We used QRadar SIEM over Juniper Secure Analytics platform.
The company profile is telecom. The infrastructure has a large geographical spread.
We used QRadar SIEM over Juniper Secure Analytics platform.
The company profile is telecom. The infrastructure has a large geographical spread.
IBM QRadar is great help from its security event monitoring to data center and NOC troubleshooting of issues hard for other departments to spot.
Dashboards and reports could provide better visualization of SIEM activity.
An executive or CISO dashboard would be nice to have by default.
The tool gets better value in the hands of an experienced security analyst.
What is valuable is that we're using it through IBM's MSS services, and that they're doing a really good job of keeping us alerted of what events are hitting, and adapting for it.
It benefits us from a standpoint that we're very immature in our review of how security should be approached, and it's really helped us move up to modern awareness of what's going on on the internet.
I'd like to see, and they're getting there, is more integration; tighter integration with some of the other IBM Security products. They're moving a lot tighter to BigFix. BigFix has a lot of power in it, and MaaS360 also has a lot of power in it. I'd like to see those more tightly integrated.
We have not had any stability or scalability issues. We're a little concerned about the latest version and the fact that it cannot be upgraded, that it requires a clean install.
We have not really used technical support, because it's a managed service, so we call the SOC and they help us. They are very helpful.
We just really sold our CIO and CTO on the fact that we need to do better than we are, where we're at today. We had a lot of virus challenges, like most companies, and malware, so we had to figure out how to reduce that.
I was involved in the initial setup. Well, IBM did it, since it was a managed service. It was pretty straightforward.
We looked at numerous other players. We chose IBM because it has a lot of power, and you can grow it as much as and however you want it to.
When I am looking for a vendor, I don't look for a VAR, I look for a partner.
If you're going to implement it, implement it using managed services, because it's too complex of a product to try to do yourself.
I find that the dashboards are the most helpful to get an overview of traffic flow and issues.
We find that reviewing Q1 Radar is very helpful to pinpoint configuration issues, as well as go back and find traffic flows from comprimised hosts.
No.
None.
N/A
N/A
Technical Support:N/A
QRadar UBA's most valuable feature is the risk rating of users depending on their behavior.
QRadar UBA only keeps the data for a short while (it's refreshed every five minutes) and would be improved if this were extended to a week or month. In the next release, I would like to be able to do a historical search of user scores.
I've been using QRadar UBA for two and a half years.
QRadar UBA is quite stable.
QRadar UBA's price is a little more than street price and could be reduced.
I would rate QRadar UBA seven out of ten.
I am an integrator of this solution, my customers use this as a SIEM solution for log management.
This solution has excellent security analytics.
I think that the search speed of this solution could be improved.
This is a scalable solution, we have customers who have scaled.
The initial setup is very easy and takes just one day.
I would recommend this solution to everyone considering using it.
I would rate this solution a nine out of ten.
We are looking for the entire QRadar spectrum but it has many products. QRadar is a kind of program, we are looking for system modelling, point modelling, network side modelling similar to QRadar network inside, and the capability to correlate between the network and endpoint. Most of the SIEM's have to rely on when it comes to network side third party or separate network traffic analysis. When it comes to QRadar, they can do the correlation and not only in networks but also endpoints. This is one of the good features that we have noticed.
Since we have not used the solution very long my information is limited when it comes to improvements. I have noticed the interface has room for improvement.
I have been using the solution for two years. However, my company has not deployed the solution yet and we are in the early stages of testng.
The solution has a good technical team.
The installation is complex. There is some overloading that happens, this could be simplified and made easier by allowing all key features on the first level dashboard to be viewed.
When it comes to the initial pricing there can be a huge discount from there side and also I think they are open to competing with other products. Even though the price can be a little high sometimes there product is number one. They have a wide range of products.
We have compared Securonix and many other solutions to this one.
I rate IBM QRadar a nine out of ten.
The primary use case of this solution is for monitoring the network.
Part of the SaaS offering is the SOC service. The best part of this solution is having a third-party SOC.
