Currently, our main use case for IBM QRadar User Behavior Analytics revolves around investigating user activity: specific user activity which we find suspicious. We don't monitor the dashboard of IBM QRadar User Behavior Analytics actively, but whenever we have an alert from other tools, we use it to check whether the user has triggered rules in our SIEM, whether the risk score is high, and other suspicious behaviors we can track.
Security Analyst at Localiza
Investigates suspicious user activity through machine learning algorithms and risk scoring, but user experience needs improvement
Pros and Cons
- "What I like about IBM QRadar User Behavior Analytics is that it uses machine learning algorithms to generate risk scoring for the user activity. I also like that it syncs with our Active Directory users, so it really has full coverage for all users in our environment."
- "What needs to be improved in IBM QRadar User Behavior Analytics is the user experience. It's not optimal. Some screens are a bit clunky. The solution needs to be more user-friendly."
What is our primary use case?
What is most valuable?
What I like about IBM QRadar User Behavior Analytics is that it uses machine learning algorithms to generate risk scoring for the user activity. I also like that it syncs with our Active Directory users, so it really has full coverage for all users in our environment. I also find the risk scoring feature of IBM QRadar User Behavior Analytics pretty interesting. I don't use it well enough today, but it's a feature I look at closely.
What needs improvement?
What needs to be improved in IBM QRadar User Behavior Analytics is the user experience. It's not optimal. For example: we are constantly looking for updates on the app and other features, so we could have a better user experience. Some screens are a bit clunky. We're still trying to figure out whether the solution is going to have a better user experience in the future, but nowadays it's a bit too complex. We need it to be more user-friendly.
For how long have I used the solution?
I've been using IBM QRadar User Behavior Analytics for eighteen months.
Buyer's Guide
IBM Security QRadar
December 2024
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
What do I think about the stability of the solution?
We've had issues with the stability of IBM QRadar User Behavior Analytics. We had bugs once or twice, but they were quickly solved by IBM's support team. The bugs weren't really something that stopped us from working. We managed to solve them rather quickly.
What do I think about the scalability of the solution?
IBM QRadar User Behavior Analytics is easy to scale.
How are customer service and support?
Technical support for IBM QRadar User Behavior Analytics was helpful.
How was the initial setup?
IBM QRadar User Behavior Analytics was really easy to set up. There were no issues with setting it up.
What other advice do I have?
I don't recall the exact version of IBM QRadar User Behavior Analytics I'm using, but it's probably the latest one. It's version 4.1.7.
My advice to others looking into implementing IBM QRadar User Behavior Analytics is to have a dedicated team to implement the solution. Some solutions require close knowledge of your environment, so someone would have to know your infrastructure, your network, your users, and your Active Directory environment well. These are things partners aren't able to do well if they are not supported by internal teams inside their company.
I'm rating IBM QRadar User Behavior Analytics seven out of ten.
My company has a contract with another company that is a partner of IBM. The company I'm in is just a customer, not an IBM partner.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Marketing Specialist II at Harman International
Easy to access, priced well, and straightforward installation
Pros and Cons
- "I have used IBM QRadar User Behavior Analytics in a Cloud Pak on Amazon, and there it runs on top of it and is easy to assess. Additionally, I have installed processes and characters."
- "Whenever we are upgrading or installing any type of patch, at that time we have some delays."
What is our primary use case?
Currently, we are using only Amazon Web Services for monitoring. We have CloudTrail, GuardDuty, Avast, and some Kubernetes security we have installed on Amazon AWS. By getting these logs, we have created the uses for these components.
What is most valuable?
I have used IBM QRadar User Behavior Analytics in a Cloud Pak on Amazon, and there it runs on top of it and is easy to assess. Additionally, I have installed processes and characters.
The most useful feature of IBM QRadar User Behavior Analytics is the User Behavior Analytics aspect. For example, whoever logs into the Amazon AWS to the interface, if someone is logging in for the first time that the administrator has created, or someone is logging in, we receive an email notification saying that they have logged in, we need to check. Based on that, we will start checking to see if the visit was a valid one or a malicious one. Even if we only have a few users, such as 25 to 30 Amazon AWS records.
What needs improvement?
Whenever we are upgrading or installing any type of patch, at that time we have some delays.
