We are a service provider and we are providing the solution as a managed service for multitenancy security.
Regional Director, Customer Success (GTM Solutions & Services) at a tech services company with 51-200 employees
Flexible, easy to use, and scalable
Pros and Cons
- "The solution is flexible and easy to use."
- "IBM is going through some problems with its resources currently making its support response time slow."
What is our primary use case?
What is most valuable?
The solution is flexible and easy to use.
What needs improvement?
IBM is going through some problems with its resources currently making its support response time slow.
For how long have I used the solution?
I have been using the solution for a couple of months.
Buyer's Guide
IBM Security QRadar
December 2024
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
What do I think about the stability of the solution?
I find the solution reliable.
What do I think about the scalability of the solution?
The solution is scalable. We have 15 customers using it at the moment.
How are customer service and support?
The support could be a lot better by being faster.
Which solution did I use previously and why did I switch?
We recently switched to this solution from LogRhythm cloud. One of the main reasons we switched solutions was because it is more scalable.
How was the initial setup?
The installation was a little difficult and could be made easier.
Which other solutions did I evaluate?
We have evaluated Secureonix and this solution is far superior. We did the implementation of Securonix for two customers and we canceled it. We rolled back those clients onto this solution because Securonix failed on both implementations.
What other advice do I have?
I would recommend this solution to others. We have invested in it and we plan on using it in the future.
I rate IBM QRadar an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
Partner at a tech services company with 1-10 employees
It has a high degree of interconnection with other systems
Pros and Cons
- "We have the abilities to monitor each instance which originates on the process along with the performance of each department."
- "For the common needs of clients to fulfill requirements, a real integration with Blueworks Live (BPA modeling tool also from IBM) and a more suitable BPM on cloud solution for midsize customers."
What is our primary use case?
- Origination process in banks.
- Insurance claims on insurance companies.
How has it helped my organization?
We are a consulting company, but our clients use it to ensure that the process has been followed. We have the abilities to monitor each instance which originates on the process along with the performance of each department. In addition, clients can enter detail in at the instance level.
What is most valuable?
- UI capabilities
- High degree of interconnection with other systems.
- The business activity monitoring on the part of the solution.
What needs improvement?
For the common needs of clients to fulfill requirements, a real integration with Blueworks Live (BPA modeling tool also from IBM) and a more suitable BPM on cloud solution for midsize customers.
For how long have I used the solution?
More than five years.
What do I think about the stability of the solution?
No stability issues.
What do I think about the scalability of the solution?
No scalability issues.
How are customer service and technical support?
The technical support is good enough.
Which solution did I use previously and why did I switch?
We previously used Oracle BPM. We switched for a BPM project with IBM, because it has a better tool at the same price level range.
How was the initial setup?
Always the sizing on any BPM project is challenging, as with any BPM tool.
What's my experience with pricing, setup cost, and licensing?
IBM is a Ferrari if you are beginning with a concept. If it will be a pilot project, take a look at Red Hat Process Automation Manager or jBPM. Be realistic about the users' quantity. A good approach would be to begin with an On Cloud subscription, then later on do a more exact sizing.
Which other solutions did I evaluate?
We evaluated Red Hat and Bonita. We now prefer Red Hat for the price.
What other advice do I have?
Ensure you have the functional skills on BPM and the technical skills on IBM BPM.
We used to be IBM partners, but are not anymore. Now, we are Red Hat partners.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
IBM Security QRadar
December 2024
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Operations Analyst at a logistics company with 51-200 employees
Helps a company when investigating a case and with preventive actions
Pros and Cons
- "An engineer can live-monitor all the flow happening in real-time. This would help us a lot while investigating a case, and it would even help us with preventive actions."
- "QRadar needs to be improved on the storage side, particularly when the disc exceeded the maximum threshold."
What is our primary use case?
I used the IBM QRadar product from 2015 until 2017.
How has it helped my organization?
When the WannaCry attack happened, QRadar helped the company a lot with the investigation of the firewall, antivirus, and other appliances.
What is most valuable?
The "Network Activity" feature was really good. An engineer can live monitor all the flow happening in real-time. This would help us a lot while investigating a case, and it would even help us with preventive actions.
What needs improvement?
QRadar needs to be improved on the storage side, particularly when the disc exceeded the maximum threshold.
For how long have I used the solution?
One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CEO at REDSHIFT CONSULTING
Very powerful with plenty of features and capabilities
Pros and Cons
- "The product has plenty of features and capabilities."
- "The usability of interfaces could be improved."
What is our primary use case?
We use this solution both in our company and those of our clients. We are resellers of QRadar.
What is most valuable?
