QVision Keeps Eye On All Network Activity

As networks and intrusion attacks become more sophisticated, security is rapidly becoming an unmanageable job for most administrators. Critical to security management is up-to-date knowledge of everything happening on the network as well as the ability to quickly evaluate network traffic and events.

In the past, those tasks were readily accomplished with network sniffers and firewall reporting technologies, but network traffic has increased to such a degree that most of these solutions have been rendered ineffective. In addition, today's attacks require an automated response, as administrators no longer have the time to perform statistical forensics and script responses to attacks. The key to effectively closing open security holes and stopping malicious attacks lies in the ability to normalize network traffic,that is, to trend network activity and respond to anything that is outside of the statistical norm.

QVision 2.0 is a comprehensive network monitoring and management tool that provides many of these capabilities,from examining network traffic to mapping incoming and outgoing traffic to geographical locations.

What makes QVision a unique offering is the visual component of its management interface, which administrators can use to localize traffic concerns quickly by viewing realtime graphs of network traffic. What's more, administrators can then drill down through the visual interface to isolate any element of the traffic, including ports, IP addresses, physical or virtual locations, services and even defined applications.

For example, an administrator viewing an abnormal peak in network traffic can quickly drill down to find the root cause of the peak and determine if it is from a new style of network attack or from acceptable activity. Either way, administrators are no longer in the dark when it comes to connecting network traffic with a particular activity.

CRN Test Center engineers examined a real-world implementation of QVision 2.0 being used in a multiuniversity environment to determine the product's overall fit as a security solution.

QVision offers a two-tier approach for gathering and working with network traffic. The first component is a QVision Flow Generator, a security appliance that sits on the network at key junction points and gathers and monitors all network traffic that passes through it. The second component of the product, the QVision console, is a customizable browser-based management console. The flow generators gather all applicable data and then deliver that data to the console, which is where administrators can define policies, generate views, create reports and accomplish forensic analysis of the captured data.

The QVision solution captures the header information of every packet the system encounters, which creates a comprehensive database of network events and traffic. That proves to be a real boon for those examining traffic and plotting network trends. The database is quite efficient and is surprisingly small and fast, considering the volume of data captured.

Solution providers will find the QVision console easy to navigate, and the ability to use canned views or create custom views guarantees that solution providers can quickly demonstrate the value of the product.

QVision also proves itself valuable for ISPs. Installing the product and setting up custom views at the primary connection point of an ISP allows the monitoring of all traffic for multiple customers, which allows ISPs to effectively participate in the lucrative security and digital rights management space. QVision gives ISPs the ability to monitor and block certain types of activity for their customers, which translates into a billable service. ISPs, for example, can block peer-to-peer services, attacks and other nefarious activities that are caused by outsiders or hosted connections.

QVision's drill-down and reporting capabilities also can be used to demonstrate overall bandwidth usage and further drill down into peak usage periods. Those capabilities allow companies to better scale their usage and let ISPs discount low-usage periods while charging extra for peak activity.

Solution providers will find that QVision is an apt tool for protecting networks, managing bandwidth and garnering additional revenue for services previously forgotten or ignored. Target customers include enterprise network users and ISPs.

CHANNEL PROGRAM SNAPSHOTS
>Q1 LABS QVISION
CRN TEST CENTER RECOMMENDED
PRICE: $50,000
MARGIN: 25 percent
DISTRIBUTORS: Dataway, Integration Technologies, Red Bull Technologies, ReSoft, Sword & Shield
TECH RATING:

CHANNEL RATING:

CHANNEL OVERVIEW: Atlanta-based Q1 Labs provides a wealth of support for partners. Field support engineers and regional sales managers do joint sales calls and provide installation assistance. Technical and marketing resources and sales demos are available at the vendor's solution provider Web site. Sales and hands-on technical training are also provided on-site and at Q1 Labs' headquarters.

Note: Vendors can earn up to five stars for technical merit and five for their channel program. If the average of these two scores is four stars or greater, the product earns CRN Test Center Recommended status.