Sometimes by mistake, AWS has migrated some other accounts to my enrollment. At that time, we receive a notification special for that. We have created one rule and a case. We receive a notification and we are informed that the Amazon AWS team, sent an email apologizing for this happening. They have confirmed that going forward we will not receive this type of account modification issue. They have sent an email to us.
If you are searching for three to four months back it takes and there is a time delay. If I compare it to Splunk, it is a little bit delayed. It is because Splunk is using Elasticsearch, while IBM QRadar User Behavior Analytics uses a normal one. For example, if Splunk takes two minutes, it will take IBM QRadar User Behavior Analytics approximately three minutes.
For how long have I used the solution?
I have been using IBM QRadar User Behavior Analytics for approximately seven years.
Which solution did I use previously and why did I switch?
I have used many other solutions previously, such as Splunk and McAfee SIEM tool.
How was the initial setup?
The initial setup of IBM QRadar User Behavior Analytics is straightforward. We only have to activate a few aspects. We directly installed our process characters, and an all-in-one setup with it to do the installation. The deployment took use 30 to 40 minutes. However, if you want to add components it will take more time.
What was our ROI?
We have seen a good return on investment with IBM QRadar User Behavior Analytics.
What's my experience with pricing, setup cost, and licensing?
We pay approximately $40,000 to use the solution annually. This solution is a lot less expensive than Splunk.
What other advice do I have?
I rate IBM QRadar User Behavior Analytics an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
IBM Security QRadar
December 2024
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
Security Analyst at Localiza
Provides the visibility and analytics needed to detect and combat security risks
Pros and Cons
- "The rule engine is very easy to use — very flexible."
- "The user interface is a bit clunky, a bit hard to find what you need."
What is our primary use case?
We use this solution for deploying and integrating log sources and use cases.
We use it to generate offensives based on normal behavior and suspicious behavior from our security tools, firewalls, and other solutions.
We have applied a set of old and new rules to QRAdar that aim to detect persistent abnormalities in our environments.
Within our organization, our security operations center and users from our local security team — roughly 10 to 12 users — use QRadar. We plan to expand to other areas of the company so that other people can use QRadar for different use cases. But right now only the security teams use it.
How has it helped my organization?
It's more of what it has provided for our company. We have much better visibility into our environment now. It has become much easier to create an alert for suspicious behavior, to operate on security incidents when they happen, and to drill down on specific events and figure out exactly which machines and users were involved.
What is most valuable?
I think the log search is pretty good. It's very easy to create complex searches and aggregate results and create graphics, etc.
The rule engine is very easy to use — very flexible. We can create rules based on whatever behavior we want. It's very easy to use compared to Splunk.
When we analyzed Splunk, that was the criteria that we looked at. Splunk was a lot more difficult to use and to create rules.
The standard rules they have are very comprehensive. There are many content packs in the apps that enrich those rules. We are still using the native rules from QRadar because there are many useful rules there. I think we're going to have a very good experience with them.
What needs improvement?
One thing one has to be aware is that qRadar doesn't have a standard UI style, but older (clunkier) and newer (more modern and easy to use) screens. The QRadar UI involves a lot of clicks and pop-ups to get where you want, which is certainly not the best UX, but isn't totally a pain also. Although it's a bit difficult to navigate through screens at first, the UX is pretty good once you learn the "qRadar way", which takes about a few weeks to master.
For how long have I used the solution?
I have been using this solution for the last three months.
What do I think about the stability of the solution?
We had some bugs and we had to handle them. They impacted our deployment timeline, but all of the bugs that we had were quickly solved by engineers from IBM. Currently, we are not fully satisfied with the stability, but the support from IBM is very good and they can solve our problems very, very quickly.
What do I think about the scalability of the solution?
There seems to be a cap-limit regarding scalability. IBM limits the amount of data you can send into the collectors so scalability-wise, it's not that optimum because sometimes we have a resource or a machine that tends to think it gets more events per second than it actually gets. Because of how the solution is made, If we send a large number of events to these event collectors, then they will start dropping events because we can't queue them. That seems to be by design — we aren't entirely satisfied with that. In this way, IBM kind of forces their customers to buy a larger license.
How are customer service and technical support?
IBM's customer support is very good.