Curator is the leader of teams in the market. It's a product with plenty of features and capabilities. It's a very powerful solution.
What needs improvement?
The usability of interfaces could be improved and the solution could have better correlation services, as well as faster and updated intelligence interfaces.
For how long have I used the solution?
I've been using this solution for five years.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The solution is scalable.
How are customer service and support?
Technical support has room for improvement.
How was the initial setup?
The initial setup is easy.
What's my experience with pricing, setup cost, and licensing?
Licensing costs are reasonable.
What other advice do I have?
I rate the solution nine out of 10.
Disclosure: My company has a business relationship with this vendor other than being a customer:
Security Engineer at a tech services company with 11-50 employees
Enables us to stop and detect vulnerabilities
Pros and Cons
- "We get events and make the correlation, or rules. In IBM, we can implement our customer's rules. We can have very clear status threats and severity of antigens."
- "The interface is very old. IBM should remake it into a more modern interface."
What is our primary use case?
The primary use of the solution in our deployment was for threat detection.
What is most valuable?
The first feature that I love to demonstrate for my customers is the fact that the vulnerability manager is integrated in QRadar SIEM. This lets us stop and detect vulnerability. The reports provide many methods to fix it. The circumvention method and the patch method is perfected very well in the QRadar area.
The second valuable feature is when we get events and make the correlation or rules. In IBM, we can implement our customer's rules. We can have very clear status threats and severity of antigens. The other fact I love about IBM is that we can integrate many other tiers solutions, such as Carbon Black and other plans.
What needs improvement?
The interface is very old. IBM should remake it into a more modern interface. I think this is the only thing they should improve on.
Another feature that would be nice is if it's possible to integrate some of the application style and configuration that is currently not easy to set up in the product. If it's possible to do that, it would be a major improvement.
In fact, I never got a road map to bring you from zero to the end. There should be information everywhere, from YouTube to any other places. It was very complicated to organize all the information in my head.
For how long have I used the solution?
We've been using IBM QRadar for one and half years.
What do I think about the stability of the solution?
It's very stable. The only issue we can report about is a system issue. When the partition is full, the whole system shuts down. If some partition of the logs is not in QRadar, maybe we can't find any solution to do this from QRadar.
In fact, we observed that sometimes the systems are going down when a partition is up to 90%. This issue is related to Red Hat, also we observed this issue relating to logs TOMCAT, the /var/log be up to 100% quickly.
What do I think about the scalability of the solution?
In my experience the upgrade, it could lead to some misconfiguration. We had this experience of disruption when upgrading the 7.2.7 to 7.2.9 and then 7.3.0.
We observed that some application and configuration needs to be redone. The scalability at this moment, because it's an older version, has some issues. Otherwise, I think scalability is excellent.
How are customer service and technical support?
We don't use IBM Support. We communicate with Morocco Teams about this. When I have an issue, I post it and ask for the community, because I have an account in the IBM Community. The community is very, very knowledgeable and strong.
How was the initial setup?
The setup is really very easy. It takes a few hours. The integration, orchestrating all the components to send logs to, etc., is very, very complicated. In the last setup we did for our customer, it took us four months to integrate. The setup, on the other hand, took only half a day.
What other advice do I have?
The first advice I give my customers before buying SIEM is: "You should understand the solution well before starting the implementation." If they don't understand the solution, they will never be able to use it correctly. This is the first piece. The second point is that they will resist the change made to the setup installation. If they look for the solution, QRadar ATM is the best.
I would rate this solution as nine out of ten. I think there is no perfect product; maybe there will never be a perfect product. When I started to learn IBM QRadar, it was complicated to me in the beginning, because we did the installation for the customer. It is complicated, and the meaning and training were not very clear.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
IT Manager at a comms service provider with 1,001-5,000 employees
Contextual and threat-based incident management.
What is most valuable?
- Paradigm shift, security intelligence 2.0
- Contextual-based incident management
- Threat-based incident management
- A single management console to handle all the data
- Ease of use
- Existing integration capabilities
- Out-of-the-box reports
- Parser development
How has it helped my organization?
It has helped us in the reduction of VPN frauds via the active monitoring of various frauds.
What needs improvement?
- There is a scope of improvement in the orchestration layer, such as the SecOps from RSA. RSA Security Analytics bundles their offering with their SecOps (a subset of Archer - Risk Governance tool). This gives them a competitive edge.
- The reporting and dashboard capabilities require a bit of improvement in terms of fine tuning and bifurcation for the technical and management reports.
For how long have I used the solution?
I have used this solution for four years.
What do I think about the stability of the solution?
There were no stability issues.
How is customer service and technical support?
I would give technical support a rating of 9/10.
How was the initial setup?
