It provides many options for searching. I can see devices from different vendors, like Cisco, in one interface, which is good for me.
Network & Cyber Security Engineer at a manufacturing company with 1,001-5,000 employees
A stable solution that comes with many search options
Pros and Cons
- "It provides many options for searching. I can see devices from different vendors, like Cisco, in one interface, which is good for me."
- "We sometimes get an error about the hard drive. Approximately once in two months, we can't find the logs, and they go missing, which is a terrible issue. We are getting support for this issue from our support company."
What is most valuable?
What needs improvement?
We sometimes get an error about the hard drive. Approximately once in two months, we can't find the logs, and they go missing, which is a terrible issue. We are getting support for this issue from our support company.
For how long have I used the solution?
I have been using this solution for one and a half years. We have been using this solution in our company for about four years. We have around 800 to 900 users.
What do I think about the stability of the solution?
It is very stable, but the hard drive sometimes does not have logs.
Buyer's Guide
IBM Security QRadar
December 2024
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
How are customer service and support?
IBM is always there to support us. We have no trouble with them.
We have agreements with different companies for support. They are good. For some issues, they take more time, like a day or two days.
What about the implementation team?
We have almost ten engineers for IT sites.
What other advice do I have?
I would rate IBM QRadar User Behavior Analytics an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Analyst at a tech services company with 201-500 employees
We can add anything to it, as it is a good companion to other tools
Pros and Cons
- "It integrates very easily with other solutions. The solution is flexible. We can add anything to it, as it is a good companion to other tools."
- "It's user-friendly when compared to other products."
- "They should introduce some automation into the product."
- "There was some complexity in the initial setup due to bandwidth issues."
What is our primary use case?
The primary use case is for insurance and product manufacturing. We use it to create rules and Windows firewalls.
How has it helped my organization?
Before implementing this solution, we had no security. After integrating many thing, we received reports letting us know what is compromised.
What is most valuable?
It's user-friendly when compared to other products. New users can easily understand the product.
It integrates very easily with other solutions. The solution is flexible. We can add anything to it, as it is a good companion to other tools.
What needs improvement?
They should introduce some automation into the product.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
It has good stability. If there is an issue, we restart the box.
What do I think about the scalability of the solution?
It is easily scalable.
Our team has nine people.
How are customer service and technical support?
The technical support is good.
Which solution did I use previously and why did I switch?
Previously, I was using McAfee Nitro. Comparing with McAfee, QRadar is user-friendly and easy to use.
How was the initial setup?
There was some complexity in the initial setup due to bandwidth issues.
The implementation took two to three days.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
IBM Security QRadar
December 2024
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Senior Field Manager at a security firm with 11-50 employees
Good scalability and straightforward setup, all in all, a good solution
Pros and Cons
- "It's quite scalable. We have upgraded some solutions from 1000 APS up to 3500 APS to 5000 APS. It's a good solution, they have no scalability issues."
- "I would like for them to develop a detection management solution. It does not have a detecting management solution in it, you have to buy it as it is, on top of the extended solution."
What is our primary use case?
It is a requirement for all of the banks to have a security solution in Pakistan. That is the reason most of the banks are using it. In the last one and a half years, Pakistani companies are taking security very seriously, so for that reason, they evaluate these solutions. All in all, it's a good solution.
What needs improvement?
I would like for them to develop a detection management solution. It does not have a detection management solution in it, you have to buy it as it is, on top of the extended solution.
What do I think about the scalability of the solution?
It's quite scalable. We have upgraded some solutions from 1000 APS up to 3500 APS to 5000 APS. It's a good solution, they have no scalability issues.
How was the initial setup?
The initial setup was straightforward. The deployment time depends on each customer. We have customers who have different infrastructures and their deployments are quite different. If we rack and stack it, around two, three days, maximum a week, but configuration and optimization take up to somewhere between six months and one year.
What other advice do I have?
I would rate it an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Security Solutions Architect at Micro Strategies
It has helped us with our response time to threats
Pros and Cons
- "It showed us where weaknesses were in our environment, so we could actively target those patches first."
- "Do your research before implementing it, because it is tough to implement."
How has it helped my organization?
It has helped us with our response time to threats. It also showed us where weaknesses were in our environment, so we could actively target those patches first.
What is most valuable?
It works well with IBM products.
What needs improvement?
QRadar's issue is it needs to add behavioral analytics. The product's behavioral engine is weak. It just uses algorithms. It should an equation that is cursively applied. This will provide true behavior.
