We are using IBM QRadar for threat protection and management.
Network Security Engineer at a computer software company with 51-200 employees
Priced well, scalable, but better threat detection needed
Pros and Cons
- "I have found IBM QRadar to be scalable."
- "IBM QRadar could improve the plugins and threat detection."
What is our primary use case?
What needs improvement?
IBM QRadar could improve the plugins and threat detection.
For how long have I used the solution?
I have been using IBM QRadar for approximately seven years.
What do I think about the stability of the solution?
The solution is stable.
Buyer's Guide
IBM Security QRadar
December 2024
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
What do I think about the scalability of the solution?
I have found IBM QRadar to be scalable.
What's my experience with pricing, setup cost, and licensing?
The price of this solution is reasonable.
What other advice do I have?
I rate IBM QRadar a seven out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CEO at Xcelliti
Easy to install and use, but the GUI and reporting features need to be improved
Pros and Cons
- "It has very rich functionality."
- "QRadar needs to be more specialized, along the lines of what other SIEM solutions are."
What is our primary use case?
We use QRadar to detect and gather information about any product vulnerabilities and any sort of attack on the network. It's able to help detect suspicious activity that is coming into the system.
We are also selling this product.
What is most valuable?
This product is easy to install, integrate, and use.
It has very rich functionality.
What needs improvement?
QRadar needs to be more specialized, along the lines of what other SIEM solutions are. It needs to be more detailed.
Incorporating an AI component is needed, where the learning feature identifies malicious activities coming into the network.
The GUI and reporting need to be improved.
The footprint needs to be optimized because the application footprint is too heavy. The machine requires a very high amount of resources.
For how long have I used the solution?
I have been working with IBM QRadar for between three and four years.
What do I think about the stability of the solution?
This is a very stable product.
What do I think about the scalability of the solution?
QRadar is a scalable solution.
How are customer service and technical support?
Technical support is very good.
What's my experience with pricing, setup cost, and licensing?
I feel that the price is reasonable but compared to other products that are on the market, such as an offering by Microsoft, it is more expensive.
What other advice do I have?
This is a good product but there is room for improvement in several areas, including the integration of advanced data mining.
I would rate this solution a six out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Buyer's Guide
IBM Security QRadar
December 2024
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Technical Security Specialist at a tech services company with 51-200 employees
Provides log management, application monitoring, vulnerability scanning, full packet capture and risk analysis.
What is most valuable?
IBM Security's QRadar Security Intelligence is a multi-feature security monitoring platform that provides log management, SIEM, NetFlow, application monitoring, vulnerability scanning, full packet capture and risk analysis.
The platform is designed to be deployed as an all-in-one appliance, as discrete components that can be scaled horizontally for distributed and larger environments.
How has it helped my organization?
The SIEM solution is considered as a monitoring tool for the network but you can set routing roles and special actions for certain events.
What needs improvement?
- The vulnerability scanner is not accurate. It needs more vulnerability signature updates or more regulation templates to be added on.
- We urgently need to add more report templates.
Maybe the improvements could be achieved by adding some modules like IPS, IDS and a next generation firewall that is able to start from monitoring the events and processing, then takes actions not only based on signatures but smart intelligent monitoring which would make QRadar into a full SIEM security solution.
For how long have I used the solution?
I have been using the solution for three years.
What do I think about the stability of the solution?
I didn't find any issues with stability of the product.
What do I think about the scalability of the solution?
The scalability of this product is very flexible because of the way that it counts the events that exceed the threshold of licenses it handled with the queue and stores the data for 5 GB, dealing with the events in a first-in, first-out (FIFO) methodology.
How are customer service and technical support?
I would rate the technical support as 9/10 for solving issues and 5/10 for responses.
Which solution did I use previously and why did I switch?
I didn't previously use another product but I deal with some accounts that used to use other vendors, and they were facing many issues in performance and slowness in processing events.
How was the initial setup?
The initial setup is very easy, just like when you install an operating system, and then you do the configuration needed for your environment.
Disclosure: My company has a business relationship with this vendor other than being a customer: Prosoft is an IBM VAD (value added distributor) in Egypt.
Cyber threat Intelligence Manager at CyberLab Africa
Beneficial log reporting, excellent technical support, but stability needs improvement
Pros and Cons
- "The most valuable features are log monitoring, easy-to-fix issues, and problem-solving."