The setup was straightforward and the deployment was easy.
What's my experience with pricing, setup cost, and licensing?
The pricing policy is a bit on the higher side. IBM offers discounts when applicable.
Which other solutions did I evaluate?
We looked at other solutions such as RSA enVision and HPE ArcSight.
What other advice do I have?
Trust it, test it, and deploy it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Team Lead & Principal Software Engineer at a tech services company with 51-200 employees
Stable SIEM that offers strong visibility
Pros and Cons
- "It is a very good SIEM."
- "I think it's a very stable product that provides much more visibility than the other product."
- "I would like for Yara to be supported by all components."
What is our primary use case?
I deploy the IBM QRadar for many organizations, and I've been performing analyses for those organizations as well.
These organizations use the tool for monitoring of their environment. It's a basic SIEM product. So we just log each and every data source, perform an analysis, and create rules. We also create advanced use cases to cater the advanced threat(s).
What is most valuable?
I am unable to pick one, every component is valuable. It is a very good SIEM.
What needs improvement?
I would like for Yara to be supported by all components.
For how long have I used the solution?
I have been working with this product for the last five years.
What do I think about the stability of the solution?
I think it's a very stable product that provides much more visibility than the other product.
What do I think about the scalability of the solution?
You can scale the architecture of the QRadar easily by adding licenses.
Small to medium-sized organizations would require one to two people for maintenance while man power for large organizations would be determined by the architecture.
How are customer service and support?
Customer support needs some improvement as there have been a few cases where we were unable to reach them in time.
How was the initial setup?
I didn't find it to be complex. I think IBM QRadar has a more user-friendly GUI that helps your team work easily within it. Deployment for an all in one will take four to five hours but can vary depending on environment size.
What about the implementation team?
Our in-house team assists our customers with deployment. Our customers are the main POC and we are able to deploy into their environment, make necessary integrations, and create the rules.
What's my experience with pricing, setup cost, and licensing?
Licensing can be costly depending on your architecture.
What other advice do I have?
You receive alerts for misconfigurations which allows your administer to easily reconfigure any issues.
The organizations themselves are able to monitor all of their information regarding their team including what attacks they are facing on a daily bases.
I would rate this an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Good detect rate with a small number of false positives, and support resolves issues quickly
Pros and Cons
- "The detection rate is good and the false positive rate is low."
- "They should speed up the incident response and also, at the same time, reduce the amount of manual effort that is required."
What is our primary use case?
We used this product as a SIEM, for information security.
How has it helped my organization?
This product collects all of the system logs and analyzes them to see if there are any security threats, or there have been any attacks. If there are, then it will alert the administrator to take the appropriate actions.
What is most valuable?
The detection rate is good and the false positive rate is low. Having a low false-positive rate is good because it means that if an alert happens then it is very likely a real attack.
QRadar is quite flexible. Out of ten, I would rate flexibility a nine.
What needs improvement?
They should speed up the incident response and also, at the same time, reduce the amount of manual effort that is required.
A nice enhancement would be the incorporation of more artificial intelligence and machine learning capabilities.
For how long have I used the solution?
We have used IBM QRadar for approximately two years.
What do I think about the stability of the solution?
I would rate the stability a ten out of ten. We have had the occasional bug or other issue but once we report it to IBM, they give us a resolution quite quickly.
How are customer service and technical support?
Technical support is quick to resolve issues.
Which solution did I use previously and why did I switch?
We developed our own application to use as a SIEM, but we switched to QRadar.
How was the initial setup?
The initial setup is complex and the deployment takes approximately three months.
What's my experience with pricing, setup cost, and licensing?
It would be great if this product were cheaper.
Which other solutions did I evaluate?
We did evaluate other options before selecting this product.
What other advice do I have?
Within the past year, IBM developed a SaaS version of QRadar, which is a nice option.
My advice for anybody who is considering this solution is to implement the latest IBM offerings together. QRadar is just one of the products, and multiple products can be combined to create the best solution for their needs.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Security Information and Event Management (SIEM) Log Management User Entity Behavior Analytics (UEBA) Endpoint Detection and Response (EDR) Security Orchestration Automation and Response (SOAR) Managed Detection and Response (MDR) Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
Splunk Enterprise Security
Elastic Security
LogRhythm SIEM
Sumo Logic Security
Rapid7 InsightIDR
Fortinet FortiSIEM
AlienVault OSSIM
Cortex XSIAM
Securonix Next-Gen SIEM
Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What SOC product do you recommend?
- Has anyone got experience in deployment of a SIEM solution?
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- What is your opinion of IBM QRadar?
- What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
- Why do most companies prefer IBM QRadar?
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?