IBM Security QRadar Reviews

The most valuable feature that we found, especially this year, was the ability to build apps over it. Basically, the platform has opened up and we can now customize it, as per our needs and requirements. We can build interactive dashboards and other interesting things around it.

We are using QRadar to solve our business problems and the IT operation requirements. We are fine tuning the processes that are laid from the InfoSec perspective, such as to detect unauthorized changes happening across the IT environment or the business problems, namely the password sharing issues, which are not easy to detect otherwise.

In future versions, the various features that we would like to see are pretty much in line with what QRadar is coming up with, like this IBM QRadar UBA version 2.0 or support for STIX/TAXII. Basically, we have similar milestones there.

There are a few technical requirements that we have opened feature requests for, such as some of our complex use cases that need mathematical operators to be used within the reference maps. That's currently not available.

There were no stability issues.

There were no scalability issues. With this Event Processor and Data Node concept, I think it is highly scalable.

We have been facing a few technical issues and we are working with the technical support and the development team to resolve them.

Sometimes we get a really good response and at times, some of the issues have been floating around for a lot of time. But our IT resources have been assigned for the same and we hope that they should be resolved easily.

I was involved in the setup; it was pretty straightforward. Once you understand the overall architecture, it is pretty much easy to install and work upon.

It should be implemented by the best professionals available within IBM. It is really important to have a clean base installation, so that you can build things on the top of it.

When we are selecting a vendor, first and foremost, we look for the stability of the vendor, and what level of resources they are investing in their research and development. These are a couple of things that we look for while selecting a vendor and of course, the kind of resources we are looking for to get certain engagement and make sure those resources are aligned.

We are a service provider and we are providing the solution as a managed service for multitenancy security.

The solution is flexible and easy to use.

IBM is going through some problems with its resources currently making its support response time slow.

I have been using the solution for a couple of months.

I find the solution reliable. 

The solution is scalable. We have 15 customers using it at the moment.

The support could be a lot better by being faster.

We recently switched to this solution from LogRhythm cloud. One of the main reasons we switched solutions was because it is more scalable.

The installation was a little difficult and could be made easier.

We have evaluated Secureonix and this solution is far superior. We did the implementation of Securonix for two customers and we canceled it. We rolled back those clients onto this solution because Securonix failed on both implementations.

I would recommend this solution to others. We have invested in it and we plan on using it in the future.

I rate IBM QRadar an eight out of ten.

• Origination process in banks.
• Insurance claims on insurance companies.
  

We are a consulting company, but our clients use it to ensure that the process has been followed. We have the abilities to monitor each instance which originates on the process along with the performance of each department. In addition, clients can enter detail in at the instance level.

• UI capabilities
• High degree of interconnection with other systems.
• The business activity monitoring on the part of the solution.

For the common needs of clients to fulfill requirements, a real integration with Blueworks Live (BPA modeling tool also from IBM) and a more suitable BPM on cloud solution for midsize customers.

No stability issues.

No scalability issues.

The technical support is good enough.

We previously used Oracle BPM. We switched for a BPM project with IBM, because it has a better tool at the same price level range.

Always the sizing on any BPM project is challenging, as with any BPM tool.

IBM is a Ferrari if you are beginning with a concept. If it will be a pilot project, take a look at Red Hat Process Automation Manager or jBPM. Be realistic about the users' quantity. A good approach would be to begin with an On Cloud subscription, then later on do a more exact sizing.

We evaluated Red Hat and Bonita. We now prefer Red Hat for the price.

Ensure you have the functional skills on BPM and the technical skills on IBM BPM.

We used to be IBM partners, but are not anymore. Now, we are Red Hat partners.

I used the IBM QRadar product from 2015 until 2017.

When the WannaCry attack happened, QRadar helped the company a lot with the investigation of the firewall, antivirus, and other appliances.

The "Network Activity" feature was really good. An engineer can live monitor all the flow happening in real-time. This would help us a lot while investigating a case, and it would even help us with preventive actions.

QRadar needs to be improved on the storage side, particularly when the disc exceeded the maximum threshold.

We use this solution both in our company and those of our clients. We are resellers of QRadar. 

Curator is the leader of teams in the market. It's a product with plenty of features and capabilities. It's a very powerful solution.

The usability of interfaces could be improved and the solution could have better correlation services, as well as faster and updated intelligence interfaces.

I've been using this solution for five years. 

The solution is stable. 

The solution is scalable. 

Technical support has room for improvement.

The initial setup is easy.

Licensing costs are reasonable.

I rate the solution nine out of 10. 

The primary use of the solution in our deployment was for threat detection. 

