IBM Security QRadar Reviews

The primary use case of this solution is for monitoring the network.

Part of the SaaS offering is the SOC service. The best part of this solution is having a third-party SOC.

It's a robust solution.

The user interface is a bit difficult to get used to. Once you do, it's not difficult.

I have been working with QRadar for two years.

We are working with the latest version.

The stability is excellent.

It's scalable. Everything is done through our third-party vendor.

We have four other people in my group that have access to it, and we have six people who use it.

The third-party vendor manages the system

We had a third party vendor to complete the installation, so it wasn't bad.

We evaluated all of the Gartner top quadrants.

I would recommend having a third-party vendor.

There are a lot of alerts and a lot of tuning that has to be done. Every time we add new rules to it, an alert goes up. Having the SOC to go through it all first is very beneficial.

For what we do, I would rate IBM QRadar a ten out of ten. We are satisfied with it.

We are using it for SIEM, for Security Information and Event Management. We're gathering the logs and doing analytics on how we are going to react to security incidents.

With QRadar we managed to focus on the more critical incidents that we have experienced. As a result, we have managed to decrease the most critical incidents, most critical attacks. Now we're focusing on the ones that are not too heavy, not too critical. As of the moment, we are more secure than before.

One of the most valuable features is its ability to integrate with other solutions. In our current setup, we need a holistic view of our network to provide better service. Therefore, integration with our security tools and infrastructure is a must. We managed to get our NGFW, Endpoint Security, network servers, compliance tools and others to integrate with QRadar which enables our team to better understand what is happening in our network and respond accordingly.

The first area for improvement is the cost. It's a little bit too expensive for us. 

Also, initially it was difficult to understand or to grasp, but once you get the hang of it is easier to understand and to analyze. So the main problems are its cost, the maintenance cost, and the fact that it takes some time to learn how to use it.

In terms of additional features, a mobile app would be nice. Also, the reporting is definitely okay, but you have to make sure that everybody with different roles can understand it. There is room for improvement in the reporting.

It's very robust. If it fails it does not really harm the network. It just gathers information and that's the important part. It has not failed, it's been working since day one so there is no problem. As long as the server that you install it on is working fine, it's very reliable. It's very stable.

It's also scalable yes. You can adjust the number of devices it communicates with so there is no problem with scalability.

I have not yet contacted technical support. I have not encountered any problems. So far, we have had no need for them. We have just fixed things ourselves.

We did not use any solutions before QRadar.

It's straightforward. We just had to connect it to our servers, to our security solutions, and that was it. Everything was already communicating.

We are just a small company, so the deployment did not take that long, about a month to a month-and-a-half. It didn't involve too much downtime since we're just monitoring a few servers and a couple of security tools.

We are directly in touch with IBM and we have an IBM security specialist. He usually gives us pointers and he's the one who also gave us a little bit of training and knowledge transfer.

It's too expensive. The licensing is also a little bit difficult to understand because you have to license it per event and per number of flows. So you have to understand the difference between a flow and an event, and then you have to forward that to the resellers, the distributors, and to IBM. That part took a long time for us. Now we're adjusted to the process.

We did evaluate some, like LogRhythm. We found that LogRhythm was more difficult to understand because it was a little bit too static. I believe they have already improved but, as of the moment, we are still happy with QRadar.

My advice is to take your time. It depends on your network, on what you want to gather information from. Make sure that the networking and the cybersecurity teams are working towards a common goal. The solution is very much worth it. You can gather all the information that you need as long as you know first what you need.

This solution is mainly for the Security Operations Center, so there are just three or four users. But it's one of the key tools for us to identify threats and attacks. The users are security operations analysts and threat hunters.

In our case, deployment and maintenance requires just a few people. They are the network administrators and our cybersecurity engineers.

At the moment we have no plans to increase usage. If the company grows, usage should grow as well. The company is growing but, as of the moment, we are planning for expansion. That's why the solutions that we carry are already built for expansion for the next three to five years.

I would rate QRadar at eight out of ten. It's not perfect and the big issues would be the price and it that it takes some time to understand it. But so far, it's one of the best solutions out there.

