Security intelligence product vendor Q1 Labs plans to release QRadar Risk Manager late in the second quarter of this year. Joining two other QRadar products, Risk Manager integrates risk management, security information and event management (SIEM), log management and network behavior analysis to give IT departments the ability to assess vulnerabilities before, during and after an exploit.

With a network of partners serving approximately 1,000 customers worldwide, Q1 Labs does about 80
percent of its business through the channel. The company’s partners, mostly made up of VARs with security and networking practices, already sell and manage services around the rest of its product line, which includes QRadar Log Manager and QRadar SIEM.

“The problem that [QRadar Risk Manager] helps customers to solve is helping them to validate the configuration of their infrastructure,” said Tom Turner, senior vice president of marketing and channels at Q1 Labs. Many of the same compliance mandates that businesses use for monitoring employees also apply to the monitoring of the networking infrastructure, he added.

Risk Manager, which was designed to tightly integrate with QRadar SIEM, allows customers to model risk against their networks so they can see where the biggest security risks lie and prioritize them so the vulnerabilities can be patched.

“It won’t really affect our channel model. In fact, it’s a great benefit for it. With 1,000 customers today, it’s a great thing for the channel to go in and sell to existing customers and to new customers for risk modeling,” Turner said.

With compliance still being such a top-of-mind issue, there’s a strong need for risk management products like QRadar Risk Manager, he said. Q1’s product offers automated risk intelligence with extended compliance and policy verification, automated firewall configuration reports and audits, advanced predictive threat visualization, assessment, modeling and impact analysis, risk policy monitoring and assessment, and intelligent network and security visualizations and vulnerability prioritization.

With a price tag of $30,000, Risk Manager is aimed at enterprises with 500 employees and up.

“They have a relatively sophisticated network and infrastructure. It’s not for small/medium-size companies with less than 100 employees, but certainly it’s still the broad enterprise market,” Turner said.

Many customers will be interested in the ability to validate their firewalls and routers more easily, particularly those that have hundreds of such devices to manage, he said. However, it will also be compelling to businesses with firewalls and routers numbering significantly lower, as well – particularly large companies with distributed offices. The high profile nature of network attacks and vulnerabilities makes it a compelling offering for not just security professionals but also C-level executives, he said.

The product will enable IT managers to simulate threats against their data center and network infrastructures, but they’ll also be able to simulate the deployment of new applications on the infrastructure so they’ll be able to see what security vulnerabilities they create.

QRadar Risk Manager will be available on its own, but it will also be available as equipment from Juniper Networks and Enterasys Networks. Both networking vendors are long-term partners with Q1 Labs, which provides its technology via OEM agreements.

For Q1’s own channel partners, they’ll find product sales opportunities within the enterprise market, but they’ll also find additional opportunities by selling services, training and managed services around QRadar Risk Manager, Turner said.

“It fits very nicely with a lot of our resellers. I do stress the value-add when talking to a lot of our VARs,” Turner said. Customers want to have more strategic conversations about managing risk in their environments, and that’s the type of conversation VARs can offer with QRadar Risk Manager, he said.