IBM Security QRadar Reviews

We are using IBM QRadar for log reviews, particularly logs that come and go from the IPS, firewall, etc.

We have different dashboards for different technologies such as our firewall, IPS, and domains for our main website, so we use IBM QRadar to observe the logs from our website, and we try to make internal and external connections for better domain security.

The best feature of IBM QRadar is visualization which shows you when there's a spike in the system, and this makes you realize that there's something wrong with the log.

IBM QRadar has outdated technology, and this is its area for improvement. When you try to implement an analytic expression, it's not updated. The solution doesn't support newer technologies, and it doesn't update regularly. For example, around the world, others implement new technologies, while IBM updates later than others.

There isn't any additional feature I'd like added to IBM QRadar at this point because it's sufficient for visualizing the logs.

I've been with the company for one and a half months, and I've been using IBM QRadar almost daily, but the solution was deployed five or six months ago.

IBM QRadar is a stable solution.

IBM QRadar is a scalable solution. My company currently has seven to eight different accounts on IBM QRadar, so it's a scalable technology. It has no problems with scalability.

I didn't have any problems with IBM QRadar, so I never contacted the technical support team.

I'm assuming that the main reason my company chose IBM QRadar is that IBM is one of the biggest tech companies in the world, so IBM products would be more secure and more reliable than other solutions.

As I didn't set up or deploy IBM QRadar, I have no information on whether it was easy or complex to set up.

I have no information about the licensing costs of IBM QRadar, and whether or not it requires a license.

I'm an intern at one of the biggest telecommunication companies, and my company uses IBM QRadar.

My advice if you want to use IBM QRadar is that you should use it because it's very scalable and it's easy to use. The solution also has many dashboards, and you don't have to write any code or write different scripts to get the information you need. You can do it from the UI of IBM QRadar. The only room for improvement in the solution is that it doesn't support newer technologies, and it's late when it comes to updates.

I'm rating IBM QRadar nine out of ten because my experience with it has been excellent. The only downside to it is that IBM is late with adding new features or supporting new technologies compared to its competitors.

My company is an IBM QRadar customer.

We are using it for visibility and compliance.

The visibility it gives you into your infrastructure has been great.

The notifications it provides offer valuable information when something is happening in your blind spot.

The AI engine could be smarter. 

It is a bit expensive. 

I've used the solution for about three years. 

The solution is stable. I'd rate it five out of five. It's very reliable. There are no bugs or glitches. It doesn't crash or freeze. 

The solution scales well, and it's easy to do. I'd rate it five out of five in terms of the ease of scalability. 

We have a lot of users on the solution currently. We have customers on the product as well. There are likely more than 500 users inside and outside the organization. 

Support has been helpful and responsive. There may sometimes be a delay. However, they do get you the information you need. 

Positive

We've only ever used IBM. 

The setup is a bit complex. I'd rate it two out of five in terms of ease of deployment. It took us a week to get everything up and running. 

We had two engineers working on deployment and maintenance. 

We handled the solution in-house. We did not need outside assistance. 

We've seen a good ROI. I'd give it a five out of five. 

It's a bit pricey as a product. I'd rate it a two out of five, with five being the most affordable. It depends on what you buy; the longer you use it, the better the cost. It's an all-inclusive license. You don't need to pay for extra features. 

We did look at a few other options. 

We use the solution inside our organization. Our clients use it too. We are a premium partner in our region. 

We're using the latest version of the solution.

I'd rate the solution nine out of ten. It really provides good visibility.

QRadar UBA's most valuable feature is the risk rating of users depending on their behavior.

QRadar UBA only keeps the data for a short while (it's refreshed every five minutes) and would be improved if this were extended to a week or month. In the next release, I would like to be able to do a historical search of user scores.

I've been using QRadar UBA for two and a half years.

QRadar UBA is quite stable.

QRadar UBA's price is a little more than street price and could be reduced.

I would rate QRadar UBA seven out of ten.

First, I used the manual to learn, then I tried to merge it with my company's needs, and there weren't any problems.

I like the graphical interface. It's so good and easy.

Integration could be better. They should make it easy to integrate with other solutions. 

I have been using IBM QRadar Advisor with Watson for three or four years.

IBM QRadar Advisor with Watson is a stable solution.

I think IBM QRadar Advisor with Watson is scalable.

We didn't use technical support as the community was very helpful.

The initial setup was difficult the first time, but it got easier after that.

I think my company pays for the license yearly.

I would advise potential users to read the manual or the workbook before going forward with the deployment. Try to match the requirements with the company's needs to avoid facing issues in the future. But if you get stuck, you can always ask the community for help.

On a scale from one to ten, I would give IBM QRadar Advisor with Watson a nine.

IBM Qradar's ability to simplify the number of events, not only on a technical level but by making that information easy to pan through the orchestration deduplication. It is very impressive given that we have hundreds of devices that send event logs through.

IBM Qradar could improve the reporting. The tool is not designed to report. It's a great operational monitoring tool. You put it on a screen and you watch it. If you want to have analytics out of it, that's a whole different story. You're going to need more people and tools. What should be added is reporting and integration into Power BI, into some capability that produces analytical reports from the source data. IBM does not seem to care to add these features.

I have been using IBM QRadar for approximately 10 years.

The stability of IBM Qradar is good.

IBM Qradar is a scalable solution.

