Q1 Labs helps BGL Group to massively reduce the number of false security alerts

Switching from Cisco SIEM and log management to QRadar reduces alerts from 500 a day to less than 12 and additionally helps network operations team troubleshoot complex problems.
Monday, February 7, 2011

Switching from Cisco SIEM and log management to QRadar reduces alerts from 500 a day to less than 12 and additionally helps network operations team troubleshoot complex problems.

PRLog (Press Release) – Jan 10, 2011 – Q1 Labs helps BGL Group to massively reduce the number of false security alerts  

Switching from Cisco SIEM and log management to QRadar reduces alerts from 500 a day to less than 12 and additionally helps network operations team troubleshoot complex problems.

London, England –January 10th, 2011 − Q1 Labs, the global provider of total security intelligence solutions, today announced details of a successful project at BGL Group that has helped to drastically reduce volume of false security alerts, strengthen its security management procedures and reduce operational cost and complexity. The deployment of Q1 Labs’ flagship QRadar Security Intelligence Platform is also helping operations teams track down complex issues through detailed reporting of historical log data from multiple systems.

Since it was founded in 1992, BGL Group has grown to become one of the largest personal lines insurance brokers in the UK. Through its subsidiaries including, Budget and Bennetts, the group arranges and administers insurance for 3.5 million customers and employs more than 2,150 people.
As such, it takes information security extremely seriously with a dedicated team assigned to protect its infrastructure against cyber criminals.

The Group has created a multi-layered secure perimeter with traditional Firewalls supplemented by IPS and IDS systems managed by a 24/7 network operation centre. The continual expansion of the Group’s role, including the provisioning of managed services such as “white label” services to several well-known high street banks, has increased the volume of network and application traffic that needs to be inspected for potential threats. QRadar's native ability to capture content provides the security intelligence needed to eliminate false positives and identify potential threats.

The Cisco-based network architecture at the Group was generating around 500 alerts a day, which needed to be inspected by the four-man Information Security team. The sheer volume of alerts from Cisco logs combined with security information from Microsoft-based servers and IBM iSeries mainframes running critical applications were threatening to overwhelm the resources of the team.

In response, the Information Security team at BGL contacted a number of Security Information Event Management vendors with a requirement for a solution to help improve the situation while leveraging existing resources. Key criteria included compatibility with its IBM mainframe and powerful reporting tools to help separate false positives from more urgent matters.

After whittling down the potential candidates to just three, the Information Security team ran a series of two week on-site evaluation projects to determine which product best served its needs. “QRadar was head and shoulders above the rest in terms of its usability and interface,” explains David Ingall, an Information Security analyst at BGL. “The way it allows us to drill down quickly into an alert and correlate relevant data was extremely impressive.”

Following a rapid implementation, which Ingall describes as “simple as putting QRadar in the rack and pointing our logs at it,” the system was able to deliver significant improvements from day one.  

“We went from around 500 alerts a day on the Cisco logs down to less than 12 using QRadar,” comments Ingall, “and we could quickly get to the bottom of any issue in less than 30 minutes.”

QRadar also proved itself useful in a network troubleshooting role. When the Operations Team at BGL discovered a transient issue with a VPN connection between its main site and a major external customer, the ability to drill down through historical logs allowed them to quickly find and fix the fault.

“The move to QRadar had been a real eye opener for us and has helped us to concentrate our efforts on the most important issues,” explains Ingall. “Even without significant tuning, it has improved how we deal with security intelligence and it will form a core part of our infrastructure as we move forward.”

Supporting Resources
Visit Q1 Labs’ Website
Follow Q1 Labs on Twitter

About Q1 Labs
Q1 Labs is a global provider of high-value, cost-effective next-generation security intelligence products. The company's flagship product, QRadar SIEM, integrates previously disparate functions – including risk management, log management, network behavior analytics, and security event management – into a total security intelligence solution, making it the most intelligent, integrated and automated SIEM product available. QRadar SIEM provides users with crucial visibility into what is occurring with their networks, data centers, and applications to better protect IT assets and meet regulatory requirements. Q1 Labs is headquartered in Waltham, Mass., U.S.A., and the company's customers include healthcare providers, energy firms, retail organizations, utility companies, financial institutions, government agencies, and universities, among others. For more information, visit, e-mail, or call 781-250-5800.

About the BGL Group

The BGL Group was founded in 1992 and has grown to become one of the UK’s largest personal lines insurance intermediaries.

Brands within the BGL Group include, BUDGET car, van and home insurance, Bennetts bike insurance and eco motor insurance, ibuyeco. Junction, BGL Group’s affinity business, works with brands like Post Office®, HSBC, Santander, M&S Money, RAC and Auto Trader to offer insurance products to their customers. The Group also offers a wide range of supplementary products including breakdown cover and legal protection.

The BGL Group has 3.5 million customers and operates major contact centre operations (Fusion) in Peterborough, Coventry, Sunderland and Cape Town, South Africa. Headquartered in Peterborough, the Group currently employs more than 2,150 people. 2010 saw the Group enjoy its 13th consecutive year of record profits, delivering a 16 per cent growth to £62m.

In October 2010 the Group was ranked 80th in the Sunday Times HSBC Top Track 250 of Britain’s 250 biggest mid-market private companies by latest sales – higher than Manchester United Football Club, Pret A Manger and Harvey Nichols department stores.

BISL Ltd, part of the BGL Group, is authorised and regulated by the Financial Services Authority. Registered Address: Pegasus House, Bakewell Road, Orton Southgate, PE2 6YS. Registered in England no 3231094