IBM Security QRadar Reviews

We don't have a business relationship with IBM QRadar, our relationship is a customer relationship. We use IBM QRadar as our primary security solution.

QRadar is the primary tool in our security center. We use it to collect information from different devices, detect, and analyze various threats or attacks to protect our system.

Vulnerability detection is the most valuable feature. It's the tool that finds the threats.

The tool is very complicated. One place for improvement would be to have a more user-friendly interface. Having better support in Spanish would be cool.

The solution is scalable. Currently, wehave between 50 to 70 users working with this solution.
We have plans to increase the usage of the product in the future.

My experience with technical support has not been so good because I would prefer support in Spanish which I haven't gotten.

The initial setup was very complex.

We are planning to take at least one year for the complete setup. Deployment went fast, between six and three hours.

We used an integrator for the deployment. The experience was excellent, outstanding.

This kind of solution is essential. The communication network functions very well.

On a scale of one to 10, ten being the best, I would give this product a rating of nine.

We are a reseller of this solution. We have numerous uses cases all dependant on the needs of our customers.

IBM QRadar has improved my organization by introducing many functions. It collects logs from all of our systems in the organization and has functioned very well. It alerts and correlates the aggregate events or offenses we receive through all the applications we use.

With other solutions, you collect the logs from different sources but you still have to finetune it, and you still have to match them a lot of the time to figure out the correct association to sort out the false positives. QRadar is much easier to use and detect false positives. It can do it by itself, and it allows you to finetune the filtering and check the false positives. There is some backend that protects but it's the best among all in the market.  

There is one problem with QRadar in regards to the add-on apps. The apps can be frustrating. For example, when I add a big app like one of the add-ons for resiliency, add-on applications for QRadar, these applications require different hardware to implement and to deploy. The resiliency connector because there's a considerable amount of data scanning, operates for these apps correctly. 

Acquiring these add-on apps for QRadar is very expensive. This is one of the difficulties that we are facing with the QRadar.

It's very stable.

The solution is very scalable.

Technical support hasn't been bad, but sometimes it's inadequate, sometimes it is good. It depends on the case. We've had bad experiences in the past because we didn't get onsite support when we needed it.

They do have onsite support but only for third-party partners working directly with IBM. And sometimes the support is too slow.

I've used Alien Vault, McAfee, and Splunk.

The initial set up was a bit hectic the first time because, it's not about the QRadar application itself, it's about defining or configuring the data sources or the traffic sources to QRadar. We are going to use a small file through literally all of the traffic sources. We found it was difficult to merge with QRadar due to different IPs, different sources delaying the process and just technical issues. It's not an issue with the QRadar solution itself.

We implemented through a vendor. I am one of the integrators.

Our requirements are dependent on the size of the deployment and maintenance case, depending on how large of an enterprise solution we are speaking about. The size of the architecture, or for example if the architecture is all in one including the processor, including the QNI and the connector all with one box. A deployment of this type would only require one guy for it if the architecting dissipating these items comes from the all in one box.

The licensing is every year.

There are additional costs, such as the cost associated with the different hardware required for implementation and deployment. Along with the add-on apps, these are all additional costs, and they require licensing as well.

The solution functions very well. It is amazing but there are some bugs with it. The unknown bugs can just come up with the adaptor with the data stored in Qradar. 

On a scale from one to 10, ten being the best, I would rate this product an eight out of 10.

My use case is the deployment of an X-Force successful connection with a botnet and malware website. An X-Force feed is free with QRadar.

I have been using the product for three years now. I used it for six month at an internship to PoC some different SIEM and for two and a half years as an administrator. Now, I am using it as an architect.

Previously, we had to do a lot of debugging when we wanted to change our firewall policy to find out which rule was blocking things, etc. With Qradar, when you integrate the logs of the firewall, you have with two clicks, the info in real-time.

The correlation and the parsing are important features, since it is very important for a SIEM to have a good scalability and performance.