The technical support from IBM Qradar could improve.

I rate the support from IBM Qradar a two out of ten.

The initial setup of IBM Qradar is difficult, you need to know what you are doing to be able to complete the task. It is not easy.

We used three to four specialists to do the implementation depending on how many integration levels you're going to have. If you're managing the flows and going to be managing applications, logical access, patch management, vulnerability management then it can take more time and more people. It depends on the scale that you want to integrate. 

IBM Qradar doesn't come ready for plug and play, for your APIs, integration, and all the other elements you will need a person that knows how to do the IBM QRadar setup. From that perspective, you need to make sure that integration points to the license keys, for validation, and that can be a different challenge if it doesn't work.

My advice to others is they have to have IBM Qradar set for purpose and it depends on the role that you see your SIEM solution playing in the company. If you're offering it as a service to other companies, or you're an IT service provider or security solution provider, then yes, you probably need an enterprise base that is scalable but not with smaller enterprises.

I do think the IoT component of IBM Qradar is lacking. IBM tried and IoT is not specifically aimed at only cameras or what I call physical access points, integration into what I call scale technology. They are areas that would depend on each business to map out what the requirements are. This is not a McAfee endpoint or a Symantec endpoint device that gives you an alert.

There is more competition and innovative application development in this area we've seen in the last few years.

I rate IBM Qradar a seven out of ten.

IBM QRadar Advisor with Watson is aligned with regards to what's happening in the public space in terms of the Phishing attacks that we are seeing prevalent in the market. In the campaigns that which hackers are trying to obtain information, the use cases are very practical. The solution offers quite a bit of protection.  

IBM QRadar Advisor with Watson could be more user-friendly. You need some skills and understanding of what you're looking at, especially if you're going to draw down specific information.

Massive improvement is required in reporting. IBM QRadar Advisor with Watson is not a tool that is known for its reporting capability. It's a highly operational tool that you use for monitoring, you can sit and you can watch your alerts, whether it's flows or EPS, and you set up your playbooks directly. It is not a reporting tool. It is the worst possible tool to ever expect any reporting. It's unfortunate it's not a great reporting tool.

In a future release, there could be a bit more intelligence in terms of predictive accuracy and overall predictions. I haven't been too close in the last two, three, or four months, but I certainly would expect that their technology would be simplified to provide predictive analytics as opposed to retrospective looking back and analyzing past historic data.

I have been using IBM QRadar Advisor with Watson for approximately 10 years.

IBM QRadar Advisor with Watson is a stable solution.

IBM QRadar Advisor with Watson is best suited for large enterprises.

The support from IBM is not great at all. They can offer much better aftermarket support. They don't respond in a timely manner and it's such a challenge to have IBM respond. You have to follow their due diligence process when logging a call on their portal, you need access to their portal, and you have to provide detailed logs, et cetera. If their problem is always about integration, they have to get to the vendors. They can always enhance their support.

I would rate the support from IBM QRadar Advisor with Watson a two out of five.

They do respond but it depends on many factors, such as urgency. When we had an issue with Microsoft integration it took us six weeks to have a solution to the problem.

IBM QRadar Advisor with Watson's initial setup is not straightforward. You have to set up your network infrastructure, IP range, and firewalls, and make sure everything is secure. There's nothing easy about that.

You need application and hardware leads, firewall administrators, network engineers, and server administrators to complete the implementation.

My advice to others is to shop around because IBM QRadar Advisor with Watson is not for small enterprises, it's aimed at your larger environments that have a multitude of infrastructure and networks that are hybrid across different environments. It integrates into quite a few tools, such as your email system, and file systems. 

This tool is not for everybody. IBM doesn't have the sort of tool that helps a five, ten, or twenty user environment. This is not advisable to go and invest in the solution. There are other tools that you could possibly look at that do probably some of the functions in terms of monitoring your playbooks and integration points that are a little bit easier to map to. However, that is not a tool for every organization out there. The solution is targeting major enterprises.

I rate IBM QRadar Advisor with Watson a seven out of ten.

There are quite a few areas they could improve, such as they have a lot of technical manual configs and orchestration could be better.

I think this is a good product for enterprises because of the performance and out-of-the-box rules and use cases. If they want to reach the maturity level early, they can use these out-of-the-box rules and use cases. That will help them a lot.

IBM QRadar User Behavior Analytics is good, but I think the functionality should be much more integrated. You should have easy access to the artifacts if you are doing a particular investigation. It's good, but other team solutions like LogRhythm are actually merging the functionality. So, I think that is something IBM can work on. 

We have been using IBM QRadar User Behavior Analytics for about four years.

Stability is good, but the investigation system should be better.

IBM QRadar User Behavior Analytics is scalable. You have the EPS and closed license. I think scalability is not an issue because it is available on both the hardware and the software. You can install the software plans if you want, and there is also a hardware plan.

Their technical support is good. I have not faced any issues before, and the technical support is good.

I will recommend this solution to potential users.

On a scale from one to ten, I would give IBM QRadar User Behavior Analytics a seven. 

I am an integrator of this solution, my customers use this as a SIEM solution for log management.

This solution has excellent security analytics.

I think that the search speed of this solution could be improved.

This is a scalable solution, we have customers who have scaled.  

The initial setup is very easy and takes just one day.

I would recommend this solution to everyone considering using it.

I would rate this solution a nine out of ten.