IBM Security QRadar Reviews

What is valuable is that we're using it through IBM's MSS services, and that they're doing a really good job of keeping us alerted of what events are hitting, and adapting for it.

It benefits us from a standpoint that we're very immature in our review of how security should be approached, and it's really helped us move up to modern awareness of what's going on on the internet.

I'd like to see, and they're getting there, is more integration; tighter integration with some of the other IBM Security products. They're moving a lot tighter to BigFix. BigFix has a lot of power in it, and MaaS360 also has a lot of power in it. I'd like to see those more tightly integrated.

We have not had any stability or scalability issues. We're a little concerned about the latest version and the fact that it cannot be upgraded, that it requires a clean install.

We have not really used technical support, because it's a managed service, so we call the SOC and they help us. They are very helpful.

We just really sold our CIO and CTO on the fact that we need to do better than we are, where we're at today. We had a lot of virus challenges, like most companies, and malware, so we had to figure out how to reduce that.

I was involved in the initial setup. Well, IBM did it, since it was a managed service. It was pretty straightforward.

We looked at numerous other players. We chose IBM because it has a lot of power, and you can grow it as much as and however you want it to.

When I am looking for a vendor, I don't look for a VAR, I look for a partner.

If you're going to implement it, implement it using managed services, because it's too complex of a product to try to do yourself.

The event collector, flow collector, PCAP and SOAR are valuable.

Whenever we connect the span port, its device and health status increase the capacity level. So I suggest the mitigation of that part for IBM. Otherwise, it's a good product. We also continuously have issues with technical support because they do not have a prompt response time.

We have been using IBM QRadar for the last five years.

I rate the stability a nine out of ten.

I rate the scalability an eight out of ten. We deploy to many customers and have completed many POCs. We have a four-person team.

The technical support is good, but they are not prompt. I rate them a five out of ten.

Neutral

I rate the initial setup a ten out of ten. It is deployed on-premises and takes about two to three days to deploy the full environment readiness. But the device integration, rules screening and log onboarding take too long, about three to four months. The deployment was completed in-house.

The solution is expensive compared to other products, and I rate the pricing a five out of ten.

I rate this solution a nine out of ten.

I use IBM QRadar for user behavior analytics, and mostly incident handling.

The solution is easy to use, manage, and review all incidents.

If you have too many events that occur, then the storage capacity becomes a problem. You need to have more storage.

I have been using IBM QRadar for approximately four years.

The solution is very stable.

We have approximately three customers and the total users that are using it would be approximately 200.

The initial installation was straightforward, we were able to have it running in half a day.

I do the implementation and maintenance of the solution.

There are different types of subscriptions available. We were on an annual subscription, but our customers typically choose the two years subscription option.

I would recommend this solution to others.

I rate IBM QRadar a nine out of ten.

This is a solution you use when you have many security products that you want to manage in one monitor, one analytic. We are partners with IBM and provide implementation services to our customers. I'm a solution security architect.

The most valuable feature is that it can analyze event logs, event security, and give a good consult. When you have SIEM, you can easily manage with one single monitor. QRadar can do a lot of analyses of every security product and will let us know what needs to be done to the log. Sometimes we need security orchestration automated response to support the SOC team.

The concern with QRadar is that there are so many features in the dashboard, too many menus that require going to two or three sub-monitors to enter the QRadar. The user interface is good but there are so many features that can be confusing for the administrator. It could be simplified. 

I've been using this solution for a year. 

I think that QRadar is stable, but I've never worked with other solutions in this area and I have nothing to compare it to. It has dedicated machines and offers great performance. 

The scalability is easy but it comes at a high price.

IBM in Indonesia provides great support.

The initial setup is complex if the data set is large. It really depends on that. We provide maintenance services to our clients so that if they have any trouble, we assist with troubleshooting.

SIEM is quite a pricey solution so we only offer it to enterprise companies that can pay the fees. For smaller companies, it's an extremely expensive product. 

I recommend this solution because I think they provide great support from the sales and technical perspective.

I rate the solution nine out of 10. 

My use case is the deployment of an X-Force successful connection with a botnet and malware website. An X-Force feed is free with QRadar.

I have been using the product for three years now. I used it for six month at an internship to PoC some different SIEM and for two and a half years as an administrator. Now, I am using it as an architect.