The weak signal detection with QRadar needs improvement. You can detect what you know, but what is unknown to the rule engine can't be detected, similar to a base rule of SIEM.

Sometimes, but not from the system itself, but from the amount of logs it has received.

Not at all.

Technical support is good when they using WebEx. By portal, they are slow and inefficient.

My service since the beginning has been to only sell and manage QRadar.

It is very easy to deploy. It is not a user-friendly way to deploy, but for IT guys who have the skills of Linux servers, etc., it is easy.

Think what you will integrate into QRadar. It is a SIEM. You need to send it logs, but not everything.

Pricing (based on EPS) will be more accurate.

I had the chance to test some other products, and there is a lot of them on the market. However, when you have to deploy and manage it, not just demo it, it is a total different story.

QRadar is not perfect, but I have had the chance to manage ArcSight, Sumo Logic, Unomaly, and RSA for some specific features, and comparatively, QRadar is good

Think scalability and make sure your product can be integrate into QRadar.

We are using it for visibility and compliance.

The visibility it gives you into your infrastructure has been great.

The notifications it provides offer valuable information when something is happening in your blind spot.

The AI engine could be smarter. 

It is a bit expensive. 

I've used the solution for about three years. 

The solution is stable. I'd rate it five out of five. It's very reliable. There are no bugs or glitches. It doesn't crash or freeze. 

The solution scales well, and it's easy to do. I'd rate it five out of five in terms of the ease of scalability. 

We have a lot of users on the solution currently. We have customers on the product as well. There are likely more than 500 users inside and outside the organization. 

Support has been helpful and responsive. There may sometimes be a delay. However, they do get you the information you need. 

Positive

We've only ever used IBM. 

The setup is a bit complex. I'd rate it two out of five in terms of ease of deployment. It took us a week to get everything up and running. 

We had two engineers working on deployment and maintenance. 

We handled the solution in-house. We did not need outside assistance. 

We've seen a good ROI. I'd give it a five out of five. 

It's a bit pricey as a product. I'd rate it a two out of five, with five being the most affordable. It depends on what you buy; the longer you use it, the better the cost. It's an all-inclusive license. You don't need to pay for extra features. 

We did look at a few other options. 

We use the solution inside our organization. Our clients use it too. We are a premium partner in our region. 

We're using the latest version of the solution.

I'd rate the solution nine out of ten. It really provides good visibility.

IBM QRadar User Behavior Analytics has a dedicated application for user behavior analytics and must be installed separately on an application server. It is valuable if you created the setup for the use cases. It needs additional customization to have a good value. You will have to point the solution to the suitable data sources that will feed the user analytics in a good manner. You will have good user behavior analytics, based on the created use cases.

IBM QRadar User Behavior Analytics has easy architecture, has a good portfolio and integration.

The solution could improve by having more out-of-the-box use cases.

I have been using IBM QRadar User Behavior Analytics for approximately two years.

IBM QRadar User Behavior Analytics is stable.

I have found IBM QRadar User Behavior Analytics to be scalable.

We have approximately 15 clients using this solution.

The support is satisfactory.

The implementation was not easy and was not difficult, it was in the middle.

The full implementation can take approximately two to three months.

We have three people that are supporting IBM QRadar User Behavior Analytics.

There is an annual license required for this solution.

I rate IBM QRadar User Behavior Analytics an eight out of ten.

IBM QRadar is used to help our customers collect information. It collects the information from other tools on the firewall, network devices, cyber tools with both Carbon Black, Cortex, Cynet, and Darktrace.

It's a complete platform.

The interface is good.

They have more than 100 features.

It is not easy to use.

The updates are not very easy. It is very complex. I would like to see the update process simplified.

When I said "it is not easy to use", I mean that QRadar is not for beginners.
Needs high competence and skyll to use it in a satisfactory way to really help customers.
The complexity is not a flaw, but it si a necessary quality for QRadar to be a truly effective tool in a Cyber environement.

We have used IBM QRadar within the last twelve months.

