IBM Security QRadar Reviews

We used this product as a SIEM, for information security.

This product collects all of the system logs and analyzes them to see if there are any security threats, or there have been any attacks. If there are, then it will alert the administrator to take the appropriate actions.

The detection rate is good and the false positive rate is low. Having a low false-positive rate is good because it means that if an alert happens then it is very likely a real attack.

QRadar is quite flexible. Out of ten, I would rate flexibility a nine.

They should speed up the incident response and also, at the same time, reduce the amount of manual effort that is required.

A nice enhancement would be the incorporation of more artificial intelligence and machine learning capabilities.

We have used IBM QRadar for approximately two years.

I would rate the stability a ten out of ten. We have had the occasional bug or other issue but once we report it to IBM, they give us a resolution quite quickly.

Technical support is quick to resolve issues.

We developed our own application to use as a SIEM, but we switched to QRadar.

The initial setup is complex and the deployment takes approximately three months.

It would be great if this product were cheaper.

We did evaluate other options before selecting this product.

Within the past year, IBM developed a SaaS version of QRadar, which is a nice option.

My advice for anybody who is considering this solution is to implement the latest IBM offerings together. QRadar is just one of the products, and multiple products can be combined to create the best solution for their needs.

I would rate this solution an eight out of ten.

It provides many options for searching. I can see devices from different vendors, like Cisco, in one interface, which is good for me.

We sometimes get an error about the hard drive. Approximately once in two months, we can't find the logs, and they go missing, which is a terrible issue. We are getting support for this issue from our support company.

I have been using this solution for one and a half years. We have been using this solution in our company for about four years. We have around 800 to 900 users.

It is very stable, but the hard drive sometimes does not have logs.

IBM is always there to support us. We have no trouble with them.

We have agreements with different companies for support. They are good. For some issues, they take more time, like a day or two days. 

We have almost ten engineers for IT sites.

I would rate IBM QRadar User Behavior Analytics an eight out of ten.

The primary use case is for insurance and product manufacturing. We use it to create rules and Windows firewalls.

Before implementing this solution, we had no security. After integrating many thing, we received reports letting us know what is compromised.

It's user-friendly when compared to other products. New users can easily understand the product.

It integrates very easily with other solutions. The solution is flexible. We can add anything to it, as it is a good companion to other tools.

They should introduce some automation into the product.

It has good stability. If there is an issue, we restart the box.

It is easily scalable.

Our team has nine people.

The technical support is good.

Previously, I was using McAfee Nitro. Comparing with McAfee, QRadar is user-friendly and easy to use.

There was some complexity in the initial setup due to bandwidth issues.

The implementation took two to three days.

It is a requirement for all of the banks to have a security solution in Pakistan. That is the reason most of the banks are using it. In the last one and a half years, Pakistani companies are taking security very seriously, so for that reason, they evaluate these solutions. All in all, it's a good solution. 

I would like for them to develop a detection management solution. It does not have a detection management solution in it, you have to buy it as it is, on top of the extended solution. 

It's quite scalable. We have upgraded some solutions from 1000 APS up to 3500 APS to 5000 APS. It's a good solution, they have no scalability issues.

The initial setup was straightforward. The deployment time depends on each customer. We have customers who have different infrastructures and their deployments are quite different. If we rack and stack it, around two, three days, maximum a week, but configuration and optimization take up to somewhere between six months and one year.

I would rate it an eight out of ten. 

It has helped us with our response time to threats. It also showed us where weaknesses were in our environment, so we could actively target those patches first.

It works well with IBM products.

QRadar's issue is it needs to add behavioral analytics. The product's behavioral engine is weak. It just uses algorithms. It should an equation that is cursively applied. This will provide true behavior.

I have only once experienced a network breach with QRadar. QRadar detected the breach within an hour and the triage investigation took another four hours. Overall, it took about six hours to remediate everything. 

With QRadar, everything runs better.

It is a very stable product. I cannot say anything bad about it.

It is very scalable. It does a good job.

Their Level 1 support is weak, but the support that we worked with to set up our feature sets is good. Their Level 2 and 3 support are good to work with overall, like most companies.

We contacted their technical support about adding more feature sets. We worked with their engineers to set up the feature sets that we wanted to expand upon and deliver the product, which they did.