It's a robust solution.
The user interface is a bit difficult to get used to. Once you do, it's not difficult.
I have been working with QRadar for two years.
We are working with the latest version.
The stability is excellent.
It's scalable. Everything is done through our third-party vendor.
We have four other people in my group that have access to it, and we have six people who use it.
The third-party vendor manages the system
We had a third party vendor to complete the installation, so it wasn't bad.
We evaluated all of the Gartner top quadrants.
I would recommend having a third-party vendor.
There are a lot of alerts and a lot of tuning that has to be done. Every time we add new rules to it, an alert goes up. Having the SOC to go through it all first is very beneficial.
For what we do, I would rate IBM QRadar a ten out of ten. We are satisfied with it.
We are using it for SIEM, for Security Information and Event Management. We're gathering the logs and doing analytics on how we are going to react to security incidents.
With QRadar we managed to focus on the more critical incidents that we have experienced. As a result, we have managed to decrease the most critical incidents, most critical attacks. Now we're focusing on the ones that are not too heavy, not too critical. As of the moment, we are more secure than before.
One of the most valuable features is its ability to integrate with other solutions. In our current setup, we need a holistic view of our network to provide better service. Therefore, integration with our security tools and infrastructure is a must. We managed to get our NGFW, Endpoint Security, network servers, compliance tools and others to integrate with QRadar which enables our team to better understand what is happening in our network and respond accordingly.
The first area for improvement is the cost. It's a little bit too expensive for us.
Also, initially it was difficult to understand or to grasp, but once you get the hang of it is easier to understand and to analyze. So the main problems are its cost, the maintenance cost, and the fact that it takes some time to learn how to use it.
In terms of additional features, a mobile app would be nice. Also, the reporting is definitely okay, but you have to make sure that everybody with different roles can understand it. There is room for improvement in the reporting.
It's very robust. If it fails it does not really harm the network. It just gathers information and that's the important part. It has not failed, it's been working since day one so there is no problem. As long as the server that you install it on is working fine, it's very reliable. It's very stable.
It's also scalable yes. You can adjust the number of devices it communicates with so there is no problem with scalability.
I have not yet contacted technical support. I have not encountered any problems. So far, we have had no need for them. We have just fixed things ourselves.
We did not use any solutions before QRadar.
It's straightforward. We just had to connect it to our servers, to our security solutions, and that was it. Everything was already communicating.
We are just a small company, so the deployment did not take that long, about a month to a month-and-a-half. It didn't involve too much downtime since we're just monitoring a few servers and a couple of security tools.
We are directly in touch with IBM and we have an IBM security specialist. He usually gives us pointers and he's the one who also gave us a little bit of training and knowledge transfer.
It's too expensive. The licensing is also a little bit difficult to understand because you have to license it per event and per number of flows. So you have to understand the difference between a flow and an event, and then you have to forward that to the resellers, the distributors, and to IBM. That part took a long time for us. Now we're adjusted to the process.
We did evaluate some, like LogRhythm. We found that LogRhythm was more difficult to understand because it was a little bit too static. I believe they have already improved but, as of the moment, we are still happy with QRadar.
My advice is to take your time. It depends on your network, on what you want to gather information from. Make sure that the networking and the cybersecurity teams are working towards a common goal. The solution is very much worth it. You can gather all the information that you need as long as you know first what you need.
This solution is mainly for the Security Operations Center, so there are just three or four users. But it's one of the key tools for us to identify threats and attacks. The users are security operations analysts and threat hunters.
In our case, deployment and maintenance requires just a few people. They are the network administrators and our cybersecurity engineers.
At the moment we have no plans to increase usage. If the company grows, usage should grow as well. The company is growing but, as of the moment, we are planning for expansion. That's why the solutions that we carry are already built for expansion for the next three to five years.
I would rate QRadar at eight out of ten. It's not perfect and the big issues would be the price and it that it takes some time to understand it. But so far, it's one of the best solutions out there.