IBM Security QRadar Reviews

We use IBM QRadar for user behavior analytics and incident handling.

The features that I have found most valuable are that it is very stable, easy to get going, and easy to manage. It is also easy to review all incidents.

The only problem is that if you have too many events that occur, then the storage capacity becomes a problem. We would need to increase the storage capacity.

I have been using IBM QRadar for four years.

We have three customers using it and these customers have 100 to 300 users.

Getting support sometimes takes time.

The initial setup was quite straightforward.

We had the complete deployment and it was up and running in half a day.

You can implement it by yourself.

I would recommend IBM QRadar to other people who want to start using it.

On a scale of one to ten, I would give QRadar a nine.

We use this solution both in our company and those of our clients. We are resellers of QRadar. 

Curator is the leader of teams in the market. It's a product with plenty of features and capabilities. It's a very powerful solution.

The usability of interfaces could be improved and the solution could have better correlation services, as well as faster and updated intelligence interfaces.

I've been using this solution for five years. 

The solution is stable. 

The solution is scalable. 

Technical support has room for improvement.

The initial setup is easy.

Licensing costs are reasonable.

I rate the solution nine out of 10. 

The primary use case is for insurance and product manufacturing. We use it to create rules and Windows firewalls.

Before implementing this solution, we had no security. After integrating many thing, we received reports letting us know what is compromised.

It's user-friendly when compared to other products. New users can easily understand the product.

It integrates very easily with other solutions. The solution is flexible. We can add anything to it, as it is a good companion to other tools.

They should introduce some automation into the product.

It has good stability. If there is an issue, we restart the box.

It is easily scalable.

Our team has nine people.

The technical support is good.

Previously, I was using McAfee Nitro. Comparing with McAfee, QRadar is user-friendly and easy to use.

There was some complexity in the initial setup due to bandwidth issues.

The implementation took two to three days.

It has helped us with our response time to threats. It also showed us where weaknesses were in our environment, so we could actively target those patches first.

It works well with IBM products.

QRadar's issue is it needs to add behavioral analytics. The product's behavioral engine is weak. It just uses algorithms. It should an equation that is cursively applied. This will provide true behavior.

I have only once experienced a network breach with QRadar. QRadar detected the breach within an hour and the triage investigation took another four hours. Overall, it took about six hours to remediate everything. 

With QRadar, everything runs better.

It is a very stable product. I cannot say anything bad about it.

It is very scalable. It does a good job.

Their Level 1 support is weak, but the support that we worked with to set up our feature sets is good. Their Level 2 and 3 support are good to work with overall, like most companies.

We contacted their technical support about adding more feature sets. We worked with their engineers to set up the feature sets that we wanted to expand upon and deliver the product, which they did.

We originally used ArcSight, which got cumbersome and expensive. Also, HPE ruins everything that it touches. Therefore, we moved to QRadar.

It is a pain to set up; basically it is not that easy.

We evaluated LogRhythm and Splunk. 

• LogRhythm had limitations.
• Splunk was never designed to be a SIEM.

Do your research before implementing it, because it is tough to implement.

Most important criteria when selecting a vendor: support. I say this to every vendor.

It is not always about pricing, which is nice when we start, but when the crap hits the fan. I want the vendor to be there with me. 

• Origination process in banks.
• Insurance claims on insurance companies.
  

We are a consulting company, but our clients use it to ensure that the process has been followed. We have the abilities to monitor each instance which originates on the process along with the performance of each department. In addition, clients can enter detail in at the instance level.

• UI capabilities
• High degree of interconnection with other systems.
• The business activity monitoring on the part of the solution.

For the common needs of clients to fulfill requirements, a real integration with Blueworks Live (BPA modeling tool also from IBM) and a more suitable BPM on cloud solution for midsize customers.

No stability issues.

No scalability issues.

The technical support is good enough.

We previously used Oracle BPM. We switched for a BPM project with IBM, because it has a better tool at the same price level range.

Always the sizing on any BPM project is challenging, as with any BPM tool.

