IBM Security QRadar Reviews

We are using IBM QRadar for threat protection and management.

IBM QRadar could improve the plugins and threat detection.

I have been using IBM QRadar for approximately seven years.

The solution is stable.

I have found IBM QRadar to be scalable.

The price of this solution is reasonable.

I rate IBM QRadar a seven out of ten.

We use QRadar to detect and gather information about any product vulnerabilities and any sort of attack on the network. It's able to help detect suspicious activity that is coming into the system.

We are also selling this product.

This product is easy to install, integrate, and use.

It has very rich functionality.

QRadar needs to be more specialized, along the lines of what other SIEM solutions are. It needs to be more detailed.

Incorporating an AI component is needed, where the learning feature identifies malicious activities coming into the network.

The GUI and reporting need to be improved.

The footprint needs to be optimized because the application footprint is too heavy. The machine requires a very high amount of resources.

I have been working with IBM QRadar for between three and four years.

This is a very stable product.

QRadar is a scalable solution.

Technical support is very good.

I feel that the price is reasonable but compared to other products that are on the market, such as an offering by Microsoft, it is more expensive.

This is a good product but there is room for improvement in several areas, including the integration of advanced data mining.

I would rate this solution a six out of ten.

IBM Security's QRadar Security Intelligence is a multi-feature security monitoring platform that provides log management, SIEM, NetFlow, application monitoring, vulnerability scanning, full packet capture and risk analysis.

The platform is designed to be deployed as an all-in-one appliance, as discrete components that can be scaled horizontally for distributed and larger environments.

The SIEM solution is considered as a monitoring tool for the network but you can set routing roles and special actions for certain events.

• The vulnerability scanner is not accurate. It needs more vulnerability signature updates or more regulation templates to be added on.
• We urgently need to add more report templates.

Maybe the improvements could be achieved by adding some modules like IPS, IDS and a next generation firewall that is able to start from monitoring the events and processing, then takes actions not only based on signatures but smart intelligent monitoring which would make QRadar into a full SIEM security solution.

I have been using the solution for three years.

I didn't find any issues with stability of the product.

The scalability of this product is very flexible because of the way that it counts the events that exceed the threshold of licenses it handled with the queue and stores the data for 5 GB, dealing with the events in a first-in, first-out (FIFO) methodology.

I would rate the technical support as 9/10 for solving issues and 5/10 for responses.

I didn't previously use another product but I deal with some accounts that used to use other vendors, and they were facing many issues in performance and slowness in processing events.

The initial setup is very easy, just like when you install an operating system, and then you do the configuration needed for your environment.

We use IBM QRadar for threat protection.

The most valuable features are log monitoring, easy-to-fix issues, and problem-solving.

There is a shortage of skilled individuals with knowledge about the solution. There should be more training programs to teach and enable users get familiar.

I have been using this solution for approximately one year.

The stability of the solution could improve.

We have approximately 20 people using this solution in my organization.

The technical support is great. Additionally, there are plenty of resources available to increase knowledge about the solution.

We have used other solutions in the past.

The installation is not very difficult, I did not have any problems.

We used consultants for the implementation. We have five engineers that do the maintenance of this solution.

There is a license required for this solution.

I would recommend this solution to others.

I rate IBM QRadar a seven out of ten.

We have a POC environment but have not onboard it to any of our clients.

The most valuable feature is the correlation function, which is flexible.

It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch.

The technical support can be improved a little bit, and the price could be cheaper.

I have been using IMB QRadar for one year.

IBM QRadar is a stable solution.

Technical support needs improvement.

I know a little bit about Splunk and ELK Elasticsearch. We did not have a PoC with Splunk so it was just theoretical, but I did learn about it.

The initial setup is very easy.

IBM QRadar is a little bit expensive compared to other products.

I would recommend this solution to others who are looking for an on-premises solution. For a SIEM solution, it is the best one to go with. If they are interested in using the cloud, I would not recommend it. The cloud version of QRadar is QRoC and it is a bit complicated.

I would rate this solution an eight out of ten.

