It helps us discover any threats with their alerts and tracking.
Senior Information Security Analyst at a financial services firm with 501-1,000 employees
Helps us to discover any threats with their alerts and tracking
Pros and Cons
- "It helps us discover any threats with their alerts and tracking."
- "The only challenge is that IBM has been a closed enterprise. It should be more open to integrating with other providers at an enterprise level. We're a bank and the core banking system integration is not way straightforward and there is no integration between IBM and these products. If IBM could open up and provide a way of integrating it seamlessly, without charging more for it, that would make a big difference."
How has it helped my organization?
What is most valuable?
QNI is the most valuable feature.
What needs improvement?
I would like for them to lower the price.
For how long have I used the solution?
One to three years.
Buyer's Guide
IBM Security QRadar
December 2024
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
What do I think about the stability of the solution?
The system is quite stable, so far we haven't had any problems. Although the initial supply of the appliance was a bit faulty, the processor kept on failing. We were within the warranty so they supplied new ones. After loading logs, the system is very stable and nothing to worry about.
What do I think about the scalability of the solution?
It's very scalable. There are currently five users. We may still onboard more users depending on the requirements and their departmental level.
We do plan to increase usage.
How are customer service and support?
Their support is excellent, they are available when we need them. I'm satisfied so far.
How was the initial setup?
The initial setup wasn't exactly straightforward but the vendor who set it up for was helpful. It was very straightforward with their help. The deployment took two months.
We require two admins for maintenance.
What about the implementation team?
We used our own people and the certified IBM vendor for the implementation. We had a very good experience with them.
What's my experience with pricing, setup cost, and licensing?
We do licenses once a year.
Which other solutions did I evaluate?
We also looked at LogRhythm.
What other advice do I have?
I would advise someone considering this solution to write down your use cases and evaluate them with the vendor. Evaluate the best solution based on your use cases because you are the ones who are going to use it. The vendor will try and implement and leave you with your problems.
If the solution meets your requirements and solves most of your problems, you're good to go. QRadar is the best solution we have. The only challenge is that IBM has been a closed enterprise. It should be more open to integrating with other providers at an enterprise level. We're a bank and the core banking system integration is not always straightforward and there is no integration between IBM and these products. If IBM could open up and provide a way of integrating it seamlessly, without charging more for it, that would make a big difference.
I would rate it an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cloud Security Architect at Nordcloud Oy
It's a state-of-the-art product for security information and event management
Pros and Cons
- "It's a state-of-the-art product for security information and event management (SIEM)."
- "There are a lot of great out-of-the-box features included."
- "The quality of technical support depends on the IBM support person. Sometimes, it's hard to get the right person on the other side. A ticket coordinator could be the key to better quality delivery."
- "The released patch quality is poor. IBM should test those patches on their side, not on the client's side."
What is our primary use case?
It is under a non-disclosure agreement (NDA).
How has it helped my organization?
- It helps because you don't need an army to execute the project when you do the PoC, and when finally going to production.
- The abundant out-of-the-box features which are operating wonderfully.
What is most valuable?
- It's easy to set up.
- There are a lot of great out-of-the-box features included.
- It's a state-of-the-art product for security information and event management (SIEM).
What needs improvement?
- Slow response sometimes and a not-so-helpful staff there. So make the support better, and you could succeed even more.
- The released patch quality is poor. IBM should test those patches on their side, not on the client's side. So, there are a lot of improvement to do.
- I would appreciate if IBM could create another more intuitive, easier way (intuitive UI) to perform advanced searches rather that just counting on regular expressions.
For how long have I used the solution?
One to three years.
How is customer service and technical support?
The quality of technical support depends on the IBM support person. Sometimes, it's hard to get the right person on the other side. A ticket coordinator could be the key to better quality delivery.
They are sometimes slow to respond and unhelpful.
What other advice do I have?
I highly recommend this product.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
IBM Security QRadar
December 2024
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
Founder at a university with 11-50 employees
Stable, easy to set up, and has good support
Pros and Cons
- "I think the QDI is very good."
- "The threat detection needs improvement, they have many false positives."
What is our primary use case?
This product helps to build a strong architecture, which is important to avoid problems.
What is most valuable?
I think the QDI is very good.
What needs improvement?
The biggest drawback of this solution is the price.
The threat detection needs improvement, they have many false positives.
It is important to have good architecture. If you have problems and you don't have a strong architecture you, will have trouble with this solution.
For how long have I used the solution?
I have been using IBM QRadar for three years.
We are using version 7.4.3
What do I think about the stability of the solution?
It's a stable solution.
How are customer service and technical support?
We have many interactions with L2 support when we needed L3 support. I would rate technical support an eight out of ten.
How was the initial setup?
The initial setup is straightforward. We had no problems.
It took approximately a month to deploy.
What's my experience with pricing, setup cost, and licensing?
This price is a little high, so it's an expensive product. It is a good solution but not a cheap one.
What other advice do I have?
I would rate IBM QRadar a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Assistant Manager-Information Security at a transportation company with 1,001-5,000 employees
Integrates with other applications and systems.
What is most valuable?
SIEM technology is the most valuable feature of this solution, as it can be integrated with almost every application and system. If not, then you may ask IBM to write a parser for it.
How has it helped my organization?
You have the visibility of different events, thus we can resolve the issue.
What needs improvement?
They should provide more integration with more devices.
For how long have I used the solution?
I have been using this solution for three years.
How is customer service and technical support?
I would give the technical support a 8/10 rating. They are excellent.
