IBM Security QRadar Reviews

• User behavior analytics.
• Alert features on any suspicious activities.
• It contributes a lot of knowledge towards your network environment.

You can add value once you connect a lot of syslogs of a lot of applications to the actual SIEM product. It pretty much does the monitoring of our network, so just having the tool secures the environment itself.

I don't have any particular suggestions at the moment, but giving the ability to their business users to leverage the functionality well is important. Right now, the way we use it internally is mainly just for our security team, but other products, like Splunk, for instance, do monitoring on not only the network but also monitoring of system performance.

Server performance is important, whether or not the application is up or down or things of that nature.

The product is very stable.

The product is very scalable.

Technical support is good. It's not great, it's good. When you leverage the tier 1 folks just to do some troubleshooting, it takes a bit of time to transition a case over. They could improve that turnaround time, especially when the first level guy doesn't know exactly what's going on or doesn't know the answers to the questions.

I wasn't directly involved in the initial implementation. I wouldn't say it's complex, but I mean just by enabling different data sources, you can go crazy with it and enabling them all in one shot is just too much.

Taking your time is probably a better approach so, that way, things operate smoothly and you can fine-tune things as you start seeing the network activity.

Ensure that it's scalable and that you have good customer support. Also, take your time doing the implementation.

We are implementors and implement this solution for our clients, who use it for analytics. 

It offers good machine learning. The analysis is very helpful. 

The user activity is effectively flagged. It can pinpoint strange activity. 

It is stable and reliable.

The product can scale.

Technical support is good. 

The product can be a bit complex. A lot of things, like visualization, could be better. It would help the customer gain a better understanding. 

I've used the solution for five to six years. I've used it for a while now at this point. 

It is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. I'd rate the stability eight out of ten. 

The solution is scalable. It can handle thousands of users or maybe even more. I'd rate the scalability nine out of ten. 

We mostly deal with small or medium enterprises. 

Most of the time, technical support is helpful. I am satisfied with the level of service we receive. 

Positive

It is easy to implement. I'd rate the ease of implementation seven out of ten. 

The deployment only takes no more than a few hours. There are configurations and fine-tuning that have to happen after that, and everything could take about a week. 

As implementors, we can implement the solution for our clients. 

The pricing is reasonable. It's not expensive compared to other solutions. If you get the console and other licenses, you can easily use it with other QRadar solutions. 

New clients should know that it does give good analytics and it will help them save time.

I'd rate the solution seven out of ten. It's a good product.

Our primary use case is logging for any anomalous traffic in terms of access times and deviations when users are in different groups within the AD. When a user deviates from their functionality, it's flagged in the UBA and for VPN traffic. I also use it for geolocation functionality. We are partners of IBM and I'm a system engineer. 

The timeline and the machine learning features are great at quickly flagging users who have either left the organization or have dormant accounts. The way that the app has transformed over time is quite phenomenal. One of the major improvements is its capacity for creating machine models. It comes with 16 default machine learning models, where it tracks user activity and changes in profiles and authentications. There are various default machine learning models and I'm able to model those to parameters that suit my needs. It's great that I'm able to implement an unlimited number of use cases on the UBA, putting in as many different kinds of logic as I want. It's a big advantage. 

I'd like to see improved support from the vendor. In addition there are things that are not documented on the IBM site. If you'd like to do something at a high level, the information is not available in the documentation and you have to find it elsewhere. 

I've been using this solution for five years. 

The solution has never crashed or failed, it's stable. 

We haven't tested scalability and currently have around 100 users. I'm responsible for maintenance.

The customer support is helpful but that's more about it being a good solution. 

The initial setup is straightforward, it's just a download and it installs. It's a matter of configuring a few parameters in terms of tweaking the thresholds that you want the app to fire in on. Installing takes a few seconds, but in terms of letting it land so that you can tweak it and tune the various metrics, takes about a week. 

This is a free solution which is one of the main reasons we chose it. It's just a matter of getting a license for the curator as a platform.

I recommend this solution and rate it seven out of 10. 

We are a solution provider and QRadar is one of the products that we implement for our customers.

The majority of our clients for IBM products are financial institutions. By law, to be compliant, they are only allowed to run the current version of any solutions that have been procured. Specifically for our area, all of the financial institutions such as banks are mandated to use the latest version.

