CASE STUDY

Arkansas Childrens Hospital

World-Class Pediatric Medical Center Centralizes Security and Compliance Management with QRadar
As the number of patients will only increase at such an esteemed medical facility, Arkansas Childrens Hospital needed a solution that would help centralize their security and compliance programs. The Security Administration team needed a security intelligence solution that could scale their security operations for complete visibility into their network architecture.
ARKANSAS CHILDRENS HOSPITAL IS ONE OF THE TOP TEN LARGEST PEDIATRIC MEDICAL CENTERS IN THE NATION, AND THE ONLY PEDIATRIC FACILITY IN THE SATE OF ARKANSAS. Based on the incredible reliance Arkansas and surrounding states have on this world-class facility, the responsibility for managing a large amount of critical information across agrowing population of patients was a priority.

Growing Patient Population Creates Need for Retaining and Protecting More Information
With incredible growth across their information systems, Arkansas Childrens Hospitals security administration team realized they had a challenge with managing data for compliance, as well as maintaining a secure environment. With limited sta and resources, the team needed to nd a way of better managing the dramatically growing logs of data. Arkansas Childrens Hospital recognized that centralizing its log collection without a unifying solution was becoming burdensome in the quest to identify potential o enses on its network. With so many log sources producing disparate silos of information, the security team struggled with correlating meaningful alert information and e ectively identifying potential o enses in real-time.
Prior to implementing QRadar, we were ltering logs from multiple sources through SysLog, which wasnt ideal, said Chris Wilkins, Security Administrator, Arkansas Childrens Hospital. We understood the capabilities a next-generation SIEM product would provide, but we needed to educate ourselves and the management team on the solutions that would make sense for us.

Extracting Intelligence and Helping the Security Administration Team Scale

With the data environment growing daily, it was clear that scale would play an enormous factor in the decision to deploy QRadar, especially where the number of logs was escalating to millions every day. What the team at Arkansas Childrens Hospital found was that QRadar o ered robust integration with so many of todays network and security components so that they could correlate data from all the log-producing sources already deployed.

Q1Labs.com

ARKANSAS CHILDRENS HOSPITAL

World-Class Pediatric Medical Center Centralizes Security and Compliance Management with QRadar SIEM

Part of the decision to deploy the Q1 Labs solution was that our team believed we would extract more intelligence from more components with QRadar, as compared with other market solutions, said Wilkins. Our goal was to centralize the location for where we could correlate logs and event events so we could run reports out of one solution to provide us with the integrated intelligence we have been looking for.

Flow Data Delivers Real-Time Intelligence

By leveraging ow data from QRadar, Arkansas Childrens Hospital is now able to gain deep insight into their network environment that they were unable to with any solution they previously used, or were considering. As we deployed QRadar, I wasnt even aware of the behavioral analysis capabilities in the product, said Wilkins. QRadars behavioral anomaly detection functionality enables us to correlate miscon gured systems and detect malware that we werent previously identifying. For example, this provided us with the ability to detect whether a speci c machine is infected by something like a botnet. As the team continues to scale up their security operations with QRadar, they are able to e ectively streamline their overall security process so they can rely on QRadar to pull the actionable information necessary from logs and events. Centralizing their program through QRadar helps save the time it took pulling logs from multiple sources, as well as event information that a small team could not a ord to spend the manual time analyzing. With a SIEM deployment, being able to collect logs upon deployment was unheard of with any other solution. I didnt have to spend a lot of time or money on professional services to start getting results, and I didnt have to coordinate extensive training for my sta because QRadar is intuitive and is easy to use.

The biggest bene t to deploying QRadar was that after the initial implementation, we were up and running immediately. CHRIS WILKINS, Security Administrator,
Arkansas Childrens Hospital

Q1 Labs 890 Winter Street, Suite 230 Waltham, MA 02451 USA 1.781.250.5800; info@Q1Labs.com www.Q1Labs.com

Copyright 2011 Q1 Labs, Inc. All rights reserved. Q1 Labs, the Q1 Labs logo, Total Security Intelligence, and QRadar are trademarks or registered trademarks of Q1 Labs, Inc. All other company or product names mentioned may be trademarks, registered trademarks, or service marks of their respective holders. The speci cations and information contained herein are subject to change without notice.

ACHCS0611

Q1Labs.com