1 Dec 2010

Roto Frank AG switches to QRadar to help it combat security information overload
Integralis recommended the Q1 Labs QRadar solution which offered a next-generation SIEM solution
Q1 Labs, the global provider of total security intelligence solutions, announced details of a successful project at Roto Frank AG carried out by its partner Integralis that has reduced the time spent managing security events by 80% while helping the firm create a secure and scalable platform for the future.

Since it was founded in Stuttgart in 1935, Roto Frank AG has grown to become one of the world's leading window and door hardware manufacturers and significant supplier of roof windows, solar technology and loft-ladders. Today, the company is truly international with 12 production plants worldwide and a global sales network of more than 40 Roto sales subsidiaries or partners generating a turnover of 560 million Euros in 2009. The business runs 24 hours a day, serving partner organisations in every time zone which means the critical ERP, manufacturing and accounting systems based at its head office in Leinfelden-Echterdingen must be available constantly and protected against disruption.

Many users also access these systems remotely via a VPN, which is an additional concern for Franz Leippert, who manages security for the critical central data network. "In the past, we were dealing with hundreds of security events from our legacy security monitoring system but most of these were simply false alarms," explains Leippert. "Even with extensive policy tuning, trying to clarify the seriousness of each of these alerts was incredibly time consuming due to the poor user interface and the huge amount of information."

Leippert is part of a small central IT department that was struggling with the sheer volume of data generated by its estate of firewalls, switches, and VPN hardware as well as AV and malware detection hardware and software. In response, Leippert turned for advice to Integralis, a trusted IT service provider who has worked successfully with Roto Frank AG for a number of years.

Integralis recommended the firm consider a Q1 Labs QRadar solution which offered a next-generation SIEM solution designed to help automate many of the tasks that Leippert and his team were struggling with, especially the information overload that its legacy security and monitoring system was causing.

Leippert believes that the Q1 Labs platform has the potential to improve the firm's overall security posture



"Integralis set up a demonstration of the Q1 Labs QRadar which helped to understand the potential of the solution," explains Leippert. "From testing this, we decided to install QRadar ourselves with some assistance from Integralis as it was important for us to understand how it worked."

Leippert then began tuning the software and defining rules to match the types of traffic the firm handles such as Skype, IM and VPN traffic. Within only 2 weeks, QRadar went live and the results in a production environment were staggering, "...compared to the legacy solution, we have reduced the time we have to spend managing security events by 80%," explains Leippert. "QRadar identifies the issues that are really threats with much higher accuracy and the interface allows us to quickly evaluate the problem and take steps to handle it."

Although only live for a few months, Leippert believes that the Q1 Labs platform has the potential to improve the firm's overall security posture. "For us, the first step was to solve the main problem we had with information overload - next, we are looking to add more information sources to the Q1 Labs QRadar SIEM as well as features such as auditing and validating configuration changes to routers, firewalls and other critical devices."

Mr Uwe Maurer, consultant and specialist for SIEM at Integralis, adds: "Many of our clients like Roto Frank AG who are switching to Q1 Labs QRadar from older legacy systems are struggling to keep up with the huge volume of data generated by ‘dumb' security information event management systems."

"As organisations start to add more mobile devices and embrace emerging social media and teleworking, the volume of event data is going to increase and we believe that only a true next-generation SIEM will be able to cope," Maurer concludes.