We originally used ArcSight, which got cumbersome and expensive. Also, HPE ruins everything that it touches. Therefore, we moved to QRadar.

It is a pain to set up; basically it is not that easy.

We evaluated LogRhythm and Splunk. 

• LogRhythm had limitations.
• Splunk was never designed to be a SIEM.

Do your research before implementing it, because it is tough to implement.

Most important criteria when selecting a vendor: support. I say this to every vendor.

It is not always about pricing, which is nice when we start, but when the crap hits the fan. I want the vendor to be there with me. 

Some of the valuable features are QM, QRM, and forensics.

There many use cases.

I would like to see SOC.

We have been using this for three years.

There were no deployment issues.

There were no stability issues.

There were no scalability issues.

Customer service is very good.

Technical support is excellent.

We used another solution and we switched due to false positives.

The setup was straightforward and not complex.

We used a partner and vendor team and we have expertise in-house.

The ROI is acceptable.

It is a bit more expensive than some others, SIEM, but it is more efficient.

We evaluated AlienVault, McAfee, and Splunk.

It is a good solution.

The UBA feature is the most valuable because you can see everything about users' activities. 

The threat intelligence functionality can be better. In addition, it can have more monitoring capabilities.

I started to use it two to three years ago.

Its stability is very good. I don't have any problem with it.

It has good scalability. It is easy to scale, but it is a little bit expensive to scale because you have to pay a lot for everything.

Their technical support is good.

I have also used Kibana. It is a good tool. The biggest difference between Kibana and QRadar is that Kibana is an open-source SIEM integration solution. So, you need more professionals, and you have to do everything by yourself, whereas in the case of QRadar, you get everything. You are paying not only for QRadar but also for other things like support and integration. In an open-source SIEM integration solution like KIbana, you don't get these things.

It is an easy tool for me, so the initial setup was easy for me, but it might not be easy for everyone. If you compare it with Kibana, QRadar is easier to implement.

The implementation strategy was to follow the users, collect the logs, and then implement QRadar.

We implemented it ourselves.

Its price is good in terms of efficiency and the number of people required for implementing various things. You might pay more in terms of money, but you might save on the number of people. For example, if you are using Kibana, you have to pay more for people or experts, which is not the case with IBM QRadar.

When you go for this solution, you are paying not only for the product but also for integration, good staff to help you, scalability, and many other things. There are many things that you can use in QRadar. It is easy to use.

I would rate IBM QRadar a nine out of ten.

Some of these products can be used in any vertical like healthcare, manufacturing, and vehicle. You can use these products in all types of verticals. But I found that there is a limitation in central verticals. These products do not do well in central verticals.

In terms of the most valuable features, the log collections and log processing mechanisms are good. They have good dashboards. They probably have the best cloud management log processing. They are going to announce user intended behavior and management features. Compliance monitoring is okay. All these things become a commodity.

They have to build more quantitative monitoring, profiling, and make it more predictive.

I have been working with IBM QRadar for the last seven to eight years. 

QRadar is quite stable, but I am not sure about the volume. There is no clear volume. If I were to cross to an enterprise and the stability is not available then it would be a problem.

Augmented solutions are very tough to scale because you already fulfilled how well you fulfill the software and then you will have to limit the scalability. That is a problem.

Our clients are small, medium, and enterprise size. 

Technical support is not that strong from IBM. It definitely does not compare to any standard support organization. It's not that great.

The setup is comparatively easy, it's not that tough. But if you look at the current situation with COVID-19, people or organizations are not looking at how easy the cost of the innovation is. People want a plug and play option. 

It's like if you go to the market you buy a car, you get the key, just sit in the car and drive it out. With traditional companies like IBM, you have to use all the hardware, you have to use all the software, and the setup can take one month, two months, three months depends on or the scope. Nowadays consumers are looking for a souped-up car. They expect the tool to be operational maximum within a week's time or 15 days. That is what is missing in the QRadar.

The time it takes to deploy depends on the project scope. The order of planning can take a month to three months.

You will need three people to set it up. It can get quite expensive in retrospect. I prefer to have a plug and play service

There are more costs in addition to standard licensing; support, building.

If you are only looking at IBM, make sure to evaluate the product thoroughly. Make sure to see the complete list they offer, like more of the competitive features. Explore the options available on the market.

It doesn't really integrate well with other products. 

I would rate it a three out of ten. It is missing key features.