IBM Security QRadar Reviews

We use this solution for advanced threat detection, insider threat monitoring, risk and vulnerability management, and unauthorized traffic detection regarding our network. We can monitor and detect web attacks with it as well. 

Within our organization, there are roughly 2,000 to 3,000 employees using this solution. As of now, we don't have any plans to increase our usage of IBM QRadar.

The basic use case of this solution is to identify insider threats. Insider threats are the most dangerous kind of threat for any type of organization to secure. This solution identifies who the insider threats are, and also determines if there are any malicious activities taking place inside of an organization itself. In short, it provides us with real-time visibility so we can identify who the insider threats and what malicious activities are occurring inside of our own network. It also protects our web applications from DNS attacks.

The threat hunting capabilities in general are great. 

I was going to say that the reporting could be improved, but IBM recently introduced a new cloud-based security service that integrates with QRadar. Now, reporting is much easier than before. I personally can't think of an area for improvement.

I have been using this solution for two and a half years. 

This solution is quite stable. 

We receive 24/7 support via email; however, we don't have to contact support often because we have our own trained team. They handle most issues.

We used to use Splunk.

How complex the initial setup is completely depends on the customer's infrastructure. If there are lots of tools that need to be integrated, then the setup is going to be really complex. I wouldn't say that the initial setup is complex, it's more moderate than anything. 

Deployment took two to three weeks from beginning to end.

The price of this solution is a little high.

Before implementing a new solution, you need to understand your network infrastructure completely. You need to determine if third-party integration is supported or not. IBM Qradar supports a lot of third-party integration because third-party tool integration is often required. 

Storage also needs to be defined properly as logs need to be kept for a certain amount of time. If you have to store logs for three to six months, then you'll need to ensure that you've evaluated the storage capacity properly.

Overall, on a scale from one to ten, I would give this solution a rating of eight. We're very satisfied with it. 

Our primary use case if for security analytics. We do investigation and security analytics, so we collect events and after collecting events we give positive security analytics to clients.

Most of our clients are interested in automation. The automation part is good because they are able to detect threats and vulnerabilities in real time. It's very fast. 

The vulnerability management aspect is the most valuable feature. IBM QRadar is the only SIEM solution with integrated vulnerability management. That's why most clients are flocking to it. API integration is very easy.

The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved.

The configuration steps are not easy to follow compared to NetWitness.

Scalability is good. I have plans to increase usage it just depends on the contracts. If I get more contracts I get more people. Most clients want to manage security and so they would want to outsource their expertise. If they outsource their expertise that means I have to recruit more people.

Their technical support is pretty good. 

The initial setup was easy. It usually takes around three months or so. In terms of the implementation strategy, once we get the correct events sorted, the strategy is to connect enough events sources so that they give you an efficient solution. 

We require five to ten people for setup and maintenance. 

I'm the consultant so we do the implementation ourselves. 

The licensing depends on the customer. The pricing is good.

I would rate it an eight out of ten. Not a ten because the configuration part of it should be easier. They tried to integrate everything together to be all in one, but it's not easy to configure.

The features make my work easier.

The most valuable feature is the DSM Editor. The custom parsing tool is very nice, outstanding. I have used McAfee's SIEM and LogRhythm as well, but because of this feature of QRadar, I don't think their solutions are good.

Customizing it is very easy and it has a user-friendly interface. 

The product is good, but one feature they should have is an Elasticsearch. Currently, in QRadar, there are no Elasticsearch criteria. Elasticsearch is a very fast search engine. IBM should consider it as part of QRadar. Currently, QRadar has a very slow search. If I search previous months' data it stops.

The scalability is good. I'm quite satisfied with it.

Technical support is the area IBM should work on. Support is not that responsive. If I open a support ticket, it takes three to four days for them to respond. They take that much time.

I have used different solutions in the organization, but the main reason for switching is the customization. QRadar very much supports customization. Another reason is that, in the market, we can easily get QRadar resources, like an analyst or engineer, as compared to other products. This is a reason that organizations move towards QRadar.

The initial setup was very straightforward. I didn't have to do anything once I installed it and configured it. It was very simple. Other solutions I have worked on, such as McAfee and LogRhythm, are a bit complex. This one is very easy to install and configure.

The deployment takes one to two months, max. The implementation strategy is totally dependent on the number of EPS, the requirements, and the types of log sources. We collect this information and then create our strategy.

I have been an engineer in many firms. I have deployed it by myself. One expert can deploy it. If there are 100,000 EPS you'll need more resources. If you have 5,000 to 10,000 EPS, one person can do it.

IBM has subscriptions plans that run for one year.

Overall, it's much better than other products.

In terms of increasing its usage, I have suggested to my organization that it tell customers to use it, its capacity and capabilities, with other tools like Watson.

This is a solution you use when you have many security products that you want to manage in one monitor, one analytic. We are partners with IBM and provide implementation services to our customers. I'm a solution security architect.

The most valuable feature is that it can analyze event logs, event security, and give a good consult. When you have SIEM, you can easily manage with one single monitor. QRadar can do a lot of analyses of every security product and will let us know what needs to be done to the log. Sometimes we need security orchestration automated response to support the SOC team.