IBM QRadar is a stable solution.

It's a scalable platform.

Technical support is good.

Positive

Pricing is good.

I would rate IBM QRadar an eight out of ten.

The main tool for this operation center for collectings events from different devices, whatever server or network devices, such as switches and routers. It handles anything related to data that can be harmful related to security. Those events can be mapped to promote the threat, it creates another event for promoted threats.

We are a service provider and we provide services to our customers. We use IBM QRadar for many types of businesses, such as banks and telecom. It has a good reputation.

IBM QRadar has a margin for development, for out-of-the-box use cases. It can be enhanced with better support and automate the use cases for that.

I have been using IBM QRadar for approximately two years.

I have found IBM QRadar to be stable.

IBM QRadar is scalable.

The technical support of IBM QRadar is good.

IBM QRadar is the best SAN solution we have used compared to the others.

We manage the installation of the solution. It is not something difficult, it is reasonable. It is not that easy for anyone to do, it needs a technical team.

The implementation needs a technical team and we have two engineers for the implementation and maintenance.

There is a license to use this solution, which is paid annually. However, there are subscription options available.

I recommend this solution to others.

I rate IBM QRadar an eight out of ten.

We are service providers, and we are always exploring tools to accompany existing tools. I am always searching for the best products to meet my clients' requirements. I always look to understand the technology first, learn what benefits we can get from the product, how competitive is it with other tools such as DarkTrace, and Palo Alto.

We are working with this solution, but it is being managed by another vendor.

We are service providers. We are providing SOC service and MSSP services for our clients. 

We are working on various products, not one specific product. We can provide services for any product, in fact, any security solution.

There have been many advancements made in the most recent year. There are many add-ons included in the licenses that I have yet to explore.

There have been many improvements. When I worked with this solution at the core technical level, it was a SIEM solution. Many attributes have been added, such as threat intelligence, SO solutions, automation, and OT security. Many other platforms have been included as part of IBM QRadar.

The flexibility is good in terms of pulling log files.

Automation is an area that people are looking for. IBM does have the SO solutions platform, but it would be more useful if they could have predefined use cases rather than using more generic ones. It would be much better if they could customize their use cases.

It's resource-intensive.

The IBM QRadar team has to be proactive and they have to be informative about the product.

They don't want to spend too much money on the SIEM because it is obviously resource-intensive. But the SIEM is a very useful product when you have good resources and good software.

For large organizations, that want to integrate all of the log sources, the pricing will be too expensive. This is the main reason that clients are not interested in SIEM solutions.

I have been working with IBM QRadar for approximately four years.

I moved into consulting, at the architectural level. I'm not working at the core level but I know the basics of QRadar and how exactly it functions. 

Technical support is good. 

My personal experience was fantastic. They are always good and we have never had any problems.

There are a lot of online resources available.

When compared with other SIEM solutions, QRadar is considerably less expensive. I would like to compare it with Elasticsearch because they have different pricing strategies.

QRadar is events per second, EPS-based, whereas Elasticsearch is resource-based. You have to estimate based on how many resources will be used in the infrastructure, irrespective of log resources and log volumes. 

They are charging based on the resources. 

I'm exploring the Elastic Stack Elasticsearch currently. Splunk is out of scope for us right now, we're not interested in that. Sentinel is one that we are interested in.

There are many competitive tools that are emerging regarding XDR solutions or SO solutions, which are capabilities that QRadar offers.

The competition is very different from the geographical locations.

For the Indian market, locally, they are still working on the old SIEM structure. It is a very generic SIEM model. Western countries, especially North American clients, are advanced in terms of moving the infrastructure to the cloud. Some have OT security and they're also doing some Office 365 advancements and several advanced search engines for endpoint detection.

They are expecting that nothing is left behind without using any licenses. Microsoft provides part of the security services if you go with the EFI license.

As vendors, we need to counter with the important visibility areas, and the critical access, which needs to be monitored as part of security. 

I would rate IBM QRadar a seven out of ten.