IBM is a Ferrari if you are beginning with a concept. If it will be a pilot project, take a look at Red Hat Process Automation Manager or jBPM. Be realistic about the users' quantity. A good approach would be to begin with an On Cloud subscription, then later on do a more exact sizing.

We evaluated Red Hat and Bonita. We now prefer Red Hat for the price.

Ensure you have the functional skills on BPM and the technical skills on IBM BPM.

We used to be IBM partners, but are not anymore. Now, we are Red Hat partners.

The most valuable feature that we found, especially this year, was the ability to build apps over it. Basically, the platform has opened up and we can now customize it, as per our needs and requirements. We can build interactive dashboards and other interesting things around it.

We are using QRadar to solve our business problems and the IT operation requirements. We are fine tuning the processes that are laid from the InfoSec perspective, such as to detect unauthorized changes happening across the IT environment or the business problems, namely the password sharing issues, which are not easy to detect otherwise.

In future versions, the various features that we would like to see are pretty much in line with what QRadar is coming up with, like this IBM QRadar UBA version 2.0 or support for STIX/TAXII. Basically, we have similar milestones there.

There are a few technical requirements that we have opened feature requests for, such as some of our complex use cases that need mathematical operators to be used within the reference maps. That's currently not available.

There were no stability issues.

There were no scalability issues. With this Event Processor and Data Node concept, I think it is highly scalable.

We have been facing a few technical issues and we are working with the technical support and the development team to resolve them.

Sometimes we get a really good response and at times, some of the issues have been floating around for a lot of time. But our IT resources have been assigned for the same and we hope that they should be resolved easily.

I was involved in the setup; it was pretty straightforward. Once you understand the overall architecture, it is pretty much easy to install and work upon.

It should be implemented by the best professionals available within IBM. It is really important to have a clean base installation, so that you can build things on the top of it.

When we are selecting a vendor, first and foremost, we look for the stability of the vendor, and what level of resources they are investing in their research and development. These are a couple of things that we look for while selecting a vendor and of course, the kind of resources we are looking for to get certain engagement and make sure those resources are aligned.

I use QRadar for cybersecurity defense, operation, and to improve performances.

I like that it's easy to use and the performance is good.

It would be better if it were more stable and more secure. The price for maintenance could be better. It's too high. In the next release, I think they should focus on the price and the operation.

I have been using IBM QRadar for four years.

IBM QRadar is a stable solution, but it could be more stable.

IBM QRadar is a scalable solution. We have about 100 users at the moment.

I remember that I opened ten or 20 cases to receive support from IBM over three years.

The initial setup and deployment are very easy. I think it took us about a month to implement this solution. We have a team of two, one manager and one technical, to deploy, manage, and maintain this solution.

We installed this solution with the help of a consultant.

The price could be better. I bought a subscription for three years. 

On a scale from one to ten, I would give IBM QRadar a seven.

We used this product as a SIEM, for information security.

This product collects all of the system logs and analyzes them to see if there are any security threats, or there have been any attacks. If there are, then it will alert the administrator to take the appropriate actions.

The detection rate is good and the false positive rate is low. Having a low false-positive rate is good because it means that if an alert happens then it is very likely a real attack.

QRadar is quite flexible. Out of ten, I would rate flexibility a nine.

They should speed up the incident response and also, at the same time, reduce the amount of manual effort that is required.

A nice enhancement would be the incorporation of more artificial intelligence and machine learning capabilities.

We have used IBM QRadar for approximately two years.

I would rate the stability a ten out of ten. We have had the occasional bug or other issue but once we report it to IBM, they give us a resolution quite quickly.

Technical support is quick to resolve issues.

We developed our own application to use as a SIEM, but we switched to QRadar.

The initial setup is complex and the deployment takes approximately three months.

It would be great if this product were cheaper.

We did evaluate other options before selecting this product.

Within the past year, IBM developed a SaaS version of QRadar, which is a nice option.

My advice for anybody who is considering this solution is to implement the latest IBM offerings together. QRadar is just one of the products, and multiple products can be combined to create the best solution for their needs.

I would rate this solution an eight out of ten.