Network Breach
I have only once experienced a network breach with QRadar. QRadar detected the breach within an hour and the triage investigation took another four hours. Overall, it took about six hours to remediate everything.
Efficiency of Security Team
With QRadar, everything runs better.
What do I think about the stability of the solution?
It is a very stable product. I cannot say anything bad about it.
What do I think about the scalability of the solution?
It is very scalable. It does a good job.
How are customer service and technical support?
Their Level 1 support is weak, but the support that we worked with to set up our feature sets is good. Their Level 2 and 3 support are good to work with overall, like most companies.
We contacted their technical support about adding more feature sets. We worked with their engineers to set up the feature sets that we wanted to expand upon and deliver the product, which they did.
Which solution did I use previously and why did I switch?
We originally used ArcSight, which got cumbersome and expensive. Also, HPE ruins everything that it touches. Therefore, we moved to QRadar.
How was the initial setup?
It is a pain to set up; basically it is not that easy.
Which other solutions did I evaluate?
We evaluated LogRhythm and Splunk.
- LogRhythm had limitations.
- Splunk was never designed to be a SIEM.
What other advice do I have?
Do your research before implementing it, because it is tough to implement.
Most important criteria when selecting a vendor: support. I say this to every vendor.
It is not always about pricing, which is nice when we start, but when the crap hits the fan. I want the vendor to be there with me.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
IT Security Manager at a tech services company
Some of the valuable features are QM, QRM, and forensics.
What is most valuable?
Some of the valuable features are QM, QRM, and forensics.
How has it helped my organization?
There many use cases.
What needs improvement?
I would like to see SOC.
For how long have I used the solution?
We have been using this for three years.
What was my experience with deployment of the solution?
There were no deployment issues.
What do I think about the stability of the solution?
There were no stability issues.
What do I think about the scalability of the solution?
There were no scalability issues.
How are customer service and technical support?
Customer Service:
Customer service is very good.
Technical Support:Technical support is excellent.
Which solution did I use previously and why did I switch?
We used another solution and we switched due to false positives.
How was the initial setup?
The setup was straightforward and not complex.
What about the implementation team?
We used a partner and vendor team and we have expertise in-house.
What was our ROI?
The ROI is acceptable.
What's my experience with pricing, setup cost, and licensing?
It is a bit more expensive than some others, SIEM, but it is more efficient.
Which other solutions did I evaluate?
We evaluated AlienVault, McAfee, and Splunk.
What other advice do I have?
It is a good solution.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Leader at a computer software company with 1,001-5,000 employees
Manage and review incidents easily
Pros and Cons
- "The features that I have found most valuable are that it is very stable, easy to get going, and easy to manage. It is also easy to review all incidents."
- "The only problem is that if you have too many events that occur, then the storage capacity becomes a problem. We would need to increase the storage capacity."
What is our primary use case?
We use IBM QRadar for user behavior analytics and incident handling.
What is most valuable?
The features that I have found most valuable are that it is very stable, easy to get going, and easy to manage. It is also easy to review all incidents.
What needs improvement?
The only problem is that if you have too many events that occur, then the storage capacity becomes a problem. We would need to increase the storage capacity.
For how long have I used the solution?
I have been using IBM QRadar for four years.
What do I think about the scalability of the solution?
We have three customers using it and these customers have 100 to 300 users.
How are customer service and support?
Getting support sometimes takes time.
How was the initial setup?
The initial setup was quite straightforward.
We had the complete deployment and it was up and running in half a day.
What about the implementation team?
You can implement it by yourself.
What other advice do I have?
I would recommend IBM QRadar to other people who want to start using it.
On a scale of one to ten, I would give QRadar a nine.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Founder at a university with 11-50 employees
A stable, scalable, and easy-to-use solution that lets you view users' activities
Pros and Cons
- "The UBA feature is the most valuable because you can see everything about users' activities."
- "The threat intelligence functionality can be better. In addition, it can have more monitoring capabilities."
What is most valuable?
The UBA feature is the most valuable because you can see everything about users' activities.
What needs improvement?
The threat intelligence functionality can be better. In addition, it can have more monitoring capabilities.
For how long have I used the solution?
I started to use it two to three years ago.
What do I think about the stability of the solution?
Its stability is very good. I don't have any problem with it.
What do I think about the scalability of the solution?
It has good scalability. It is easy to scale, but it is a little bit expensive to scale because you have to pay a lot for everything.