We don't have any comments about community support because we don't know any communities that we can use to look up information about QRadar; however, in general, we have used IBM's documentation extensively — I think it's very useful, it's very complete, but sometimes it's a bit outdated.
Which solution did I use previously and why did I switch?
We used to use ArcSight. I can't even begin to compare these two products because ArcSight was a solution managed entirely by our security operations center team. We didn't have full knowledge of what the solution was capable of. Now we're seeing a much larger universe with QRadar — I think it's a completely different thing. QRadar is much more capable than ArcSight.
How was the initial setup?
Deployment-wise it's pretty easy already; it took us one hour to get QRadar running, and then a couple of days later, we had full deployment. We then began onboarding log sources — the process of onboarding log sources has been almost painless for 90% of our log sources, which are from different vendors and different tools, and within a month we had about 70% of all of our relevant security logs in qRadar, generating many interesting offenses on a daily basis. So that has been very positive.
We had little interaction with qRadar during the process of onboarding log sources — most log sources were automatically discovered, their events were mapped correctly and parsed to extract relevant fields. A few log sources required manual intervention or installation of content packs, and some of IBM's DSMs were a bit outdated, but these issues were rather quick to fix within qRadar itself.
What about the implementation team?
We used a partner company here called IT.eam, which helped us with the deployment. They are very capable and professional and it's been overall a great experience.
What's my experience with pricing, setup cost, and licensing?
It's very expensive but it fits our budget. Because it's very expensive, we had to come up with ways of filtering our logs before they get into QRadar because otherwise, we'd have to buy a much greater amount of events per second, and that would be very expensive.
Splunk is virtually the same price.
What other advice do I have?
I'd recommend QRadar for security teams that are more from the IT world and not so much from the development or data-science world. I think other tools, such as Splunk, are really great too, but QRadar is natively concerned with providing security rules and use cases. If you're looking for a reliable solution for security purposes only, QRadar is probably the way to go.
Overall, on a scale from one to ten, I would give this solution a rating of eight.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Network Engineer at DeliverICT
An IBM solution that automatically creates asset profiles by using passive flow data and vulnerability data to discover your network servers and hosts
Pros and Cons
- "think QRadar is great overall. We’ve had a positive experience with it and recommend it for deployment. However, there are areas for improvement. The technical support is good, and the documentation is valuable, but it could be enhanced, especially regarding integration with other systems. In terms of support and updates, QRadar’s capabilities are crucial for maintaining high security standards. Network and software administrators can monitor all traffic effectively, which reassures clients and drives further adoption."
- "For future updates, I'd like to see more advanced threat intelligence features integrated with AI. This would help with analyzing traffic patterns and improving protection. QRadar currently doesn't integrate with AI for threat analysis. However, AI could enhance its capabilities by learning traffic patterns and automatically blocking or quarantining suspicious traffic. This would be especially useful when administrators are not actively monitoring. AI could help by analyzing incoming and outgoing traffic and adjusting policies accordingly."
What is our primary use case?
I’m working with the on-prem version of IBM Security QRadar. We initially deployed it with the help of IBM’s professional services for a client, but now we handle deployments ourselves. The process is quite straightforward for us because we gained knowledge from our first implementation and used the available documentation. Deployment takes a couple of hours the first time, including configuration and integration with third-party devices. I usually work with a colleague, so two people handle the deployment. Our environment is well-suited for this, and we’re using it on a virtual appliance. The experience has been smooth and efficient.
We are promoting QRadar to various financial institutions, including banks and microfinances, as a superior option compared to other vendors like Fortinet. While some institutions are using other solutions, we are encouraging them to switch to QRadar for better security.
How has it helped my organization?
We monitor tweets and other activities on the IBM Security QRadar portal. Once, we noticed unusual traffic patterns, like tweets triggering alerts, and we blocked that traffic. We also detected some security issues on the APM through the portal, which was a great experience. As for integration, we’ve successfully integrated QRadar with other security products like Cisco, Fortinet, and Check Point. Initially, we worked with IBM’s professional services to guide us through the integration process, and after that, we were able to follow their steps to integrate third-party devices ourselves.
QRadar has a significant impact on operational costs for clients. For example, we’re recommending QRadar to several banks due to its effectiveness in handling high traffic and preventing scams. The banks we’ve worked with are very satisfied and are encouraging others to deploy QRadar as well.
What is most valuable?
