IBM Security QRadar Reviews

I have implemented QRadar in a big airline company, where they needed to get all their security information in one place. It helped in reducing the amount of time that was needed to evaluate the risk of every event. Configuring the alerts has never been easier; you just search for the event you think you need and start creating the rules that way. It is really straightforward and you don't need much IT knowledge for it. Of course, your experience with the product and a generalist view of the infrastructure, business and IT are strongly recommended, when using a tool similar to this.

In my understanding, the best features are:

• DSMs (Device Support Modules),
• Device auto-discovery, and
• Hundreds of rules and reports already created for you to mix up.

These features are keeping QRadar on top in Gartner. You can have it running in a few hours, then start collecting your logs and events in no time.

We never experienced any stability issues. The only problem that I had was related to the hardware and the high availability worked as expected.

Something to take into account is the IBM support; they really know their business and how to fix problems. I had the opportunity to talk with L2 Managers in the US, who told me that IBM is investing in research, documentation and training for all the people working with it. This is a very interesting thing to have in mind, when choosing this platform.

We never experienced any scalability issues. If you correctly estimate the amount of EPS (the license variable), then scalability is not a problem. They can run in a really big environment (100,000 EPS tested in production) and all the infrastructure will work as a charm.

The technical support is excellent. As I've mentioned, they know their business and have a really good team behind them.

I had the opportunity to use other SIEM solutions, but no one can provide what QRadar does, i.e., in terms of its simplicity, support or integration.

The setup was really straightforward. You simply need to put your ISO image in the hypervisor, follow the on-screen instructions and you have it running in one hour.

The pricing and licensing policies are really competitive. These solutions are not for a really small business, but having just one license variable is really good. You simple tell the partner or sales representative the number of EPS you want to receive in your appliance and that's it. Other solutions have a 'correlation' license, which is more like a trap than anything else.

I have tested Splunk and used a little bit of NitroSecurity (McAfee). I have also seen a little bit of HPE ArcSight.

You should ask the sales representative to give you the Excel sheet to calculate EPS. Keep in mind that the firewalls, proxies and networking devices such as those will consume lots of EPS, but they do provide really nice information and insight from your network.

On Gartner, this is one of the top 10 SIEM solutions in the market. It is robust and IBM is investing a lot of money to get it running even better than it is running right now. You feel secured when you use it.

This solution is being implemented around the world and every day, a new feature or add-on is created for it.

First, I used the manual to learn, then I tried to merge it with my company's needs, and there weren't any problems.

I like the graphical interface. It's so good and easy.

Integration could be better. They should make it easy to integrate with other solutions. 

I have been using IBM QRadar Advisor with Watson for three or four years.

IBM QRadar Advisor with Watson is a stable solution.

I think IBM QRadar Advisor with Watson is scalable.

We didn't use technical support as the community was very helpful.

The initial setup was difficult the first time, but it got easier after that.

I think my company pays for the license yearly.

I would advise potential users to read the manual or the workbook before going forward with the deployment. Try to match the requirements with the company's needs to avoid facing issues in the future. But if you get stuck, you can always ask the community for help.

On a scale from one to ten, I would give IBM QRadar Advisor with Watson a nine.

This is a solution you use when you have many security products that you want to manage in one monitor, one analytic. We are partners with IBM and provide implementation services to our customers. I'm a solution security architect.

The most valuable feature is that it can analyze event logs, event security, and give a good consult. When you have SIEM, you can easily manage with one single monitor. QRadar can do a lot of analyses of every security product and will let us know what needs to be done to the log. Sometimes we need security orchestration automated response to support the SOC team.

The concern with QRadar is that there are so many features in the dashboard, too many menus that require going to two or three sub-monitors to enter the QRadar. The user interface is good but there are so many features that can be confusing for the administrator. It could be simplified. 

I've been using this solution for a year. 

I think that QRadar is stable, but I've never worked with other solutions in this area and I have nothing to compare it to. It has dedicated machines and offers great performance. 

The scalability is easy but it comes at a high price.

IBM in Indonesia provides great support.

The initial setup is complex if the data set is large. It really depends on that. We provide maintenance services to our clients so that if they have any trouble, we assist with troubleshooting.

SIEM is quite a pricey solution so we only offer it to enterprise companies that can pay the fees. For smaller companies, it's an extremely expensive product. 

I recommend this solution because I think they provide great support from the sales and technical perspective.

I rate the solution nine out of 10. 

Find the malicious activity via filter, don't rely on the rules which trigger the offenses and fix the suspicious activities.

Gaining application visibility and anomaly detection helping IT personnel to quickly identify meaningful deviations. For example, QRadar SIEM can detect off-hours or excessive usage of an application or cloud-based service, or network activity patterns that are inconsistent with historical, moving-average profiles and seasonal usage patterns.

Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure, helping organizations detect and remediate threats often missed by other security solutions. These threats can include inappropriate use of applications; insider fraud; and advanced, “low and slow” threats easily lost in the “noise” of millions of events..

Artificial Intelligence is superb, QRadar correlate the events smartly and remove the same events but need improvements.

One to three years...

No issues.

Very good

Mcafee, switched due to the bad correlation of data.

It was straightforward

Splunk and Logrhythm..

QRadar also supports UBA which is a fantastic feature to detect user's malicious activities.