- "There is a shortage of skilled individuals with knowledge about the solution. There is training required."
What is our primary use case?
We use IBM QRadar for threat protection.
What is most valuable?
The most valuable features are log monitoring, easy-to-fix issues, and problem-solving.
What needs improvement?
There is a shortage of skilled individuals with knowledge about the solution. There should be more training programs to teach and enable users get familiar.
For how long have I used the solution?
I have been using this solution for approximately one year.
What do I think about the stability of the solution?
The stability of the solution could improve.
What do I think about the scalability of the solution?
We have approximately 20 people using this solution in my organization.
How are customer service and technical support?
The technical support is great. Additionally, there are plenty of resources available to increase knowledge about the solution.
Which solution did I use previously and why did I switch?
We have used other solutions in the past.
How was the initial setup?
The installation is not very difficult, I did not have any problems.
What about the implementation team?
We used consultants for the implementation. We have five engineers that do the maintenance of this solution.
What's my experience with pricing, setup cost, and licensing?
There is a license required for this solution.
What other advice do I have?
I would recommend this solution to others.
I rate IBM QRadar a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Practice Head at a tech services company with 51-200 employees
Flexible correlation, easy to use, and stable
Pros and Cons
- "It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch."
- "The technical support can be improved a little bit, and the price could be cheaper."
What is our primary use case?
We have a POC environment but have not onboard it to any of our clients.
What is most valuable?
The most valuable feature is the correlation function, which is flexible.
It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch.
What needs improvement?
The technical support can be improved a little bit, and the price could be cheaper.
For how long have I used the solution?
I have been using IMB QRadar for one year.
What do I think about the stability of the solution?
IBM QRadar is a stable solution.
How are customer service and technical support?
Technical support needs improvement.
Which solution did I use previously and why did I switch?
I know a little bit about Splunk and ELK Elasticsearch. We did not have a PoC with Splunk so it was just theoretical, but I did learn about it.
How was the initial setup?
The initial setup is very easy.
What's my experience with pricing, setup cost, and licensing?
IBM QRadar is a little bit expensive compared to other products.
What other advice do I have?
I would recommend this solution to others who are looking for an on-premises solution. For a SIEM solution, it is the best one to go with. If they are interested in using the cloud, I would not recommend it. The cloud version of QRadar is QRoC and it is a bit complicated.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Queretaro at a tech services company with 1-10 employees
A complete network analysis tool that is agile, versatile, and easy to operate
Pros and Cons
- "The most valuable features are the versatility of this solution and the variety of things you can do with it."
- "The initial setup requires that you have somebody with the proper skill set, and it would help if the configuration were easier."
What is our primary use case?
We do not implement this tool ourselves but have experience implementing it for our clients. There are several use cases. The two most important ones are network analysis and UBA.
How has it helped my organization?
It has helped our clients to see how things have changed when comparing the initial behavior, and what is currently happening with the user's internet. It maintains archives on the behavior.
What is most valuable?
The most valuable features are the versatility of this solution and the variety of things you can do with it.
What needs improvement?
The initial setup requires that you have somebody with the proper skill set, and it would help if the configuration were easier.
For how long have I used the solution?
We have been working with QRadar for less than one year.
What do I think about the stability of the solution?
This is a very stable product.
What do I think about the scalability of the solution?
This is a scalable product that can scale to a large-sized organization.
My client for QRadar is medium-sized.
How was the initial setup?
You need someone with the proper skills to complete the setup. The complexity of it depends on the features that you are looking for, and it can become very complex. The deployment can take between 16 and 20 days, depending on what needs to be configured.
It's a process to deploy, but once you have it configured it's easy to operate.
What about the implementation team?
The deployment can be done in-house.
What's my experience with pricing, setup cost, and licensing?
The pricing is okay, it's comparable to other vendors.
It's not expensive for the resources that it gives you.
What other advice do I have?
I think the tool is very complete and very agile.
I would rate this solution a ten out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
General Manager at New System Engineering
A straightforward solution that minimizes the number of false positive errors
Pros and Cons
- "It is a very optimized engine."
- "It is very difficult to activate all of the network equipment, and it would help if it were made easier."
What is our primary use case?
We are a partner and provide this solution to our customers.
What is most valuable?