I think QRadar is great overall. We’ve had a positive experience with it and recommend it for deployment. However, there are areas for improvement. The technical support is good, and the documentation is valuable, but it could be enhanced, especially regarding integration with other systems.
In terms of support and updates, QRadar’s capabilities are crucial for maintaining high security standards. Network and software administrators can monitor all traffic effectively, which reassures clients and drives further adoption.
What needs improvement?
For future updates, I'd like to see more advanced threat intelligence features integrated with AI. This would help with analyzing traffic patterns and improving protection. QRadar currently doesn't integrate with AI for threat analysis. However, AI could enhance its capabilities by learning traffic patterns and automatically blocking or quarantining suspicious traffic. This would be especially useful when administrators are not actively monitoring. AI could help by analyzing incoming and outgoing traffic and adjusting policies accordingly.
For how long have I used the solution?
I have been using IBM Security Qradar for last one years.
What's my experience with pricing, setup cost, and licensing?
As for licensing costs, I haven't seen the exact figures, but it is considered somewhat costly. On a scale from one to ten, where one is very expensive and ten is very cheap, I would rate it a six—it’s costly but worth the money.
What other advice do I have?
Overall, I would rate IBM QRadar as a ten.
Disclosure: My company has a business relationship with this vendor other than being a customer:
Last updated: Sep 30, 2024
Flag as inappropriateSOC Manager at ALEXBANK
Highly scalable, excellent learning modules, but would like to see a better user interface
Pros and Cons
- "The most valuable feature is the machine learning module."
- "I would like to see some artificial intelligence and alternative solutions."
What is our primary use case?
Our primary use case is in the banking industry in two banks here in Egypt. We generally are monitoring the user behavior of the employees, For example, working after working hours, and signing into the machines after working hours.
What is most valuable?
The most valuable feature is the machine learning module.
What needs improvement?
I would like to see the interface improved along with the tuning and any adjustments when it comes to maintenance. It is not straightforward. I would also like to see some artificial intelligence and alternative solutions.
For how long have I used the solution?
I have been using IBM QRadar User Behavior Analytics for almost five years now.
What do I think about the stability of the solution?
I would give stability an eight on a scale of one to ten.
What do I think about the scalability of the solution?
The scalability is not a problem and we have above three thousand in our organization.
How was the initial setup?
The initial setup is extremely easy and straightforward.
What about the implementation team?
The deployment took around two to three days and we did it ourselves in-house. We simply downloaded the application and went from there following the deployment process.
What was our ROI?
We are seeing a return on investment when it comes to profiling the employees.
What's my experience with pricing, setup cost, and licensing?
The pricing is higher but cheaper than others and there are no additional costs.
Which other solutions did I evaluate?
We looked at ArcSight but the cost is more expensive than IBM. ArcSight did have the artificial intelligence model.
What other advice do I have?
I would recommend tuning it to the maximum before going live. I would rate IBM QRadar User Behavior Analytics a seven on a scale of one to ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Director of Incident Response at a retailer with 10,001+ employees
Robust and reliable but needs some fine-tuning
Pros and Cons
- "It'll get you from point A to B."
- "There should be more opportunity for community kind of distribution where, for example, if there was a zero-day threat targeting companies."
What is our primary use case?
The UBA component is something that is there. However, it's something that honestly hasn't been leveraged as much. It's probably not a UBA feature like the ones we’ve used in the past. In any case, the UBA feature is there. You can look at the users and look at any risky activity or use cases. I tend to look at it. However, it's not my main source in terms of leveraging it as a UBA.
What is most valuable?
I equate QRadar to a robust solution. You get all the live sources. If you have someone there fine-tuning the solution and creating rules for the team to ensure the fence is alert. It's a robust solution.
In the past, I've heard the term that it's like a Cadillac, a trusted Cadillac. It'll get you from point A to B. It does what integration is supposed to do.
What needs improvement?
It needs a little bit perhaps more fine-tuning on the SIM aspect of it. Out of the box, it's just not one of those things that I leverage as a single source of truth regarding the user behavior analytics aspect of it.
With QRadar, IBM has had ample time to innovate, make changes to the interface, and keep up with some of the competitors. Yet, IBM delays innovating QRadar, since, once people are tied into it, they stick to the SIM as that's what they're used to. Right now, you have many other players in the market, like Datadog, Sumo Logic, and Splunk. Splunk has a ton of connectors as well, which is making it more appealing for other people to look at other solutions, especially when they're trying to look at a cloud-native solution.
