, Palo Alto Networks and Sourcefire. The partner program will let vendors and their channel partners remove integration bottlenecks during deployments, reduce deployment time, ease integrations and boost security intelligence with shorter time to resolution.

"Our end goal is to provide customers with the ability to leverage the security intelligence gathered from their networks, therefore it's important for security vendors to work closely and integrate products that will allow customers to do that," Turner said.

Doug Hurd, Sourcefire's director of technical alliances, said the centralization of event data and the integration of once disparate solutions has become a necessity.

"The partnership just makes a lot of sense," he said. "It allows customers to correlate all other event data with data from other solutions."

For the channel, Turner said it gives solution providers the ability to offer both security enforcement and security intelligence as a one-two punch. Many security solution providers, Turner said, have already partnered with a best of breed security vendor and the integration will help them offer an end-to-end solution. It will also create more consulting opportunities, as solution providers can offer event and vulnerability discovery and remediation services.

Sourcefire's Hurd agreed. He said channel partners and VARs usually offer multiple vendors' products and integration between them can make for an easier sale and smoother deployment.

"It allows them to deliver a much more complete solution and ease the post sale implementations," he said, adding that solution providers add value by understanding the connection and correlation of data from different solutions. "It's the detail where the added value becomes clear and the channel partner is best equipped to provide the complete package. If I'm a VAR, I want to know how to get the most out of these platforms."