The use cases include the logging and reporting of servers. These are typically operations servers and critical servers. You can also use it to monitor network devices such as switches, routers, and firewalls.

Endpoints are not included for most of the clients.

The most valuable feature is the integration with the GRD, for banking.

The advanced planning management (APM) features should be included. We are facing an issue where many of the software houses in Pakistan have developed their own in-house. They have integrated the APM tool with their monitoring solution. This feature is attracting clients and I think that it should be included.

We have not faced any issues in terms of stability.

This is a scalable product. 

The support from IBM is okay. I would rate them a four out of five.

The initial setup is not very complex. My team has hands-on experience with the product, which is perhaps why they do not complain about its complexity.

The distributor helped us a lot, which is something that we appreciate.

We implement this product for our clients.

There are competing products but IBM is a well-known brand so for the most part, we offer IBM QRadar to our clients.

Overall, IBM QRadar is very good but no product is perfect.

I would rate this solution a nine out of ten.

We are users and implementers of this solution. 

I like the new dashboard which enables us to understand how many real threat attempts are made in a day. I also like the QRadar incident response, we installed the QIF last week. The solution has improved visibility so that we've been able to discover that some of our customers have not had any protection and were very vulnerable. It's an important area. I also find that the user behavior analysis is relatively simple. We are customers of QRadar. 

I think the user management model is very detailed but you really have to know what you're doing just to be able to manage things. I think the solution lacks some maturity. When you put it in a large organization as a security system or a cybersecurity system and you want to enable automation, it's difficult to get that level of maturity. 

We've been using this solution for about 18 months.

The solution is stable. 

The solution is scalable. We have a total of 19 users in the company. The solution is used extensively and we plan to increase the number of users. 

The technical support could be better. I'd rather work with my implementing expert and not the OEM. Although they have the expertise, the development guys are very slow.

We tested a few other solutions including AlienVault, Splunk, Micro Focus, and Outside. QRadar was the best of the breed for our needs and for a big system like ours, it's less complex than Splunk or Outside. 

The initial setup is complex. Theory is one thing and practice is another. We had to go back and forth with IBM just to find the relevant versions with the relevant operating system to sit on the relevant virtual environment. Then we found a few bugs. We are in a production system in a very big organization so deployment was carried out in stages. It took about a month in total to get things working and to start collecting logs. We had help from IBM Azure.
Maintenance is required, you have to watch it, and work on it on a daily basis. 

We pay an annual license fee. On top of that, every model adds to the cost. It's not just the license; the sales people want you to think you're only paying for certain things but we know how it works. 

The pre-design and the low-level design should be very, very, specific. It's important to check that the compatibility is there. If not, neither IBM nor OEM will support you.

I would rate the solution more highly but it's very expensive and given the high cost, I would expect quicker and better service from the OEM so I rate the solution seven out of 10. 

It is suitable for large companies with critical infrastructure. For our clients, robustness, availability at a high level, and the level of references and experiences connected to the solution are important. They need to know that other energy players are also using it.

There should be easier and wider integration opportunities. There should be more 
opportunities for integration with CTI info sharing areas. On platforms where you exchange CTI, there should be more visibility connected to what we share, what we can reach, or what options are connected to CTI info sharing. This is one area where they could add value because we cannot integrate it easily with QRadar. If a client has a legacy or already existing solutions for CTI, we cannot ask them to forget it because we cannot guarantee that QRadar is able to deliver everything connected to this area. 

I have been using this solution for three years.

We have five to ten customers of this solution. My impression is that it can cost a lot to scale upwards. It didn't bother us in most cases, but that could be a problem for SMEs at times.

Their support during the operation seems fine. I'm a consultant, and very often, I am offsite. I am not there when clients get into operating QRadar in the long run. So, I know more about implementation than the operation itself.

It requires expertise. If you have the right personnel, you can manage. It wouldn't be easy for a client and admins to set it up without proper support or support from QRadar itself.

Setting it up requires an assistant like us. QRadar plays a role there, but that's not enough. There is also the language barrier. Not every Hungarian company is good in English, and IBM naturally doesn't have full Hungarian support.