There should be more opportunity for community kind of distribution where, for example, if there was a zero-day threat targeting companies. I know that many other solutions now provide ease of use in terms of sharing rules and for identifying and tracking some of these zero-day vulnerabilities out there. Radar needs to do the same.
For how long have I used the solution?
I’ve been using the solution for about four years or so.
What do I think about the stability of the solution?
The stability's great. The solution is robust. It's trusted. Depending on how you have it deployed if it's a standalone appliance or it's high availability paired so that you have redundancy, the solution is reliable.
What do I think about the scalability of the solution?
Anywhere from 25 to 50 users are using it. The primary users are security operations. However, then you do have some folks on the infrastructure side that also leverage QRadar. It wasn't always the case. That said, once we provided access to the infrastructure team, they enjoy using QRadar for looking at logs, and troubleshooting. That would involve the networking team and the server team. They also leverage it as well.
How are customer service and support?
Overall, the IBM team is responsive in regards to ticketing. Obviously, you have to create a ticket with IBM and they will get someone to get on a WebEx with you within a reasonable amount of time depending on the urgency.
They will help resolve issues and create cases. The support is there in terms of having any issues or QRadar is generating errors. Support will guide you and record the session and help remove any issues or obstacles that you have, so I definitely would rate them high on the support aspect of it.
How was the initial setup?
I didn't set it up. Probably part of the engineering team set it up.
What's my experience with pricing, setup cost, and licensing?
I do not know the exact cost. It's a bit tricky as some of it is tied into pre-contracts that we have. Some parts of the company do prepaid funds for certain solutions. It's different. It varies.
What other advice do I have?
While I use QRadar, I'm in a managerial role, so I'm not living in it every single day as my team members are.
Every situation is different. I know a lot of organizations or a lot of C-suite executives all go to the same kind of conferences each year. Then they all come back singing the same song: "We all have to go to the Cloud."
I’d rate the solution six out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Lead Technical Architec at Commercial Bank of Ethiopia
It lets you filter by the source and destination IPs to get detailed information
Pros and Cons
- "It also has a graph that shows the traffic history. I can see what happened yesterday or today. If there's an incident, I can check the traffic behavior on QRadar."
- "QRadar's performance has room for improvement because it cannot handle the volume. I need massive amounts of logs from various devices in our existing network architecture. IBM needs to improve QRadar's capacity to handle more logs."
What is our primary use case?
We use QRadar to collect logs and monitor user activity and traffic from one network to another. The SOC team is in a room watching the logs from the tool live most of the time.
QRadar monitors all internet activity and the output of every device configured to send a log. All traffic from various networking devices passes through the QRadar servers, and we can view it live.
We have two data centers, and QRadar is deployed in one. It comes with two physical appliances to allow failover capability. There's a management interface that binds them together, and we set up an interface for each device connected to the network that sends a log.
What is most valuable?
QRadar allows you to filter by the source and destination IPs and see detailed logs on that. For example, if a user is trying to access a server using a malicious port like 4.5.0, I can get valuable data and take action from other devices.
It also has a graph that shows the traffic history. I can see what happened yesterday or today. If there's an incident, I can check the traffic behavior on QRadar.
What needs improvement?
I would like to see QRadar add more integration and interoperability. For instance, we are not able to send logs from Windows servers. We can send logs to the QRadar server from network devices and other types of servers. However, we have more than a hundred Windows servers that still don't use QRadar.
For how long have I used the solution?
Our company has been using QRadar for the last five years. We implemented it in 2017.
What do I think about the stability of the solution?
QRadar's performance has room for improvement because it cannot handle the volume. I need massive amounts of logs from various devices in our existing network architecture. IBM needs to improve QRadar's capacity to handle more logs.
Usually, disk space is the issue. When it runs out of space, we need to stop logs from different network devices, especially the firewall, before it starts working.
What do I think about the scalability of the solution?
It's hard for me to estimate the number of QRadar users because all of our banking traffic and user activity will pass through QRadar. At the higher end, more than 25,000 active users might use QRadar.
How are customer service and support?