Previously, we had to do a lot of debugging when we wanted to change our firewall policy to find out which rule was blocking things, etc. With Qradar, when you integrate the logs of the firewall, you have with two clicks, the info in real-time.

The correlation and the parsing are important features, since it is very important for a SIEM to have a good scalability and performance.

The weak signal detection with QRadar needs improvement. You can detect what you know, but what is unknown to the rule engine can't be detected, similar to a base rule of SIEM.

Sometimes, but not from the system itself, but from the amount of logs it has received.

Not at all.

Technical support is good when they using WebEx. By portal, they are slow and inefficient.

My service since the beginning has been to only sell and manage QRadar.

It is very easy to deploy. It is not a user-friendly way to deploy, but for IT guys who have the skills of Linux servers, etc., it is easy.

Think what you will integrate into QRadar. It is a SIEM. You need to send it logs, but not everything.

Pricing (based on EPS) will be more accurate.

I had the chance to test some other products, and there is a lot of them on the market. However, when you have to deploy and manage it, not just demo it, it is a total different story.

QRadar is not perfect, but I have had the chance to manage ArcSight, Sumo Logic, Unomaly, and RSA for some specific features, and comparatively, QRadar is good

Think scalability and make sure your product can be integrate into QRadar.

We work with it in the banking sector. We had torrent limitations and big banks could join them. It has performed well. However, the limitation is not easy, so the product is not easy.

You cannot get the real value of the product unless you combine it with the other products from IBM, like BigFix, the full integration of Vulnerability Management, and so on. 

The product is great. It does good correlation for events. It does good general analysis, and it has good apps as well.

• The artificial intelligence ease of integration; it has a good integration with the artificial intelligence engine of Watson.
• There is good collaboration between IBM Cloud and all IBM customers. 

The implementation and configuration are not easy.

We would like to see user behavior analysis in the next release. IBM claims they have this feature, but I do not see it as mature as in Splunk. 

The stability of the solution is great.

Technically, there are no scalability issues.

Support is good. The technical engineers seem they know what they are doing. Though, the escalation response is bad. An escalation takes time, because the response time is not as fast as it should be.

The implementation is complex.

It is expensive. It is not a product that I can provide for SMBs. It is a program that I can only provide for really large enterprises.

Also, the maintenance costs are high.

IBM needs to invest more into the collaboration with other vendors.

If you want to go to IBM, do not just go for QRadar. You need QRadar and all the products that surround QRadar, especially BigFix, because the product is ten times stronger with it.

Most important criteria when selecting a vendor: 

• The technical features of the solution.
• The people in my region at the vendor.
• The perspective of the project manager on the customer side.
• Data involved and time of the implementation. 
• The needs of the customer.
• The cost of the project.
• Training involved.

I find that the dashboards are the most helpful to get an overview of traffic flow and issues.

We find that reviewing Q1 Radar is very helpful to pinpoint configuration issues, as well as go back and find traffic flows from comprimised hosts.

No.

None.

N/A

N/A

N/A

We are using it for visibility and compliance.

The visibility it gives you into your infrastructure has been great.

The notifications it provides offer valuable information when something is happening in your blind spot.

The AI engine could be smarter. 

It is a bit expensive. 

I've used the solution for about three years. 

The solution is stable. I'd rate it five out of five. It's very reliable. There are no bugs or glitches. It doesn't crash or freeze. 

The solution scales well, and it's easy to do. I'd rate it five out of five in terms of the ease of scalability. 

We have a lot of users on the solution currently. We have customers on the product as well. There are likely more than 500 users inside and outside the organization. 

Support has been helpful and responsive. There may sometimes be a delay. However, they do get you the information you need. 

Positive

We've only ever used IBM. 

The setup is a bit complex. I'd rate it two out of five in terms of ease of deployment. It took us a week to get everything up and running. 

We had two engineers working on deployment and maintenance. 

We handled the solution in-house. We did not need outside assistance. 

We've seen a good ROI. I'd give it a five out of five. 

It's a bit pricey as a product. I'd rate it a two out of five, with five being the most affordable. It depends on what you buy; the longer you use it, the better the cost. It's an all-inclusive license. You don't need to pay for extra features. 

We did look at a few other options. 

We use the solution inside our organization. Our clients use it too. We are a premium partner in our region. 

We're using the latest version of the solution.

I'd rate the solution nine out of ten. It really provides good visibility.