It requires cooperation between clients and us. Typically, we send a team of five people that includes tech guys, a project manager, and maybe one process guy, if needed. Generally, you don't have 360-degree professionals, so you have someone good in networking, someone good in log management or log analysis, and so on. Because of that, we need this kind of team. 

The client also has a few people. Typically, we send in more people than the client. These are not full-time people on our side and client-side. 

It could be cheaper, but the value itself is far more important for us than the price. Typically, our clients have yearly subscriptions.

I don't know what I would recommend for SMEs because we never worked with SMEs, but I would be very careful in recommending QRadar for SMEs. 

I would rate IBM QRadar a nine out of 10.

We mostly use the product for PCI compliance.

We pay a little bit extra for Watson, and the Watson feature enables the analyst to go through and triage things much faster. It's quite useful for us and worth the smaller extra bit of money.

The solution is quite flexible.

We enjoy the fact that it is cloud-based.

The initial setup was very straightforward.

The solution is very scalable.

We've found the stability to be mostly very good.

Technical support really needs to be improved. Right now, they aren't where they need to be at all.

The solution is very expensive. We'd appreciate the product more if it came at a lower price point.

It is generally very stable. We've had odd little breakages, however, generally, nothing major has gone wrong. The performance is good. It's a reliable product.

The scalability aspect of the product is very good. That was one of the reasons that we bought it. If a company needs to expand it, it can do so with relative ease. It's not hard.

Currently, all the members of the tech ops team use the product, and there are five of them.

We may not increase usage; we may switch to something else. That has yet to be determined. It's not set in stone.

We've used technical support in the past and we haven't been satisfied with the level of service on offer.

Trying to get answers out of IBM is like trying to get blood out of a stone. They need to be more helpful and responsive. Right now, they aren't either of those things.

The initial setup was not difficult or complex. It was very straightforward. A company should have too much trouble with the process.

The deployment process was very, very quick as well. There is a collector deployed on our network. We spun that out. You point your log sources at it, you point it at some IP addresses that IBM gives you, and it just works.

We did not use an integrator or consultant for the deployment. We handled it ourselves, with our own staff. Everything was done in-house.

The product is not a cheap solution. it's quite expensive.

We do also pay more in order to use Watson.

We're currently evaluating other options to see if we want to switch off of this product in the future. Nothing has been decided. I'm currently doing some preliminary research. We're always looking for solutions that are better or cheaper.

We are just a customer and end-users. We don't have a business relationship with IBM.

We are using the latest version of the solution, as we have the cloud version of the product. Whatever the latest version is, IBM upgrades it automatically. We don't need to worry about that on our end.

In general, I would rate the solution at a seven out of ten. If it were cheaper it might rate a bit higher, however, for the most part, it does what we need it to do.

We are a telecom company, and we use it for IT systems, for telecom systems and on various different levels of applications. We use it for web servers, routers, firewalls, and other security components. Our SIEM solution serves technical and non technical business units including customer care, engineering, revenue assurance, and anti fraud. 

Instant continuous monitoring so that we can take action immediately and be proactive as much as possible with handling hacking and attacking attempts. Also, It has improved comprehensive visibility for what is going on in the perimeters, and on the inside, as well. We also use it for testing our controls if it is performing well or not. We can say that the visibility, monitoring, testing and reliability of our controls is all assisted by this solution. The most important benefit we get is from the SIEM solution.

The most valuable features are the diversity of logs type that enable us to monitors what is going on from different perspectives and reduces the likelihood that we will miss important attempts. There are different events and flows, and there is diversity from getting the information from different sources. We can also see that there are no false positives. It is well-tuned and the rules are covering everything that we need.

There are some weaknesses with the QRadar Risk Manager. It has some weaknesses because of the connectivity with other vendors. It is limited. There are some vendors that you cannot connect QRadar Risk Manager with, so we you cannot get the maximum benefit of the product.

It is very stable. We have not faced interruptions in the past four and a half years.

It's great! This is one of the major features of the solution.

Technical support is good, but not great. 

It was straightforward, but we had to do some customization. 

When choosing a vendor, we always consider:

• Scalability
• Diversity of Connecting Systems
• Storage

We considered another solution from HP and ArcSight.