I'm the technical consultant here at ActivEdge Technologies. Our primary use case for this solution is for Security Intelligence and Event Monitoring (SIEM) p. We provide protection services models for an organization's networks through a sophisticated technology which permits a proactive security posture. We have a business relationship with IBM QRadar as well as being a partner. We are a partner and we also use this feature. It's an integrated solution. We design it to be compatible with our client's network devices to maintain real-time monitoring through a centralized console. Our clients rely on us to create value.

QRadar has significantly improved our security. It has reduced threats considerably. The solution provides increased visibility along with actionable intelligence. We are looking into implementing it to proactively take steps to prevent or reduce the attacks.

The most valuable features would have to be the products' ability to customize vulnerability management settings and the ability to customize integration functions.

I can't see any need for service improvements because I feel it's easy to use and very functional as it is. There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place.

It's very stable. We never need much help with that.

The solution is very scalable; it's designed to be, it's distributed architecture. It's entirely scalable.

Currently, there are five domain users working with this solution. We don't have visibility on our end user count due to the fact that end users don't need to log on to the application.

Our maintenance needs require just one experienced QRadar analyst to moderate.

Technical support has proven to be very helpful.

The initial setup wasn't straightforward. The setup is situation specific.

The deployment for us took about 3 months.

Implementation was done in-house.

I think this product adds significant value to organizations seeking a scalable, security integration tool. It does a great job of identifying, classifying, prioritizing, remediating, and mitigating software vulnerabilities. It's a good solution

On a scale of 1 - 10, 10 being the best, I give this product a rating of 9.

Our primary use case of this solution is to identify threats. 

We do R&D for IBM QRadar and we are also a cybersecurity solution based company. We provide solutions for our clients like banking, government agencies, and other non-government organizations. Our clients test in our labs and we try to understand how a product works and how a product will help our clients. I have more than three years experience with AlienVault and I use AlienVault a lot and I have already deployed it in a few banks. I am now trying to understand how IBM QRadar works and what the difference between IBM QRadar and AlienVault is. 

This solution has many valuable features but I especially like the Log Manager feature.

I think QRadar is very complex. It's a distributed system and IBM QRadar has an all-in-one solution which is not like that distributed solution but it's a good product. IBM needs to consider the user interface because if we compare it with AlienVault, the AlienVault user interface is fantastic but the IBM QRadar user interface is very complex. They should focus on how to make it easier for the client.

IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution.

IBM QRadar is stable and scalable. 

Scalability is good. If you use APS 25 GPS license you can change to 3000 EPS anytime. Also, you can integrate a distributed solution with the all-in-one deployment. If you have a very small organization, you don't need model 5000 EPS license so you can deploy all-in-one and then one day if your organization grows bigger, you can deploy a distributed system.

We have our own system and network experts, forensic experts, and database expert so until now, we haven't had any issues that required us to contact their support. 

The initial setup was complex. When it comes to the deployment, you can get it done in a day but if you want to fine-tune it can take a very long time. This isn't only for QRadar, but this applies to most solutions. 

It takes two or three people to deploy this product but if you want to do custom configuration then you need each and every part's expert. You need a network expert, forensic expert, and system expert. If you want an advanced system configuration you need many more people. If you only want to integrate this solution in your organization then two or three people is more than enough for the deployment.

We deploy it for our clients.

Licensing is very expensive, IBM QRadar is a very expensive solution. If you want to minimize costs then IBM QRadar is not for you.

I would rate it an eight out of ten. Not a ten because of the complex interface. 

QRadar improved risk assessment and vulnerability, plus reduced staff.

The threat protection integration with other vendors.

The user interface needs improvement.

We have not suffered a network breach.

Our deployment collects nearly a 100 events a day. We often wield a backlog.

Stability is great.

The scalability is awesome, because QRadar includes other solutions in the same console.

I have not used technical support.

I was not involved in the initial setup.

We evaluated Check Point, but went with IBM because of price.

Most important criteria when selecting a vendor: Our customers need a cross of different units which make up a better solution for them.

The most valuable feature that we found, especially this year, was the ability to build apps over it. Basically, the platform has opened up and we can now customize it, as per our needs and requirements. We can build interactive dashboards and other interesting things around it.

We are using QRadar to solve our business problems and the IT operation requirements. We are fine tuning the processes that are laid from the InfoSec perspective, such as to detect unauthorized changes happening across the IT environment or the business problems, namely the password sharing issues, which are not easy to detect otherwise.

In future versions, the various features that we would like to see are pretty much in line with what QRadar is coming up with, like this IBM QRadar UBA version 2.0 or support for STIX/TAXII. Basically, we have similar milestones there.

There are a few technical requirements that we have opened feature requests for, such as some of our complex use cases that need mathematical operators to be used within the reference maps. That's currently not available.

There were no stability issues.

There were no scalability issues. With this Event Processor and Data Node concept, I think it is highly scalable.

We have been facing a few technical issues and we are working with the technical support and the development team to resolve them.

Sometimes we get a really good response and at times, some of the issues have been floating around for a lot of time. But our IT resources have been assigned for the same and we hope that they should be resolved easily.

I was involved in the setup; it was pretty straightforward. Once you understand the overall architecture, it is pretty much easy to install and work upon.

It should be implemented by the best professionals available within IBM. It is really important to have a clean base installation, so that you can build things on the top of it.

When we are selecting a vendor, first and foremost, we look for the stability of the vendor, and what level of resources they are investing in their research and development. These are a couple of things that we look for while selecting a vendor and of course, the kind of resources we are looking for to get certain engagement and make sure those resources are aligned.