Our primary use case of this solution is to identify threats. 

We do R&D for IBM QRadar and we are also a cybersecurity solution based company. We provide solutions for our clients like banking, government agencies, and other non-government organizations. Our clients test in our labs and we try to understand how a product works and how a product will help our clients. I have more than three years experience with AlienVault and I use AlienVault a lot and I have already deployed it in a few banks. I am now trying to understand how IBM QRadar works and what the difference between IBM QRadar and AlienVault is. 

This solution has many valuable features but I especially like the Log Manager feature.

I think QRadar is very complex. It's a distributed system and IBM QRadar has an all-in-one solution which is not like that distributed solution but it's a good product. IBM needs to consider the user interface because if we compare it with AlienVault, the AlienVault user interface is fantastic but the IBM QRadar user interface is very complex. They should focus on how to make it easier for the client.

IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution.

IBM QRadar is stable and scalable. 

Scalability is good. If you use APS 25 GPS license you can change to 3000 EPS anytime. Also, you can integrate a distributed solution with the all-in-one deployment. If you have a very small organization, you don't need model 5000 EPS license so you can deploy all-in-one and then one day if your organization grows bigger, you can deploy a distributed system.

We have our own system and network experts, forensic experts, and database expert so until now, we haven't had any issues that required us to contact their support. 

The initial setup was complex. When it comes to the deployment, you can get it done in a day but if you want to fine-tune it can take a very long time. This isn't only for QRadar, but this applies to most solutions. 

It takes two or three people to deploy this product but if you want to do custom configuration then you need each and every part's expert. You need a network expert, forensic expert, and system expert. If you want an advanced system configuration you need many more people. If you only want to integrate this solution in your organization then two or three people is more than enough for the deployment.

We deploy it for our clients.

Licensing is very expensive, IBM QRadar is a very expensive solution. If you want to minimize costs then IBM QRadar is not for you.

I would rate it an eight out of ten. Not a ten because of the complex interface. 

I have implemented QRadar in a big airline company, where they needed to get all their security information in one place. It helped in reducing the amount of time that was needed to evaluate the risk of every event. Configuring the alerts has never been easier; you just search for the event you think you need and start creating the rules that way. It is really straightforward and you don't need much IT knowledge for it. Of course, your experience with the product and a generalist view of the infrastructure, business and IT are strongly recommended, when using a tool similar to this.

In my understanding, the best features are:

• DSMs (Device Support Modules),
• Device auto-discovery, and
• Hundreds of rules and reports already created for you to mix up.

These features are keeping QRadar on top in Gartner. You can have it running in a few hours, then start collecting your logs and events in no time.

We never experienced any stability issues. The only problem that I had was related to the hardware and the high availability worked as expected.

Something to take into account is the IBM support; they really know their business and how to fix problems. I had the opportunity to talk with L2 Managers in the US, who told me that IBM is investing in research, documentation and training for all the people working with it. This is a very interesting thing to have in mind, when choosing this platform.

We never experienced any scalability issues. If you correctly estimate the amount of EPS (the license variable), then scalability is not a problem. They can run in a really big environment (100,000 EPS tested in production) and all the infrastructure will work as a charm.

The technical support is excellent. As I've mentioned, they know their business and have a really good team behind them.

I had the opportunity to use other SIEM solutions, but no one can provide what QRadar does, i.e., in terms of its simplicity, support or integration.

The setup was really straightforward. You simply need to put your ISO image in the hypervisor, follow the on-screen instructions and you have it running in one hour.

The pricing and licensing policies are really competitive. These solutions are not for a really small business, but having just one license variable is really good. You simple tell the partner or sales representative the number of EPS you want to receive in your appliance and that's it. Other solutions have a 'correlation' license, which is more like a trap than anything else.

I have tested Splunk and used a little bit of NitroSecurity (McAfee). I have also seen a little bit of HPE ArcSight.

You should ask the sales representative to give you the Excel sheet to calculate EPS. Keep in mind that the firewalls, proxies and networking devices such as those will consume lots of EPS, but they do provide really nice information and insight from your network.