The most valuable feature is that it reports a very small number of false positives. It is a very optimized engine.
What needs improvement?
It is very difficult to activate all of the network equipment, and it would help if it were made easier. I would also like to see more integration with new devices.
For how long have I used the solution?
Ten years.
What do I think about the stability of the solution?
This is a very stable solution.
How are customer service and technical support?
The quality of technical support depends on the level. Level One support is very good, but if you have Level Two or Level Three then the support is not very reactive.
How was the initial setup?
The initial setup of this solution is not complex.
Deployment normally takes between one and three months.
What about the implementation team?
We have two engineers that are proficient in QRadar, and we handle the implementation for our customers.
Which other solutions did I evaluate?
One of my customers is a McAfee user and is in the process of replacing the solution with IBM QRadar.
What other advice do I have?
I would recommend this product. It is very simple to install, and not a complicated solution. IBM supplies regular software updates.
I would rate this solution an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Security Analyst at a tech services company with 51-200 employees
Well priced with information granularity, but has lousy tech support and provides false positives of attacks
Pros and Cons
- "Most valuable features include the granularity of information."
- "IBM technical support is always terrible."
What is most valuable?
Most valuable features include the granularity of information. Queries provide leads for finding information. We also deal with the Symantec team, which is a different one.
What needs improvement?
The solution has definite room for improvement. There were certain bugs we had to deal with. Bigger issues involve the quantity of rules involved in its deployment. Also, false positives can be obtained and there is a need to fine tune the solution once every month or two until everything is correct.
The stability and product support should also be addressed.
When an offense occurs, the source IP will automatically provide a source username which is not correct. For reasons I don't understand, it uses the team or the name of the last user of the computer and this is not always accurate. This means that there are times that I obtain offenses that are ascribed to my boss and which serve him. The solution ensures that the host is vulnerable to another attack. The solution will estimate that the targeted host is vulnerable to certain attacks.
Moreover, the solution may provide information of attacks that failed or that are irrelevant, such as vulnerabilities involving modems in which the target host is the Windows Server. This begs the question of why an offense that was and will always be blocked must be generated, such as that involving vulnerability from a modem.
For how long have I used the solution?
I have been using IBM QRadar for five years.
What do I think about the scalability of the solution?
When it comes to the scalability of the solution, it is possible to install many apps on top of IBM QRadar which can provide a host of views, such as those involving user behavior and analytics. There is no need to construct an SQL report, for example, as there are many free apps available which can be used to extend one's IBM QRadar functionalities.
How are customer service and technical support?
:
IBM technical support is always terrible. I have much experience with IBM, dating back 25 years in IT. I worked with IBM as a partner for almost 10 years. The organization is so big that it cannot tell one person from another. One can send an email and then get transferred from one support person to another, needing with the need to reiterate the issue anew with each one. In France they go on vacation and there is no one to whom one can address his issue. They also have problems with directing and redirecting phone calls.
I found myself in charge of all hardware issues involving IBM. Whenever we had a case with IBM which was escalated, I managed to resolve the issue before them. I would find a solution while they would still be making queries about some version. Sometimes I feel they are buying time. At other times, they start by enquiring about what I did in an attempt to resolve the issue. There are times that they insist on the purchase of a subscription as a condition of benefiting from high level support and at these moments I'm inclined to tell them that they should be paying me for this.
How was the initial setup?
The initial setup is quite straitforward and not so difficult.
What's my experience with pricing, setup cost, and licensing?
The pricing is always fine.
What other advice do I have?
We use the solution with multiple customers on a daily basis. We have experience with its installation, configuration and use.
I rate IBM QRadar as a six or seven out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Security Information and Event Management (SIEM) Log Management User Entity Behavior Analytics (UEBA) Endpoint Detection and Response (EDR) Security Orchestration Automation and Response (SOAR) Managed Detection and Response (MDR) Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
Splunk Enterprise Security
Elastic Security
LogRhythm SIEM
Sumo Logic Security
Rapid7 InsightIDR
Fortinet FortiSIEM
AlienVault OSSIM
Cortex XSIAM
Securonix Next-Gen SIEM
Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What SOC product do you recommend?
- Has anyone got experience in deployment of a SIEM solution?
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- What is your opinion of IBM QRadar?
- What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
- Why do most companies prefer IBM QRadar?
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?