IBM Security QRadar Reviews

We work with it in the banking sector. We had torrent limitations and big banks could join them. It has performed well. However, the limitation is not easy, so the product is not easy.

You cannot get the real value of the product unless you combine it with the other products from IBM, like BigFix, the full integration of Vulnerability Management, and so on. 

The product is great. It does good correlation for events. It does good general analysis, and it has good apps as well.

• The artificial intelligence ease of integration; it has a good integration with the artificial intelligence engine of Watson.
• There is good collaboration between IBM Cloud and all IBM customers. 

The implementation and configuration are not easy.

We would like to see user behavior analysis in the next release. IBM claims they have this feature, but I do not see it as mature as in Splunk. 

The stability of the solution is great.

Technically, there are no scalability issues.

Support is good. The technical engineers seem they know what they are doing. Though, the escalation response is bad. An escalation takes time, because the response time is not as fast as it should be.

The implementation is complex.

It is expensive. It is not a product that I can provide for SMBs. It is a program that I can only provide for really large enterprises.

Also, the maintenance costs are high.

IBM needs to invest more into the collaboration with other vendors.

If you want to go to IBM, do not just go for QRadar. You need QRadar and all the products that surround QRadar, especially BigFix, because the product is ten times stronger with it.

Most important criteria when selecting a vendor: 

• The technical features of the solution.
• The people in my region at the vendor.
• The perspective of the project manager on the customer side.
• Data involved and time of the implementation. 
• The needs of the customer.
• The cost of the project.
• Training involved.

It gives me insight and visibility, so I can detect a threat coming in and all the offenses are coming in from monitoring one spot.

We're centralizing all the logs in one location. So, if you have an incident, you can definitely discover it fairly quickly, as it's in one database. In general terms, if you have any botnets or malware, you identify and mitigate it fairly quickly.

The biggest challenge is in the upgrade, e.g., when it comes down to a new OS, you have to wipe it clean and reset everything. It takes time when you have 40-50 devices all over the place. It's impossible sometimes to go out and touch every single one of them. So, then, if it's an automatic process, you can upgrade to the new version in just point and click. However, that's not the case right now.

WinCollect is a challenge also, and I'd highly recommend that the Q1 team should build a lot of Windows-based collectors that simply work. Just like the competitor, Spunk, when you put it in, you don't have to do too much modifications. So, that's a challenge right now.

The environment is pretty stable. We just upgraded about a year ago, so it's pretty robust in the environment that we have. It's working really well for us, we've been using it for about 10+ years. We bought it before IBM purchased them.

We interact with IBM regularly, so we have a direct tie with them. We're almost like a partner, right now, and we are working very well together.

The technical support is pretty good, i.e., if you get the right person in, it moves pretty fast and issues are resolved fairly quickly. But, you just need to find the right person, which can be a little difficult sometimes.

The setup is very complex; it's not like somebody can walk in and build it. It requires many years of experience to manage and maintain it. You need to have at least an experienced and dedicated team, in order to maintain the environment that we have. It's nothing like a click-and-done type; it requires a lot of care and feeding to manage the environment.

It's a very solid product. However, there are a lot of things that can be improved.

Definitely get a team or hire a professional to install this product. Otherwise, I guarantee you're not going to be successful. There is a lot of filtering that needs to be done; otherwise, you are going to get overwhelmed with the events coming in and will have no idea, as to what is right and wrong. You definitely want to hire a trained team or some professionals.

The price is the most important criteria when selecting a vendor. Other factors such as the quality of the product, PoC, how well the team interacts and the support, are always important.

I am currently working in the Brazilian operation of my company. I have a project in the airline industry in Brazil. This project improves the correlation of logs. There is another company I ticket to improve the solution, they have chosen to correlate the logs. We have SOC, Security Operation Center in Brazil, with 53 employees. We developed all these solutions in Brazil and it is in operation in 34 countries. 

Overall a great solution.

There needs to be better integration with other applications.

We have approximately 40 users using the solution.

The technical support is good.

The installation is complex.

We do the deployment for the solution.

I rate IBM QRadar a ten out of ten.

We primarily use the solution to develop software, for some device controllers.