On Gartner, this is one of the top 10 SIEM solutions in the market. It is robust and IBM is investing a lot of money to get it running even better than it is running right now. You feel secured when you use it.

This solution is being implemented around the world and every day, a new feature or add-on is created for it.

It gives us more visibility in terms of the threat surface and to proactively look at mitigation measurements, in terms of managing our risks. As our side business is increasing, it gives us a better way to handle of things.

We are using this SIEM solution, which is pretty good in terms of detecting threats and managing the intelligence for us.

In the next release, I obviously would want to see more integration to the cloud-based services such as Microsoft Azure and the other line of business applications, so that we have a comprehensive view on a hybrid cloud stack.

The stability of this product is pretty good. It's helping us a lot and they keep on adding new features. Thus, as a platform, it's quite stable.

Scalability is good because it is a cloud-based offering and a managed services offering solution. The scalability is left for IBM to manage, so it's not a headache for us to manage.

We have used the technical support on and off. Since it's on a 24/7 SLA, it gets managed well. It is pretty good. On a scale of 1-10, I would give it an eight.

The setup was a bit complex. But as a project team, we pulled it through. It was complex because you need to understand the product and they need to understand our business requirements, as all of this is in the setup. So, it's not a straightforward payoff by just putting us off way there.

The SIEM solutions list we looked from included IBM, Cisco and Check Point.

The most important criteria while selecting a vendor are that it is a future-proof and tabulating solution. Also, the other factors involved are being a global leader and getting us up there as well.

The primary reason as to why we chose IBM is because we had a significant local presence. Also, QRadar's portfolio and its features on the Gartner's website were pretty much at the top end, i.e., as a leader in the leadership aspect.

This is quite an established solution so, I will have no hesitations in recommending it.

First, I used the manual to learn, then I tried to merge it with my company's needs, and there weren't any problems.

I like the graphical interface. It's so good and easy.

Integration could be better. They should make it easy to integrate with other solutions. 

I have been using IBM QRadar Advisor with Watson for three or four years.

IBM QRadar Advisor with Watson is a stable solution.

I think IBM QRadar Advisor with Watson is scalable.

We didn't use technical support as the community was very helpful.

The initial setup was difficult the first time, but it got easier after that.

I think my company pays for the license yearly.

I would advise potential users to read the manual or the workbook before going forward with the deployment. Try to match the requirements with the company's needs to avoid facing issues in the future. But if you get stuck, you can always ask the community for help.

On a scale from one to ten, I would give IBM QRadar Advisor with Watson a nine.

I use IBM QRadar for user behavior analytics, and mostly incident handling.

The solution is easy to use, manage, and review all incidents.

If you have too many events that occur, then the storage capacity becomes a problem. You need to have more storage.

I have been using IBM QRadar for approximately four years.

The solution is very stable.

We have approximately three customers and the total users that are using it would be approximately 200.

The initial installation was straightforward, we were able to have it running in half a day.

I do the implementation and maintenance of the solution.

There are different types of subscriptions available. We were on an annual subscription, but our customers typically choose the two years subscription option.

I would recommend this solution to others.

I rate IBM QRadar a nine out of ten.

We use the solution for network behavior and log analytics. We wish to procure one for behavior analytics.

I am not certain which version we are using. 

There is a need for a behavior analytics solution in the environment. We use the solution to highlight unusual traffic for a single particular link or even single particular user traffic. 

The solution will not provide alerts in the event of any particular traffic. It will only alert in the case of a security threat. 

I am looking for a solution to replace IBM QRadar. We use it for incident reporting, but I need one for behavior analytics. I need one which will send alerts in the event of any behavior. 

The solution is fine for analyzing logs. We already have basic modules. We require more modules for getting so that we may obtain further details. We essentially use IBM QRadar for analyzing particular logs. 

There are no additional features which should be added or upgraded in the next release. 

The solution is reliable. 

The scalability is fine. 

Technical support is okay. We have had no issues with them. 

The license is not subscription-based. We have been doing the same deployment for more than ten years. 

The pricing is alright. 

Our environment is binding. We have only monitoring and data central traffic.

I would recommend the solution to others. It is fine for analyzing logs.