IBM Security QRadar Reviews

We are a reseller of this solution. We have numerous uses cases all dependant on the needs of our customers.

IBM QRadar has improved my organization by introducing many functions. It collects logs from all of our systems in the organization and has functioned very well. It alerts and correlates the aggregate events or offenses we receive through all the applications we use.

With other solutions, you collect the logs from different sources but you still have to finetune it, and you still have to match them a lot of the time to figure out the correct association to sort out the false positives. QRadar is much easier to use and detect false positives. It can do it by itself, and it allows you to finetune the filtering and check the false positives. There is some backend that protects but it's the best among all in the market.  

There is one problem with QRadar in regards to the add-on apps. The apps can be frustrating. For example, when I add a big app like one of the add-ons for resiliency, add-on applications for QRadar, these applications require different hardware to implement and to deploy. The resiliency connector because there's a considerable amount of data scanning, operates for these apps correctly. 

Acquiring these add-on apps for QRadar is very expensive. This is one of the difficulties that we are facing with the QRadar.

It's very stable.

The solution is very scalable.

Technical support hasn't been bad, but sometimes it's inadequate, sometimes it is good. It depends on the case. We've had bad experiences in the past because we didn't get onsite support when we needed it.

They do have onsite support but only for third-party partners working directly with IBM. And sometimes the support is too slow.

I've used Alien Vault, McAfee, and Splunk.

The initial set up was a bit hectic the first time because, it's not about the QRadar application itself, it's about defining or configuring the data sources or the traffic sources to QRadar. We are going to use a small file through literally all of the traffic sources. We found it was difficult to merge with QRadar due to different IPs, different sources delaying the process and just technical issues. It's not an issue with the QRadar solution itself.

We implemented through a vendor. I am one of the integrators.

Our requirements are dependent on the size of the deployment and maintenance case, depending on how large of an enterprise solution we are speaking about. The size of the architecture, or for example if the architecture is all in one including the processor, including the QNI and the connector all with one box. A deployment of this type would only require one guy for it if the architecting dissipating these items comes from the all in one box.

The licensing is every year.

There are additional costs, such as the cost associated with the different hardware required for implementation and deployment. Along with the add-on apps, these are all additional costs, and they require licensing as well.

The solution functions very well. It is amazing but there are some bugs with it. The unknown bugs can just come up with the adaptor with the data stored in Qradar. 

On a scale from one to 10, ten being the best, I would rate this product an eight out of 10.

Its primary use case is for people who want to manage all of their logs with analytics and correlate that between different security devices whose logs are related. 

This solution is performing well.

It saves a lot of time. We integrate the customer's firewall with all their networking devices. If there is an issue, it helps us do the proactive work before it becomes a bigger issue. We are able to pinpoint issues and solve them.

Additionally, it is very easy to figure out. In one dashboard, we can see all the issues. There is no need to login to every device. In one single pane of glass, we can see everything.

Watson, which is an artificial intelligence, is the most valuable feature. On the back-end, Watson helps me figure out an exact problem, sometimes giving me the result. I never would have imagined this before.

The architecture could be improved. I got stuck for a long time trying to understand the architecture, as it is quite challenging.

The stability is good.

It is a combination of multiple factors. The issues is from the customer side, not from QRadar. If you are able to get the right details from the customer, this solution is scalable.

I am not involved with technical support because I am in pre-sales.

Factors in switching were the console view, as well as Watson. IBM Watson makes a huge difference on the product side.

I do not have control over pricing, though I do help customers with their sizing.

I select the vendor based on the customer's requirements. On the customer side, pricing is very important. They also consider the support to be an important factor.

My present organization does mostly IBM business. We have a very good rapport with the IBM team. We have won a lot of cases against competitors. We get trained frequently, so if there is an update, then we are prepared. 

We are able to see the rapid growth of IBM through QRadar compared to the other SIEM tools.

I would rate it a seven out of 10. I have had some challenges integrating this solution.

Each organization is looking for security. If you have a SIEM tool, you can integrate it with all of your security devices, and get all your security logs. This console gives you the entire view, which makes life easier and allows you to take precautionary measures.

People who handle only four or five security devices spread across the globe should go with this SIEM tool.

We used QRadar SIEM over Juniper Secure Analytics platform. 

The company profile is telecom. The infrastructure has a large geographical spread.

IBM QRadar is great help from its security event monitoring to data center and NOC troubleshooting of issues hard for other departments to spot.

• It has a logical, user-friendly GUI. 
• Very easy to drill down in offenses and get to the bottom of raw data.

Dashboards and reports could provide better visualization of SIEM activity. 

An executive or CISO dashboard would be nice to have by default.

The tool gets better value in the hands of an experienced security analyst. 

QRadar UBA's most valuable feature is the risk rating of users depending on their behavior.

QRadar UBA only keeps the data for a short while (it's refreshed every five minutes) and would be improved if this were extended to a week or month. In the next release, I would like to be able to do a historical search of user scores.

I've been using QRadar UBA for two and a half years.

QRadar UBA is quite stable.

QRadar UBA's price is a little more than street price and could be reduced.

I would rate QRadar UBA seven out of ten.

IBM QRadar User Behavior Analytics has a dedicated application for user behavior analytics and must be installed separately on an application server. It is valuable if you created the setup for the use cases. It needs additional customization to have a good value. You will have to point the solution to the suitable data sources that will feed the user analytics in a good manner. You will have good user behavior analytics, based on the created use cases.

