IBM Security QRadar Reviews

I deploy the IBM QRadar for many organizations, and I've been performing analyses for those organizations as well.

These organizations use the tool for monitoring of their environment. It's a basic SIEM product. So we just log each and every data source, perform an analysis, and create rules. We also create advanced use cases to cater the advanced threat(s).

I am unable to pick one, every component is valuable. It is a very good SIEM.

I would like for Yara to be supported by all components. 

I have been working with this product for the last five years.

I think it's a very stable product that provides much more visibility than the other product.

You can scale the architecture of the QRadar easily by adding licenses.

Small to medium-sized organizations would require one to two people for maintenance while man power for large organizations would be determined by the architecture. 

Customer support needs some improvement as there have been a few cases where we were unable to reach them in time.

I didn't find it to be complex. I think IBM QRadar has a more user-friendly GUI that helps your team work easily within it. Deployment for an all in one will take four to five hours but can vary depending on environment size.

Our in-house team assists our customers with deployment. Our customers are the main POC and we are able to deploy into their environment, make necessary integrations, and create the rules.

Licensing can be costly depending on your architecture.

You receive alerts for misconfigurations which allows your administer to easily reconfigure any issues. 

The organizations themselves are able to monitor all of their information regarding their team including what attacks they are facing on a daily bases.

I would rate this an eight out of ten.

IBM QRadar is used to help our customers collect information. It collects the information from other tools on the firewall, network devices, cyber tools with both Carbon Black, Cortex, Cynet, and Darktrace.

It's a complete platform.

The interface is good.

They have more than 100 features.

It is not easy to use.

The updates are not very easy. It is very complex. I would like to see the update process simplified.

When I said "it is not easy to use", I mean that QRadar is not for beginners.
Needs high competence and skyll to use it in a satisfactory way to really help customers.
The complexity is not a flaw, but it si a necessary quality for QRadar to be a truly effective tool in a Cyber environement.

We have used IBM QRadar within the last twelve months.

IBM QRadar is a stable solution.

It's a scalable platform.

Technical support is good.

Positive

Pricing is good.

I would rate IBM QRadar an eight out of ten.

We primarily use QRadar for monitoring and preparing use cases. 

This solution is deployed on-prem. 

The most important and valuable feature of QRadar is how useful it is for preparing use cases. It's also easy to use. 

The GUI of QRadar should be improved. 

I have been using IBM QRadar for one year. 

QRadar is stable. 

This solution is scalable. 

I have contacted IBM's technical support—it was great. They are very knowledgeable. 

QRadar is very easy to install, and I can do it myself. The time period will depend on the organization itself, since it depends on the environment and the number of servers and endpoints. 

I implemented this solution myself. 

I pay for licensing yearly. 

I also evaluated a lot of SIEM solutions, but I like LogRhythm and QRadar. 

I rate QRadar an eight out of ten. I would recommend QRadar, as well as LogRhythm, to others considering implementation. 

We use IBM QRadar for user behavior analytics and incident handling.

The features that I have found most valuable are that it is very stable, easy to get going, and easy to manage. It is also easy to review all incidents.

The only problem is that if you have too many events that occur, then the storage capacity becomes a problem. We would need to increase the storage capacity.

I have been using IBM QRadar for four years.

We have three customers using it and these customers have 100 to 300 users.

Getting support sometimes takes time.

The initial setup was quite straightforward.

We had the complete deployment and it was up and running in half a day.

You can implement it by yourself.

I would recommend IBM QRadar to other people who want to start using it.

On a scale of one to ten, I would give QRadar a nine.

I use IBM QRadar for user behavior analytics, and mostly incident handling.

The solution is easy to use, manage, and review all incidents.

If you have too many events that occur, then the storage capacity becomes a problem. You need to have more storage.

I have been using IBM QRadar for approximately four years.

The solution is very stable.

We have approximately three customers and the total users that are using it would be approximately 200.

The initial installation was straightforward, we were able to have it running in half a day.

I do the implementation and maintenance of the solution.

There are different types of subscriptions available. We were on an annual subscription, but our customers typically choose the two years subscription option.

I would recommend this solution to others.

I rate IBM QRadar a nine out of ten.

The main tool for this operation center for collectings events from different devices, whatever server or network devices, such as switches and routers. It handles anything related to data that can be harmful related to security. Those events can be mapped to promote the threat, it creates another event for promoted threats.

We are a service provider and we provide services to our customers. We use IBM QRadar for many types of businesses, such as banks and telecom. It has a good reputation.

IBM QRadar has a margin for development, for out-of-the-box use cases. It can be enhanced with better support and automate the use cases for that.

I have been using IBM QRadar for approximately two years.

I have found IBM QRadar to be stable.

IBM QRadar is scalable.

The technical support of IBM QRadar is good.

IBM QRadar is the best SAN solution we have used compared to the others.

We manage the installation of the solution. It is not something difficult, it is reasonable. It is not that easy for anyone to do, it needs a technical team.

The implementation needs a technical team and we have two engineers for the implementation and maintenance.

There is a license to use this solution, which is paid annually. However, there are subscription options available.

I recommend this solution to others.

I rate IBM QRadar an eight out of ten.

We use this solution both in our company and those of our clients. We are resellers of QRadar. 

Curator is the leader of teams in the market. It's a product with plenty of features and capabilities. It's a very powerful solution.

The usability of interfaces could be improved and the solution could have better correlation services, as well as faster and updated intelligence interfaces.

I've been using this solution for five years. 

The solution is stable. 

The solution is scalable. 

Technical support has room for improvement.

The initial setup is easy.

Licensing costs are reasonable.

I rate the solution nine out of 10. 

This is a solution you use when you have many security products that you want to manage in one monitor, one analytic. We are partners with IBM and provide implementation services to our customers. I'm a solution security architect.

The most valuable feature is that it can analyze event logs, event security, and give a good consult. When you have SIEM, you can easily manage with one single monitor. QRadar can do a lot of analyses of every security product and will let us know what needs to be done to the log. Sometimes we need security orchestration automated response to support the SOC team.

The concern with QRadar is that there are so many features in the dashboard, too many menus that require going to two or three sub-monitors to enter the QRadar. The user interface is good but there are so many features that can be confusing for the administrator. It could be simplified. 

I've been using this solution for a year. 

I think that QRadar is stable, but I've never worked with other solutions in this area and I have nothing to compare it to. It has dedicated machines and offers great performance. 

The scalability is easy but it comes at a high price.

IBM in Indonesia provides great support.

The initial setup is complex if the data set is large. It really depends on that. We provide maintenance services to our clients so that if they have any trouble, we assist with troubleshooting.

SIEM is quite a pricey solution so we only offer it to enterprise companies that can pay the fees. For smaller companies, it's an extremely expensive product. 

I recommend this solution because I think they provide great support from the sales and technical perspective.

I rate the solution nine out of 10.