IBM Security QRadar Reviews

• User-friendly
• Easy to deploy
• Easy to create use cases
• Easy to review an offense
• Its correlation engine is one of the best

I usually work on the deployment and fine-tuning of this product. However, I have some operational experience as well. For instance, you can simply audit all the IT equipment in your environment, such as the firewall, the IPS, and the Active Directory (AD) server.

It should have built-in blocking capability.

I have used this solution for four years.

On a scale of 100, it is 95% stable.

I did experience some scalability issues in one organization.

The technical support is excellent.

We were not using any other solution previously. This was my first solution. I am still working on it. I also have experience with McAfee Nitro and LogRhythm.

The setup was straightforward.

The pricing will definitely vary according to your EPS, but it is worth spending money on this product.

We looked at other solutions, such as McAfee Nitro and LogRhythm.

Work on sizing as much as you can so you can avoid any issues after deployment. You should also fulfill hardware requirements for this product. Otherwise, you will not get its full functionality.

I deploy the IBM QRadar for many organizations, and I've been performing analyses for those organizations as well.

These organizations use the tool for monitoring of their environment. It's a basic SIEM product. So we just log each and every data source, perform an analysis, and create rules. We also create advanced use cases to cater the advanced threat(s).

I am unable to pick one, every component is valuable. It is a very good SIEM.

I would like for Yara to be supported by all components. 

I have been working with this product for the last five years.

I think it's a very stable product that provides much more visibility than the other product.

You can scale the architecture of the QRadar easily by adding licenses.

Small to medium-sized organizations would require one to two people for maintenance while man power for large organizations would be determined by the architecture. 

Customer support needs some improvement as there have been a few cases where we were unable to reach them in time.

I didn't find it to be complex. I think IBM QRadar has a more user-friendly GUI that helps your team work easily within it. Deployment for an all in one will take four to five hours but can vary depending on environment size.

Our in-house team assists our customers with deployment. Our customers are the main POC and we are able to deploy into their environment, make necessary integrations, and create the rules.

Licensing can be costly depending on your architecture.

You receive alerts for misconfigurations which allows your administer to easily reconfigure any issues. 

The organizations themselves are able to monitor all of their information regarding their team including what attacks they are facing on a daily bases.

I would rate this an eight out of ten.

This product helps to build a strong architecture, which is important to avoid problems.

I think the QDI is very good.

The biggest drawback of this solution is the price.

The threat detection needs improvement, they have many false positives.

It is important to have good architecture. If you have problems and you don't have a strong architecture you, will have trouble with this solution.

I have been using IBM QRadar for three years.

We are using version 7.4.3

It's a stable solution.

We have many interactions with L2 support when we needed L3 support. I would rate technical support an eight out of ten.

The initial setup is straightforward. We had no problems.

It took approximately a month to deploy.

This price is a little high, so it's an expensive product. It is a good solution but not a cheap one.

I would rate IBM QRadar a nine out of ten.

We are a partner and provide this solution to our customers.

The most valuable feature is that it reports a very small number of false positives. It is a very optimized engine.

It is very difficult to activate all of the network equipment, and it would help if it were made easier. I would also like to see more integration with new devices.

This is a very stable solution.

The quality of technical support depends on the level. Level One support is very good, but if you have Level Two or Level Three then the support is not very reactive.

The initial setup of this solution is not complex.

Deployment normally takes between one and three months.

We have two engineers that are proficient in QRadar, and we handle the implementation for our customers.

One of my customers is a McAfee user and is in the process of replacing the solution with IBM QRadar.

I would recommend this product. It is very simple to install, and not a complicated solution. IBM supplies regular software updates.

I would rate this solution an eight out of ten.

It is under a non-disclosure agreement (NDA).

• It helps because you don't need an army to execute the project when you do the PoC, and when finally going to production. 

• The abundant out-of-the-box features which are operating wonderfully.
  

• It's easy to set up.
• There are a lot of great out-of-the-box features included.
• It's a state-of-the-art product for security information and event management (SIEM).

• Slow response sometimes and a not-so-helpful staff there. So make the support better, and you could succeed even more.
  
• The released patch quality is poor. IBM should test those patches on their side, not on the client's side. So, there are a lot of improvement to do. 
• I would appreciate if IBM could create another more intuitive, easier way (intuitive UI) to perform advanced searches rather that just counting on regular expressions.

The quality of technical support depends on the IBM support person. Sometimes, it's hard to get the right person on the other side. A ticket coordinator could be the key to better quality delivery.  

They are sometimes slow to respond and unhelpful.

I highly recommend this product.

It helps us discover any threats with their alerts and tracking.

QNI is the most valuable feature. 

I would like for them to lower the price. 

The system is quite stable, so far we haven't had any problems. Although the initial supply of the appliance was a bit faulty, the processor kept on failing. We were within the warranty so they supplied new ones. After loading logs, the system is very stable and nothing to worry about.

It's very scalable. There are currently five users. We may still onboard more users depending on the requirements and their departmental level.

We do plan to increase usage. 

Their support is excellent, they are available when we need them. I'm satisfied so far.

The initial setup wasn't exactly straightforward but the vendor who set it up for was helpful. It was very straightforward with their help. The deployment took two months. 

We require two admins for maintenance. 

We used our own people and the certified IBM vendor for the implementation. We had a very good experience with them. 

We do licenses once a year. 

We also looked at LogRhythm.

I would advise someone considering this solution to write down your use cases and evaluate them with the vendor. Evaluate the best solution based on your use cases because you are the ones who are going to use it. The vendor will try and implement and leave you with your problems.

If the solution meets your requirements and solves most of your problems, you're good to go. QRadar is the best solution we have. The only challenge is that IBM has been a closed enterprise. It should be more open to integrating with other providers at an enterprise level. We're a bank and the core banking system integration is not always straightforward and there is no integration between IBM and these products. If IBM could open up and provide a way of integrating it seamlessly, without charging more for it, that would make a big difference. 

I would rate it an eight out of ten. 

IBM QRadar is typically deployed in a SOC environment for security monitoring. It is used for log and packet capturing. It has some supporting technology, such as data leakage prevention and data encryption.

I have found visibility very helpful for analytics.

This solution is on-premise and many customers are moving to the cloud base solution.

I have been using this solution for approximately one year.

I have not had any complaints from my clients about the stability of the solution.

The solution is scalable. Our customers that are using this solution are mainly large-sized companies, such as the government.

The technical support is very good.

Nowadays cloud stack security is very good. Some of my customers are planning to build their data center over the cloud, or implement cloud-based services using some of the beneficial services, such as threat intelligence services.

I rate IBM QRadar a ten out of ten.

Our primary use case for this solution for the management of our security services, and our NOC (Network Operations Center) services.

In addition to using this solution for our security operations center, we are using it for our other customers.

It needs more resilience and functionality. 

My impressions of the stability is that it is good.

The scalability is good. Internally we have many customers, but we offer this as a specific consultancy service. I do not know with certainty the number of users for this product in our customer environment.

We used a consultant to assist us with the implementation of this solution.

Our licensing costs for this solution is on a yearly basis.

I would rate this product eight out of ten.