The concern with QRadar is that there are so many features in the dashboard, too many menus that require going to two or three sub-monitors to enter the QRadar. The user interface is good but there are so many features that can be confusing for the administrator. It could be simplified. 

I've been using this solution for a year. 

I think that QRadar is stable, but I've never worked with other solutions in this area and I have nothing to compare it to. It has dedicated machines and offers great performance. 

The scalability is easy but it comes at a high price.

IBM in Indonesia provides great support.

The initial setup is complex if the data set is large. It really depends on that. We provide maintenance services to our clients so that if they have any trouble, we assist with troubleshooting.

SIEM is quite a pricey solution so we only offer it to enterprise companies that can pay the fees. For smaller companies, it's an extremely expensive product. 

I recommend this solution because I think they provide great support from the sales and technical perspective.

I rate the solution nine out of 10. 

We are a service provider and we are providing the solution as a managed service for multitenancy security.

The solution is flexible and easy to use.

IBM is going through some problems with its resources currently making its support response time slow.

I have been using the solution for a couple of months.

I find the solution reliable. 

The solution is scalable. We have 15 customers using it at the moment.

The support could be a lot better by being faster.

We recently switched to this solution from LogRhythm cloud. One of the main reasons we switched solutions was because it is more scalable.

The installation was a little difficult and could be made easier.

We have evaluated Secureonix and this solution is far superior. We did the implementation of Securonix for two customers and we canceled it. We rolled back those clients onto this solution because Securonix failed on both implementations.

I would recommend this solution to others. We have invested in it and we plan on using it in the future.

I rate IBM QRadar an eight out of ten.

We are partners with IBM. We do simulations for our clients. Then we resolve the issue that they're facing using IBM QRadar.

We have integrated IBM QRadar with our firewall and some services that we use. When the logs are about to get full of SQL, IBM QRadar makes a notification. The admin knows that they're about to get full so he just goes and clears them out. That is when we usually use IBM QRadar. On our firewall, when the issue notifications are generated, we don't usually open the firewall but QRadar alerts us about what went down in our environment.

The most valuable feature of IBM QRadar is its slow control and even activation. I also like the post notifications on the screen.

The quoting and the dashboard session could be improved. It should be more user-friendly.

Otherwise, the overall functionality of IBM QRadar is superb. A better GUI and reporting both would be good additions to the product.

IBM QRadar is very stable. It doesn't have many errors.

IBM QRadar is easy to scale. We can integrate other devices if we want to. We could go to distributed architecture instead, but we like this product. It doesn't affect the environment. In our office, we have around 40 - 50 users, but our clients have more users on their networks. 

Our organization has staff in the software department that manages IBM QRadar for us. The security division just manages the login. Overall, only two to three staff are required for the management of IBM QRadar. They are more than enough to control the situation because most of it is easy. We definitely have plans to increase our current usage of the solution in the future.

Technical support from IBM is not that good here in this region. It's quite helpful to have local support. They don't have much expertise in this product. 

We usually have to go to IBM to resolve the issues if we have them because the overall product is a bit complex. There are not many local resources here in this region with expertise in IBM QRadar.

The initial setup is straightforward. It's very easy. I think anyone can install it within minutes. The deployment of IBM QRadar takes around 20 to 25 minutes if you have a good hard drive.

We deployed IBM QRadar ourselves. We have technicians. We bill the client and do the installation on our own, along with other IBM products

We do licensing on a yearly basis. It's for deployment. If the client wants more services, we support the license. There are no other costs for the product.

When I joined the company we were already partners with IBM. I didn't have much experience with other products.

I would recommend IBM QRadar because of the security features and the organization. I can recommend the security. Security is nowadays an essential part of IBM QRadar. 

IBM QRadar is probably the best possible solution in the market. I would rate it an eight out of 10.

QRadar improved risk assessment and vulnerability, plus reduced staff.

The threat protection integration with other vendors.

The user interface needs improvement.

We have not suffered a network breach.

Our deployment collects nearly a 100 events a day. We often wield a backlog.

Stability is great.

The scalability is awesome, because QRadar includes other solutions in the same console.

I have not used technical support.

I was not involved in the initial setup.

We evaluated Check Point, but went with IBM because of price.

Most important criteria when selecting a vendor: Our customers need a cross of different units which make up a better solution for them.

The event collector, flow collector, PCAP and SOAR are valuable.

Whenever we connect the span port, its device and health status increase the capacity level. So I suggest the mitigation of that part for IBM. Otherwise, it's a good product. We also continuously have issues with technical support because they do not have a prompt response time.

We have been using IBM QRadar for the last five years.

I rate the stability a nine out of ten.

I rate the scalability an eight out of ten. We deploy to many customers and have completed many POCs. We have a four-person team.

The technical support is good, but they are not prompt. I rate them a five out of ten.

Neutral

I rate the initial setup a ten out of ten. It is deployed on-premises and takes about two to three days to deploy the full environment readiness. But the device integration, rules screening and log onboarding take too long, about three to four months. The deployment was completed in-house.

The solution is expensive compared to other products, and I rate the pricing a five out of ten.

I rate this solution a nine out of ten.