How are customer service and technical support?
Their technical support is good.
Which solution did I use previously and why did I switch?
I have also used Kibana. It is a good tool. The biggest difference between Kibana and QRadar is that Kibana is an open-source SIEM integration solution. So, you need more professionals, and you have to do everything by yourself, whereas in the case of QRadar, you get everything. You are paying not only for QRadar but also for other things like support and integration. In an open-source SIEM integration solution like KIbana, you don't get these things.
How was the initial setup?
It is an easy tool for me, so the initial setup was easy for me, but it might not be easy for everyone. If you compare it with Kibana, QRadar is easier to implement.
The implementation strategy was to follow the users, collect the logs, and then implement QRadar.
What about the implementation team?
We implemented it ourselves.
What's my experience with pricing, setup cost, and licensing?
Its price is good in terms of efficiency and the number of people required for implementing various things. You might pay more in terms of money, but you might save on the number of people. For example, if you are using Kibana, you have to pay more for people or experts, which is not the case with IBM QRadar.
What other advice do I have?
When you go for this solution, you are paying not only for the product but also for integration, good staff to help you, scalability, and many other things. There are many things that you can use in QRadar. It is easy to use.
I would rate IBM QRadar a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Principal Security Architect at a computer software company with 10,001+ employees
They have to build more quantitative monitoring, profiling, and make it more predictive
Pros and Cons
- "In terms of the most valuable features, the log collections and log processing mechanisms are good. They have good dashboards."
- "They have to build more quantitative monitoring, profiling, and make it more predictive."
What is our primary use case?
Some of these products can be used in any vertical like healthcare, manufacturing, and vehicle. You can use these products in all types of verticals. But I found that there is a limitation in central verticals. These products do not do well in central verticals.
What is most valuable?
In terms of the most valuable features, the log collections and log processing mechanisms are good. They have good dashboards. They probably have the best cloud management log processing. They are going to announce user intended behavior and management features. Compliance monitoring is okay. All these things become a commodity.
What needs improvement?
They have to build more quantitative monitoring, profiling, and make it more predictive.
For how long have I used the solution?
I have been working with IBM QRadar for the last seven to eight years.
What do I think about the stability of the solution?
QRadar is quite stable, but I am not sure about the volume. There is no clear volume. If I were to cross to an enterprise and the stability is not available then it would be a problem.
What do I think about the scalability of the solution?
Augmented solutions are very tough to scale because you already fulfilled how well you fulfill the software and then you will have to limit the scalability. That is a problem.
Our clients are small, medium, and enterprise size.
How are customer service and technical support?
Technical support is not that strong from IBM. It definitely does not compare to any standard support organization. It's not that great.
How was the initial setup?
The setup is comparatively easy, it's not that tough. But if you look at the current situation with COVID-19, people or organizations are not looking at how easy the cost of the innovation is. People want a plug and play option.
It's like if you go to the market you buy a car, you get the key, just sit in the car and drive it out. With traditional companies like IBM, you have to use all the hardware, you have to use all the software, and the setup can take one month, two months, three months depends on or the scope. Nowadays consumers are looking for a souped-up car. They expect the tool to be operational maximum within a week's time or 15 days. That is what is missing in the QRadar.
The time it takes to deploy depends on the project scope. The order of planning can take a month to three months.
You will need three people to set it up. It can get quite expensive in retrospect. I prefer to have a plug and play service
What's my experience with pricing, setup cost, and licensing?
There are more costs in addition to standard licensing; support, building.
What other advice do I have?
If you are only looking at IBM, make sure to evaluate the product thoroughly. Make sure to see the complete list they offer, like more of the competitive features. Explore the options available on the market.
It doesn't really integrate well with other products.
I would rate it a three out of ten. It is missing key features.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Security Information and Event Management (SIEM) Log Management User Entity Behavior Analytics (UEBA) Endpoint Detection and Response (EDR) Security Orchestration Automation and Response (SOAR) Managed Detection and Response (MDR) Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
Splunk Enterprise Security
Elastic Security
LogRhythm SIEM
Sumo Logic Security
Rapid7 InsightIDR
Fortinet FortiSIEM
AlienVault OSSIM
Cortex XSIAM
Securonix Next-Gen SIEM
Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What SOC product do you recommend?
- Has anyone got experience in deployment of a SIEM solution?
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- What is your opinion of IBM QRadar?
- What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
- Why do most companies prefer IBM QRadar?
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?