IBM Security QRadar Reviews

IBM Security's QRadar Security Intelligence is a multi-feature security monitoring platform that provides log management, SIEM, NetFlow, application monitoring, vulnerability scanning, full packet capture and risk analysis.

The platform is designed to be deployed as an all-in-one appliance, as discrete components that can be scaled horizontally for distributed and larger environments.

The SIEM solution is considered as a monitoring tool for the network but you can set routing roles and special actions for certain events.

• The vulnerability scanner is not accurate. It needs more vulnerability signature updates or more regulation templates to be added on.
• We urgently need to add more report templates.

Maybe the improvements could be achieved by adding some modules like IPS, IDS and a next generation firewall that is able to start from monitoring the events and processing, then takes actions not only based on signatures but smart intelligent monitoring which would make QRadar into a full SIEM security solution.

I have been using the solution for three years.

I didn't find any issues with stability of the product.

The scalability of this product is very flexible because of the way that it counts the events that exceed the threshold of licenses it handled with the queue and stores the data for 5 GB, dealing with the events in a first-in, first-out (FIFO) methodology.

I would rate the technical support as 9/10 for solving issues and 5/10 for responses.

I didn't previously use another product but I deal with some accounts that used to use other vendors, and they were facing many issues in performance and slowness in processing events.

The initial setup is very easy, just like when you install an operating system, and then you do the configuration needed for your environment.

Our primary use case is for monitoring global infrastructure.

The feature that I have found most valuable is how it monitors the real network. That is its leading security feature.

In terms of what could be improved, I'd say do nothing, in its current state it does quite okay for now.

The biggest problem was built on top of the QRadar in the executive operations center network. The integration was not using the network security specialist properly, and all the incidents were inferior with QRadar. Its compatibility is not really good

I have been using IBM QRadar for more than five years.

I'm using the latest version of QRadar.

The stability is very good. Its operation is very good.

We have less than five people using it.

For us, as a small security company, it is covering our needs and our growth.

Customer support is good. When an incident gets raised there is a 10 day response.

The initial setup was complex.

We use the vendor for everything. That is the style of the corporation. For these jobs the responsibility and knowledge is on the vendor's side.

Implementation is over time and the maintenance price for QRadar is competitive.

On a scale of one to ten, I would give IBM QRadar a seven.

Overall, I would of course recommend this product to others because of all its functionalities.

We are using IBM QRadar for threat protection and management.

IBM QRadar could improve the plugins and threat detection.

I have been using IBM QRadar for approximately seven years.

The solution is stable.

I have found IBM QRadar to be scalable.

The price of this solution is reasonable.

I rate IBM QRadar a seven out of ten.

We have a POC environment but have not onboard it to any of our clients.

The most valuable feature is the correlation function, which is flexible.

It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch.

The technical support can be improved a little bit, and the price could be cheaper.

I have been using IMB QRadar for one year.

IBM QRadar is a stable solution.

Technical support needs improvement.

I know a little bit about Splunk and ELK Elasticsearch. We did not have a PoC with Splunk so it was just theoretical, but I did learn about it.

The initial setup is very easy.

IBM QRadar is a little bit expensive compared to other products.

I would recommend this solution to others who are looking for an on-premises solution. For a SIEM solution, it is the best one to go with. If they are interested in using the cloud, I would not recommend it. The cloud version of QRadar is QRoC and it is a bit complicated.

I would rate this solution an eight out of ten.

Most valuable features include the granularity of information. Queries provide leads for finding information. We also deal with the Symantec team, which is a different one. 

The solution has definite room for improvement. There were certain bugs we had to deal with. Bigger issues involve the quantity of rules involved in its deployment. Also, false positives can be obtained and there is a need to fine tune the solution once every month or two until everything is correct. 

The stability and product support should also be addressed. 

When an offense occurs, the source IP will automatically provide a source username which is not correct. For reasons I don't understand, it uses the team or the name of the last user of the computer and this is not always accurate. This means that there are times that I obtain offenses that are ascribed to my boss and which serve him. The solution ensures that the host is vulnerable to another attack. The solution will estimate that the targeted host is vulnerable to certain attacks. 

Moreover, the solution may provide information of attacks that failed or that are irrelevant, such as vulnerabilities involving modems in which the target host is the Windows Server. This begs the question of why an offense that was and will always be blocked must be generated, such as that involving vulnerability from a modem. 

I have been using IBM QRadar for five years. 

When it comes to the scalability of the solution, it is possible to install many apps on top of IBM QRadar which can provide a host of views, such as those involving user behavior and analytics. There is no need to construct an SQL report, for example, as there are many free apps available which can be used to extend one's IBM QRadar functionalities. 

:
IBM technical support is always terrible. I have much experience with IBM, dating back 25 years in IT. I worked with IBM as a partner for almost 10 years. The organization is so big that it cannot tell one person from another. One can send an email and then get transferred from one support person to another, needing with the need to reiterate the issue anew with each one. In France they go on vacation and there is no one to whom one can address his issue. They also have problems with directing and redirecting phone calls. 

I found myself in charge of all hardware issues involving IBM. Whenever we had a case with IBM which was escalated, I managed to resolve the issue before them. I would find a solution while they would still be making queries about some version. Sometimes I feel they are buying time. At other times, they start by enquiring about what I did in an attempt to resolve the issue. There are times that they insist on the purchase of a subscription as a condition of benefiting from high level support and at these moments I'm inclined to tell them that they should be paying me for this. 

The initial setup is quite straitforward and not so difficult. 

The pricing is always fine. 

We use the solution with multiple customers on a daily basis. We have experience with its installation, configuration and use. 

I rate IBM QRadar as a six or seven out of ten. 

We use QRadar to detect and gather information about any product vulnerabilities and any sort of attack on the network. It's able to help detect suspicious activity that is coming into the system.

We are also selling this product.

This product is easy to install, integrate, and use.

It has very rich functionality.

QRadar needs to be more specialized, along the lines of what other SIEM solutions are. It needs to be more detailed.

Incorporating an AI component is needed, where the learning feature identifies malicious activities coming into the network.

The GUI and reporting need to be improved.

The footprint needs to be optimized because the application footprint is too heavy. The machine requires a very high amount of resources.

I have been working with IBM QRadar for between three and four years.

This is a very stable product.

QRadar is a scalable solution.

Technical support is very good.

I feel that the price is reasonable but compared to other products that are on the market, such as an offering by Microsoft, it is more expensive.

This is a good product but there is room for improvement in several areas, including the integration of advanced data mining.

I would rate this solution a six out of ten.

I use it to analyze incidents. 

I like the API and it's easy to use. 

They should provide more manual examples online so that I can learn it myself. The dashboard also needs improvement. 

We require eight staff members for the maintenance. 

It's too expensive. 

I would rate it an eight out of ten. 

Some of the valuable features are QM, QRM, and forensics.

There many use cases.

I would like to see SOC.

We have been using this for three years.

There were no deployment issues.

There were no stability issues.

There were no scalability issues.

Customer service is very good.

Technical support is excellent.

We used another solution and we switched due to false positives.

The setup was straightforward and not complex.

We used a partner and vendor team and we have expertise in-house.

The ROI is acceptable.

It is a bit more expensive than some others, SIEM, but it is more efficient.

We evaluated AlienVault, McAfee, and Splunk.

It is a good solution.