The solution is relatively easy to use.

The product helps increase development speed.

The customization is very good, as are the dashboards and the security.

I'm not sure if there are any features missing from the solution. It's pretty complete.

The pricing of the solution is a bit high. If they could lower it, that would be ideal.

I've been using the solution for three years or so at this point. It hasn't been too long.

The solution is quite stable. It doesn't have bugs or glitches. It doesn't crash on me or freeze. It's reliable.

I only really use the solution myself. I can't speak to the scalability of the solution.

I've never had to reach out to technical support. I can't speak to their responsiveness or knowledgeability.

The initial setup was not complex at all. It's pretty straightforward and simple. We didn't face any real issues during the deployment process.

The price can be expensive, however, it's all relative, as it helps speed up development, which can save money for the organization. 

The payments for the product are made on a yearly basis.

I'm using the latest version of the solution. I'm the only user and I use the desktop version of the solution. I'm basically using it because it's here and I have access to it.

I would recommend the solution to other organizations, however, if it is right for them depends on their need.

Overall, on a scale from one to ten, I'd rate the product at an eight. We've mostly been pretty satisfied with it.

User Behavior Analytics is a part of IBM QRadar. It's a kind of application that can be installed over IBM QRadar SIEM. The primary use case is to detect user behavior anomalies, and through these anomalies, detect and better understand different threats and attacks.

The feature that I find the most useful is that IBM QRadar User Behavior Analytics is free of charge. It's a fully free product that can be installed on top of IBM QRadar SIEM.

The user interface and configurability of IBM QRadar User Behavior Analytics can be improved. It has a lot of pre-configured settings and not many things can be changed.

It also needs more integrations. Currently, User Behavior Analytics is integrated only with IBM QRadar. It could have deeper integrations. 

It can also have more complicated scoring models. Currently, it has a very simple linear scoring model for users.

I have been using this solution for about two years. We implement this solution as well as do demonstrations. We are also using it.

It's quite stable. 

It could be quite scalable, but it is not so easy to use when you have a lot of users. Because of the user interface shortcomings, it's not so useful when you have thousands of users. 

The second line of support is quite inexperienced in User Behavior Analytics, and they rarely are able to help. We had several serious issues with this product, which made it impossible to use for a customer. We had to spend a lot of time in finding the right person to help us in resolving the issues.

The initial setup is really straightforward. IBM QRadar User Behavior Analytics is very easy to deploy. Usually, if someone has already installed QRadar SIEM, then deploying User Behavior Analytics takes two to three hours.

It's free of charge.

I like IBM QRadar User Behavior Analytics. I would rate it an eight of ten. It still needs a lot of improvement, but its main advantage is that it's fully integrated with a SIEM system, and it's free of charge.

Our primary use case with IBM QRadar User Behavior Analytics is seeing if there are log-ins from the same ID's but from different locations, this is one use case. Or if MAC addresses keep changing, this is another use case. Lastly, if the risk level is high, like with different IP's. These are the three use cases we have.

I really like the feature we have with the logs, that if there are any credit card numbers  being used, like a PII, you can just use rejects and you can mask it. This is a really good feature in QRadar.

In terms of what could be improved, it would be easier if you didn't have to long escape for a bar sync. If you have to, the logs are not automatically barred, so you have to guide the whole atmosphere.

Additionally, there should be integration with IBM Guardian. 

Lastly, there should be an extension where we can get the reports. This could be an extension to the dashboard with the Guardian or another product with limited technology, for example IPS. Now, we only have IBM. Basically, it needs more and more integration models.

I have been using IBM QRadar User Behavior Analytics for a month or two.

In terms of stability, in my current company, QRadar is working fine. But in my previous organization that was using QRadar, we experienced some QRadar failures. There were two or three times the data was wiped out instead of transferring to EGA and we had to restart QRadar from scratch and all the data was lost. It happened a lot. Maybe it was due to lack of management since it was a new company.

We do have experience with support. We get support from the IBM people in Karachi, Pakistan.

They're good.

The initial setup was really easy, it was really straightforward. I got it done in one day.

What advice would I give? I want the certification to be very honest. I typically like the hands-on with QRadar, they're quite different.

