Editor's note: This is a summary of our testing of this product, for a full rundown of how it fared in our testing across SIEM categories, please see our full coverage.

Q1 Labs' QRadar is a well-rounded security information and event management platform that became our "go-to product" for validating most of our findings. It earned this status for two primary reasons. First it offers the most amount of functional flexibility. And, second it provides the most effective correlation rule set right out of the box. The Q1 Labs' product simply offered the greatest amount of visibility into our environment with the least amount of headache.

Q1 Labs shipped us an appliance version of its QRadar product which is a beefy Intel-based system running its proprietary applications, proprietary data storage technology, and a version of Linux under the hood. The user interface is HTTP/HTML-based, worked fine in both IE and Firefox, and requires no deployment of "fat" clients. Despite our inherent dislike of most Web-based user interfaces, we found QRadar's user interface responsiveness acceptable.

Q1 Labs originally started off in the network security monitoring or Network Behavior Anomaly Detection (NBAD) space and has branched out into SIEM over the past five years. It did not completely abandon its NBAD roots, however, and the product still comes with both the ability to receive network flow data via Cisco's NetFlow and sFlow, the more generic protocol that collects information from a variety of network switches. For example, one of the Ethernet ports on the back of our appliance could be configured as a flow receiver. The NetFlow and sFlow data can help provide additional context when analyzing events such as providing more detailed target and victim traffic profiles, better visibility into follow-on sessions after attacks, and an additional method of asset discovery.

QRadar also has a rudimentary ticketing system built into the product under the label "offense management" that allowed us to delegate investigative tasks to various team members. It only provided the most basic of features (such as open, close, assign, add notes) but was enough for us to get the basics of event handling working from the SIEM system.

QRadar's reporting engine was fairly comprehensive and comes with dozens of predefined reports. It was a little overwhelming at first but fortunately QRadar also comes with a basic report designer. After a little work we were able to build a few custom reports that were sufficient, and the customizable dashboard provided us most of the real-time data we wanted. Our only big complaint with the reporting engine is that it was really hard to get a definitive failed login report because of the mess that is Windows authentication logging, but to be fair, no product seemed capable of sorting out Microsoft's logging nightmare. The product is not without its short comings.