We do not implement this tool ourselves but have experience implementing it for our clients. There are several use cases. The two most important ones are network analysis and UBA.

It has helped our clients to see how things have changed when comparing the initial behavior, and what is currently happening with the user's internet. It maintains archives on the behavior.

The most valuable features are the versatility of this solution and the variety of things you can do with it. 

The initial setup requires that you have somebody with the proper skill set, and it would help if the configuration were easier.

We have been working with QRadar for less than one year.

This is a very stable product.

This is a scalable product that can scale to a large-sized organization.

My client for QRadar is medium-sized.

You need someone with the proper skills to complete the setup. The complexity of it depends on the features that you are looking for, and it can become very complex. The deployment can take between 16 and 20 days, depending on what needs to be configured.

It's a process to deploy, but once you have it configured it's easy to operate.

The deployment can be done in-house.

The pricing is okay, it's comparable to other vendors.

It's not expensive for the resources that it gives you.

I think the tool is very complete and very agile.

I would rate this solution a ten out of ten.

We are a partner and provide this solution to our customers.

The most valuable feature is that it reports a very small number of false positives. It is a very optimized engine.

It is very difficult to activate all of the network equipment, and it would help if it were made easier. I would also like to see more integration with new devices.

This is a very stable solution.

The quality of technical support depends on the level. Level One support is very good, but if you have Level Two or Level Three then the support is not very reactive.

The initial setup of this solution is not complex.

Deployment normally takes between one and three months.

We have two engineers that are proficient in QRadar, and we handle the implementation for our customers.

One of my customers is a McAfee user and is in the process of replacing the solution with IBM QRadar.

I would recommend this product. It is very simple to install, and not a complicated solution. IBM supplies regular software updates.

I would rate this solution an eight out of ten.

Most valuable features include the granularity of information. Queries provide leads for finding information. We also deal with the Symantec team, which is a different one. 

The solution has definite room for improvement. There were certain bugs we had to deal with. Bigger issues involve the quantity of rules involved in its deployment. Also, false positives can be obtained and there is a need to fine tune the solution once every month or two until everything is correct. 

The stability and product support should also be addressed. 

When an offense occurs, the source IP will automatically provide a source username which is not correct. For reasons I don't understand, it uses the team or the name of the last user of the computer and this is not always accurate. This means that there are times that I obtain offenses that are ascribed to my boss and which serve him. The solution ensures that the host is vulnerable to another attack. The solution will estimate that the targeted host is vulnerable to certain attacks. 

Moreover, the solution may provide information of attacks that failed or that are irrelevant, such as vulnerabilities involving modems in which the target host is the Windows Server. This begs the question of why an offense that was and will always be blocked must be generated, such as that involving vulnerability from a modem. 

I have been using IBM QRadar for five years. 

When it comes to the scalability of the solution, it is possible to install many apps on top of IBM QRadar which can provide a host of views, such as those involving user behavior and analytics. There is no need to construct an SQL report, for example, as there are many free apps available which can be used to extend one's IBM QRadar functionalities. 

:
IBM technical support is always terrible. I have much experience with IBM, dating back 25 years in IT. I worked with IBM as a partner for almost 10 years. The organization is so big that it cannot tell one person from another. One can send an email and then get transferred from one support person to another, needing with the need to reiterate the issue anew with each one. In France they go on vacation and there is no one to whom one can address his issue. They also have problems with directing and redirecting phone calls. 

I found myself in charge of all hardware issues involving IBM. Whenever we had a case with IBM which was escalated, I managed to resolve the issue before them. I would find a solution while they would still be making queries about some version. Sometimes I feel they are buying time. At other times, they start by enquiring about what I did in an attempt to resolve the issue. There are times that they insist on the purchase of a subscription as a condition of benefiting from high level support and at these moments I'm inclined to tell them that they should be paying me for this. 

The initial setup is quite straitforward and not so difficult. 

The pricing is always fine. 

We use the solution with multiple customers on a daily basis. We have experience with its installation, configuration and use. 

I rate IBM QRadar as a six or seven out of ten.