On a scale of one to ten, I would rate IBM QRadar User Behavior Analytics a seven.

I have used other solutions, like LogRhythm, for a few use cases like ransomware detection, etc.. and there were less false positives there. With the ransomware especially, it was very thin there. We actually have very few use cases and there were lots of false positives with QRradar. If I compare the AI function and the logarithms I think it needs some improvement. 

It is a complex product compared to LogRhythm.

We use IBM QRadar for monitoring user behavior in order to baseline the user activity. Then we print use cases around those behaviors to see if anything stands out. We can then see if something is going wrong in the enrollment from a user activity point of view.

In terms of valuable features, QRadar shows very effective correlations. If you combine all the logins plus user behavior and the current intelligence, it give a very good correlation for business. I think it reduces the false positives in user activity monitoring because we have a lot of social information to correlate with other data.

From a functionality point of view, there are issues sometimes. There is a component in QRadar where all these certifications need to be installed, like a UPN. Sometimes we experience functionality issues where the logging, indexing, and searching were not working. I have personally seen it misbehaving. Sometimes we need to restart it. In some cases when it was malfunctioning we needed to contact support to resolve the issue. I don't see any issues in the integration model with a UPN from a usability point of view, but with functionally you can experience a lot of issues.

I have been working with IBM QRadar User Behavior Analytics for two years.

I have not seen any issues with the stability of the solution either.

I have not seen any issues with the scalability of the solution

The technical support is fine now. I was not happy with the support when we started with this solution in 2017. If you look at that first year, 2017 to 2018, they had lots of support issues. We logged the cases and they would only call us back depending on their resources. There were no options to call them on a landline or a hotline number. They needed improvement there. They should have had a dedicated support response. Over the last year I have seen an improvement. I used to wait for a week to get a call back from them, but now, when you have critical tickets they will respond in two or three hours, depending on the criticality of your support case. They have improved.

The initial setup was neither straightforward nor too complex. It did take some effort to implement, but it was manageable. We did not see any issues implementing it. We actually completed it in three to six months. When we initially implemented it we used some fresh use cases and observed the performance but these were all completed in three to six months. The initial deployment took hardly one week.

Regarding the price, it is a bit high for normal customers. It is better for enterprise-class customers where they get a licensing model for MSSP for enterprises.

We are a service provider company, so our recommendations depend on the customer's preference. The best we can do is propose the solution based on support, pricing, and their requirements.

Our customers are satisfied with the product and they are not looking for anything else. I would recommend the product.

On a scale of one to ten I would rate IBM QRadar User Behavior Analytics a seven.

I'm the technical consultant here at ActivEdge Technologies. Our primary use case for this solution is for Security Intelligence and Event Monitoring (SIEM) p. We provide protection services models for an organization's networks through a sophisticated technology which permits a proactive security posture. We have a business relationship with IBM QRadar as well as being a partner. We are a partner and we also use this feature. It's an integrated solution. We design it to be compatible with our client's network devices to maintain real-time monitoring through a centralized console. Our clients rely on us to create value.

QRadar has significantly improved our security. It has reduced threats considerably. The solution provides increased visibility along with actionable intelligence. We are looking into implementing it to proactively take steps to prevent or reduce the attacks.

The most valuable features would have to be the products' ability to customize vulnerability management settings and the ability to customize integration functions.

I can't see any need for service improvements because I feel it's easy to use and very functional as it is. There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place.

It's very stable. We never need much help with that.

The solution is very scalable; it's designed to be, it's distributed architecture. It's entirely scalable.

Currently, there are five domain users working with this solution. We don't have visibility on our end user count due to the fact that end users don't need to log on to the application.

Our maintenance needs require just one experienced QRadar analyst to moderate.

Technical support has proven to be very helpful.

The initial setup wasn't straightforward. The setup is situation specific.

The deployment for us took about 3 months.

Implementation was done in-house.

I think this product adds significant value to organizations seeking a scalable, security integration tool. It does a great job of identifying, classifying, prioritizing, remediating, and mitigating software vulnerabilities. It's a good solution

On a scale of 1 - 10, 10 being the best, I give this product a rating of 9.