The first feature that I love to demonstrate for my customers is the fact that the vulnerability manager is integrated in QRadar SIEM. This lets us stop and detect vulnerability. The reports provide many methods to fix it. The circumvention method and the patch method is perfected very well in the QRadar area. 

The second valuable feature is when we get events and make the correlation or rules. In IBM, we can implement our customer's rules. We can have very clear status threats and severity of antigens. The other fact I love about IBM is that we can integrate many other tiers solutions, such as Carbon Black and other plans.

The interface is very old. IBM should remake it into a more modern interface. I think this is the only thing they should improve on.

Another feature that would be nice is if it's possible to integrate some of the application style and configuration that is currently not easy to set up in the product. If it's possible to do that, it would be a major improvement.

In fact, I never got a road map to bring you from zero to the end. There should be information everywhere, from YouTube to any other places. It was very complicated to organize all the information in my head.

It's very stable. The only issue we can report about is a system issue. When the partition is full, the whole system shuts down. If some partition of the logs is not in QRadar, maybe we can't find any solution to do this from QRadar.
In fact, we observed that sometimes the systems are going down when a partition is up to 90%. This issue is related to Red Hat, also we observed this issue relating to logs TOMCAT, the /var/log be up to 100% quickly.

In my experience the upgrade, it could lead to some misconfiguration. We had this experience of disruption when upgrading the 7.2.7 to 7.2.9 and then 7.3.0.

We observed that some application and configuration needs to be redone. The scalability at this moment, because it's an older version, has some issues. Otherwise, I think scalability is excellent.

We don't use IBM Support. We communicate with Morocco Teams about this. When I have an issue, I post it and ask for the community, because I have an account in the IBM Community. The community is very, very knowledgeable and strong.

The setup is really very easy. It takes a few hours. The integration, orchestrating all the components to send logs to, etc., is very, very complicated. In the last setup we did for our customer, it took us four months to integrate. The setup, on the other hand, took only half a day.

The first advice I give my customers before buying SIEM is: "You should understand the solution well before starting the implementation." If they don't understand the solution, they will never be able to use it correctly. This is the first piece. The second point is that they will resist the change made to the setup installation. If they look for the solution, QRadar ATM is the best.

I would rate this solution as nine out of ten. I think there is no perfect product; maybe there will never be a perfect product. When I started to learn IBM QRadar, it was complicated to me in the beginning, because we did the installation for the customer. It is complicated, and the meaning and training were not very clear.

• Paradigm shift, security intelligence 2.0
• Contextual-based incident management
• Threat-based incident management
• A single management console to handle all the data
• Ease of use
• Existing integration capabilities
• Out-of-the-box reports
• Parser development

It has helped us in the reduction of VPN frauds via the active monitoring of various frauds.

• There is a scope of improvement in the orchestration layer, such as the SecOps from RSA. RSA Security Analytics bundles their offering with their SecOps (a subset of Archer - Risk Governance tool). This gives them a competitive edge.
• The reporting and dashboard capabilities require a bit of improvement in terms of fine tuning and bifurcation for the technical and management reports.

I have used this solution for four years.

There were no stability issues.

I would give technical support a rating of 9/10.

The setup was straightforward and the deployment was easy.

The pricing policy is a bit on the higher side. IBM offers discounts when applicable.

We looked at other solutions such as RSA enVision and HPE ArcSight.

Trust it, test it, and deploy it.

I deploy the IBM QRadar for many organizations, and I've been performing analyses for those organizations as well.

These organizations use the tool for monitoring of their environment. It's a basic SIEM product. So we just log each and every data source, perform an analysis, and create rules. We also create advanced use cases to cater the advanced threat(s).

I am unable to pick one, every component is valuable. It is a very good SIEM.

I would like for Yara to be supported by all components. 

I have been working with this product for the last five years.

I think it's a very stable product that provides much more visibility than the other product.

You can scale the architecture of the QRadar easily by adding licenses.

Small to medium-sized organizations would require one to two people for maintenance while man power for large organizations would be determined by the architecture. 

Customer support needs some improvement as there have been a few cases where we were unable to reach them in time.

I didn't find it to be complex. I think IBM QRadar has a more user-friendly GUI that helps your team work easily within it. Deployment for an all in one will take four to five hours but can vary depending on environment size.

Our in-house team assists our customers with deployment. Our customers are the main POC and we are able to deploy into their environment, make necessary integrations, and create the rules.

Licensing can be costly depending on your architecture.

You receive alerts for misconfigurations which allows your administer to easily reconfigure any issues. 

The organizations themselves are able to monitor all of their information regarding their team including what attacks they are facing on a daily bases.

I would rate this an eight out of ten.