How was the initial setup?
The setup was straightforward.
What's my experience with pricing, setup cost, and licensing?
The pricing policy is good.
Which other solutions did I evaluate?
We looked at another solution, NitroSecurity Inc.
What other advice do I have?
If you have a good budget, then go for IBM QRadar.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
AVP - Security at a tech services company with 501-1,000 employees
Scalable, high visibility, and good technical support
Pros and Cons
- "I have found visibility very helpful for analytics."
- "This solution is on-premise and many customers are moving to the cloud base solution."
What is our primary use case?
IBM QRadar is typically deployed in a SOC environment for security monitoring. It is used for log and packet capturing. It has some supporting technology, such as data leakage prevention and data encryption.
What is most valuable?
I have found visibility very helpful for analytics.
What needs improvement?
This solution is on-premise and many customers are moving to the cloud base solution.
For how long have I used the solution?
I have been using this solution for approximately one year.
What do I think about the stability of the solution?
I have not had any complaints from my clients about the stability of the solution.
What do I think about the scalability of the solution?
The solution is scalable. Our customers that are using this solution are mainly large-sized companies, such as the government.
How are customer service and technical support?
The technical support is very good.
What other advice do I have?
Nowadays cloud stack security is very good. Some of my customers are planning to build their data center over the cloud, or implement cloud-based services using some of the beneficial services, such as threat intelligence services.
I rate IBM QRadar a ten out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Sr. Security Engineer at OmnitechIT
Stable security both in-house and for our customers
Pros and Cons
- "In addition to using this solution for our security operations center, we are using it for our other customers."
- "It needs more resilience and functionality."
What is our primary use case?
Our primary use case for this solution for the management of our security services, and our NOC (Network Operations Center) services.
How has it helped my organization?
In addition to using this solution for our security operations center, we are using it for our other customers.
What needs improvement?
It needs more resilience and functionality.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
My impressions of the stability is that it is good.
What do I think about the scalability of the solution?
The scalability is good. Internally we have many customers, but we offer this as a specific consultancy service. I do not know with certainty the number of users for this product in our customer environment.
What about the implementation team?
We used a consultant to assist us with the implementation of this solution.
What's my experience with pricing, setup cost, and licensing?
Our licensing costs for this solution is on a yearly basis.
What other advice do I have?
I would rate this product eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cyber Security Engineer at a tech services company with 501-1,000 employees
Provides a view into our network events and flows from log sources across our enterprise.
What is most valuable?
We have very large, distributed implementations. The best case that we get out of the solution is the rapid insight into security events and offenses in our environment.
How has it helped my organization?
The benefit of the solution is a combined view into all of our network events and flows from many log sources across our enterprise. This provides a single pane of glass in order to review what's going on in our environment.
What needs improvement?
I would like to see more APIs available in order to provide tighter integrations between other IBM products and third-party solutions. I would like to see new cognitive advisors, cognitive capabilities, and more integration capabilities.
What do I think about the stability of the solution?
I find it to be highly stable. It's one of those situations where you need to have high availability. We have a high availability implementation, so we never lose an environment.
What do I think about the scalability of the solution?
Scalability has been very good. If you need to add to the environment at any given time, based on a merger or acquisition, a new office, or a new data center, you can simply forward events from those centers or add additional hardware. You can include it right into your implementation.
What other advice do I have?
I would definitely recommend QRadar to anyone looking for an SIEM solution in their organization. This is especially the case for mid- to large-scale enterprise solutions, compared with the competitors.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Professional Services at a tech services company with 51-200 employees
Powerful user behavior analytics capabilities, and the log and process collection functionality is good
Pros and Cons
- "The most valuable feature is user behavior analytics (UBA)."
- "The whole process for support is something that needs to be improved."
What is most valuable?
The most valuable feature is user behavior analytics (UBA).
The EPS and FPS graphs are helpful.
The collecting of logs and processes is very good.
What needs improvement?
The support process needs to be improved.
Every SIEM solution has issues with plugins, as they have to connect to different log systems. It can affect security, infrastructure, and other things. IBM should continue to expand its database and cover as many systems as possible.
For how long have I used the solution?
I have been using IBM QRadar for about one year.
What do I think about the stability of the solution?
QRadar is a very stable product.
How are customer service and technical support?
The whole process for support is something that needs to be improved. You have to create a case, export the log and attach it to the case, then an engineer will clarify what you need to export and attach it to the ticket or support case, and so on. When you're working with a system that does not have good bandwidth, it makes it even more stressful. It is a lot of work and it should be easier to do.
My colleague has worked more with support and the feedback that I have heard is that they are quite good. It's the process that I am complaining about.
How was the initial setup?
The initial setup is pretty straightforward. We had several logs to integrate so it took a week and perhaps a few days.
What other advice do I have?
I would rate this product a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Security Information and Event Management (SIEM) Log Management User Entity Behavior Analytics (UEBA) Endpoint Detection and Response (EDR) Security Orchestration Automation and Response (SOAR) Managed Detection and Response (MDR) Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
Splunk Enterprise Security
Elastic Security
LogRhythm SIEM
Sumo Logic Security
Rapid7 InsightIDR
Fortinet FortiSIEM
AlienVault OSSIM
Cortex XSIAM
Securonix Next-Gen SIEM
Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What SOC product do you recommend?
- Has anyone got experience in deployment of a SIEM solution?
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- What is your opinion of IBM QRadar?
- What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
- Why do most companies prefer IBM QRadar?
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?