I was directly involved with the IBM support team during the implementation, and we received training for some time after. The service has been excellent and supportive.
When we needed to upgrade, our security team invited the IBM technician back, and it was very smooth. Now, they are planning to set up redundancy in our second data center. Generally speaking, the support is good, and they check in about once a month remotely. I am directly involved with them, but I hear positive feedback from the team.
What about the implementation team?
The initial setup was configured in Linux on the server. We had a technical guy from IBM who came from Kenya. We only prepared the environment, like setting up the rack, but an IBM technician took care of the implementation. We also rely on the vendor for support and activities that require professional expertise.
What was our ROI?
I rate QRadar eight out of 10 for return on investment. We get a lot of valuable data from QRadar.
What other advice do I have?
I rate QRadar eight out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CS engineer at AYACOM
Comes with a lot of predefined connectors and good correlation rules, but needs better reporting and doesn't have a SOAR system by default
Pros and Cons
- "It has a lot of good correlation rules. From a customer's point of view, it is one of the best solutions because you don't need to create correlation rules from scratch. You just review them and customize them as you want."
- "It doesn't have a SOAR system by default. You need to purchase it additionally, which is the main problem with QRadar."
What is our primary use case?
We are using mixed solutions. We are currently working with IBM solutions and Azure system services. We are using two SIEM solutions: Azure Sentinel and QRadar. Azure Sentinel is covering our cloud-based solutions, and QRadar is covering our on-premise solutions.
What is most valuable?
QRadar has a lot of connectors out of the box. It has a lot of predefined and pre-deployed connectors that you can use.
It has a lot of good correlation rules. From a customer's point of view, it is one of the best solutions because you don't need to create correlation rules from scratch. You just review them and customize them as you want.
It supports using SQL queries. Sentinel uses KQL, but you need to learn it from scratch.
What needs improvement?
It doesn't have a SOAR system by default. You need to purchase it additionally, which is the main problem with QRadar.
Its reporting can be improved.
For how long have I used the solution?
I have been using this solution for approximately three years.
What do I think about the stability of the solution?
It is stable.
What do I think about the scalability of the solution?
It is scalable. It works for small, medium, and large enterprises. You can have a huge SOC, and you can implement it in a big company.
Our company has more than 5,000 assets, and we are covering them all with the QRadar system.
Which solution did I use previously and why did I switch?
We are using Azure Sentinel for our cloud-based solutions. The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found.
Azure Sentinel doesn't have many connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM.
If we start to collect all logs from our on-premise SIEM solutions, Azure Sentinel will cost much more than QRadar. If we calculate its cost over the next five or ten years, it will cost more than QRadar.
What's my experience with pricing, setup cost, and licensing?
You have a one-time payment, and you also can purchase it for one year as a subscription. We have it on-premise, and we have a permanent license for it. We have to pay for the support on a yearly basis.
If you compare its cost with Sentinel for one year, QRadar would seem more expensive, but if you compare its cost over five or ten years, Azure Sentinel will be more expensive than QRadar.
What other advice do I have?
I would recommend purchasing a cloud-based license subscription because it doesn't have any limits on the license. You can easily install it in a cloud environment. This cloud pack can be integrated with different types of SIEM solutions. So, you can use one management console to query all of the SIEM systems that you are managing. It is like having one window to manage your SOC. For example, a SOC can operate, manage, or provide services for different types of companies, and all these companies can have different types of SIEM solutions. With the cloud subscription of QRadar, you can cover all companies, which is good in my opinion.
I would recommend both QRadar and Azure Sentinel. It depends on the use case of a customer and the environment that they are using.
I would rate QRadar a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Security Information and Event Management (SIEM) Log Management User Entity Behavior Analytics (UEBA) Endpoint Detection and Response (EDR) Security Orchestration Automation and Response (SOAR) Managed Detection and Response (MDR) Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
Splunk Enterprise Security
Elastic Security
LogRhythm SIEM
Sumo Logic Security
Rapid7 InsightIDR
Fortinet FortiSIEM
AlienVault OSSIM
Cortex XSIAM
Securonix Next-Gen SIEM
Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What SOC product do you recommend?
- Has anyone got experience in deployment of a SIEM solution?
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- What is your opinion of IBM QRadar?
- What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
- Why do most companies prefer IBM QRadar?
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?