IBM QRadar User Behavior Analytics has easy architecture, has a good portfolio and integration.

The solution could improve by having more out-of-the-box use cases.

I have been using IBM QRadar User Behavior Analytics for approximately two years.

IBM QRadar User Behavior Analytics is stable.

I have found IBM QRadar User Behavior Analytics to be scalable.

We have approximately 15 clients using this solution.

The support is satisfactory.

The implementation was not easy and was not difficult, it was in the middle.

The full implementation can take approximately two to three months.

We have three people that are supporting IBM QRadar User Behavior Analytics.

There is an annual license required for this solution.

I rate IBM QRadar User Behavior Analytics an eight out of ten.

The primary use case of this solution is for monitoring the network.

Part of the SaaS offering is the SOC service. The best part of this solution is having a third-party SOC.

It's a robust solution.

The user interface is a bit difficult to get used to. Once you do, it's not difficult.

I have been working with QRadar for two years.

We are working with the latest version.

The stability is excellent.

It's scalable. Everything is done through our third-party vendor.

We have four other people in my group that have access to it, and we have six people who use it.

The third-party vendor manages the system

We had a third party vendor to complete the installation, so it wasn't bad.

We evaluated all of the Gartner top quadrants.

I would recommend having a third-party vendor.

There are a lot of alerts and a lot of tuning that has to be done. Every time we add new rules to it, an alert goes up. Having the SOC to go through it all first is very beneficial.

For what we do, I would rate IBM QRadar a ten out of ten. We are satisfied with it.

The first thing that we implemented for user behavior was to find out whether somebody is logging in at odd hours. It studies user behavior.

My favorite thing is that it comes with good usability.

It has a powerful GUI where you can put together your use cases, and don't have to write your own scripts.

The price of this solution is a little bit expensive, so if it were cheaper then it would help.

While the interface is easy to use, it could be a little more responsive. It can be a bit sluggish at times.

I have been using IBM QRadar for about a year.

We have not experienced any issues with stability.

Scalability has not been a problem, although our environment is not very big. Perhaps at a later stage and with a bigger environment, we might have issues.

I have been in contact with technical support on one or two occasions. The experience was good and we are satisfied.

I also have experience using Splunk.

The initial setup is really straightforward. It's a bonus point of this solution.

I would rate this solution an eight out of ten.

We are using it for SIEM, for Security Information and Event Management. We're gathering the logs and doing analytics on how we are going to react to security incidents.

With QRadar we managed to focus on the more critical incidents that we have experienced. As a result, we have managed to decrease the most critical incidents, most critical attacks. Now we're focusing on the ones that are not too heavy, not too critical. As of the moment, we are more secure than before.

One of the most valuable features is its ability to integrate with other solutions. In our current setup, we need a holistic view of our network to provide better service. Therefore, integration with our security tools and infrastructure is a must. We managed to get our NGFW, Endpoint Security, network servers, compliance tools and others to integrate with QRadar which enables our team to better understand what is happening in our network and respond accordingly.

The first area for improvement is the cost. It's a little bit too expensive for us. 

Also, initially it was difficult to understand or to grasp, but once you get the hang of it is easier to understand and to analyze. So the main problems are its cost, the maintenance cost, and the fact that it takes some time to learn how to use it.

In terms of additional features, a mobile app would be nice. Also, the reporting is definitely okay, but you have to make sure that everybody with different roles can understand it. There is room for improvement in the reporting.

It's very robust. If it fails it does not really harm the network. It just gathers information and that's the important part. It has not failed, it's been working since day one so there is no problem. As long as the server that you install it on is working fine, it's very reliable. It's very stable.

It's also scalable yes. You can adjust the number of devices it communicates with so there is no problem with scalability.

I have not yet contacted technical support. I have not encountered any problems. So far, we have had no need for them. We have just fixed things ourselves.

We did not use any solutions before QRadar.

It's straightforward. We just had to connect it to our servers, to our security solutions, and that was it. Everything was already communicating.

We are just a small company, so the deployment did not take that long, about a month to a month-and-a-half. It didn't involve too much downtime since we're just monitoring a few servers and a couple of security tools.

We are directly in touch with IBM and we have an IBM security specialist. He usually gives us pointers and he's the one who also gave us a little bit of training and knowledge transfer.

It's too expensive. The licensing is also a little bit difficult to understand because you have to license it per event and per number of flows. So you have to understand the difference between a flow and an event, and then you have to forward that to the resellers, the distributors, and to IBM. That part took a long time for us. Now we're adjusted to the process.

We did evaluate some, like LogRhythm. We found that LogRhythm was more difficult to understand because it was a little bit too static. I believe they have already improved but, as of the moment, we are still happy with QRadar.

My advice is to take your time. It depends on your network, on what you want to gather information from. Make sure that the networking and the cybersecurity teams are working towards a common goal. The solution is very much worth it. You can gather all the information that you need as long as you know first what you need.

This solution is mainly for the Security Operations Center, so there are just three or four users. But it's one of the key tools for us to identify threats and attacks. The users are security operations analysts and threat hunters.

In our case, deployment and maintenance requires just a few people. They are the network administrators and our cybersecurity engineers.

At the moment we have no plans to increase usage. If the company grows, usage should grow as well. The company is growing but, as of the moment, we are planning for expansion. That's why the solutions that we carry are already built for expansion for the next three to five years.

I would rate QRadar at eight out of ten. It's not perfect and the big issues would be the price and it that it takes some time to understand it. But so far, it's one of the best solutions out there.