The primary use case of this solution is to help customize the workflows and dashboards for our clients in a secure manner.
Principal Cybersecurity Consultant (Architecture, Engineering, Operations) CISO VCISO at a financial services firm with 10,001+ employees
The solution uses AI to analyze different logged events, and network activity and create a correlation
Pros and Cons
- "The most valuable features are the AI assistant, which is good at detecting known types of behavior."
- "The solution can be improved by lowering the cost and bettering their technical support."
What is our primary use case?
How has it helped my organization?
The solution has helped improve our organization by providing the comfort and visibility that we are, meeting compliance, and doing our due diligence in analyzing events from multiple sources and correlating threat activity.
What is most valuable?
The most valuable features are the AI assistant, which is good at detecting known types of behavior. The solution can analyze different logged events, and network activity and create a correlation. The solution is easy to customize and tune compared to other products.
What needs improvement?
The solution can be improved by lowering the cost and bettering their technical support.
Buyer's Guide
IBM Security QRadar
December 2024
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
For how long have I used the solution?
I have been using the solution for three and a half years.
What do I think about the stability of the solution?
The stability of this solution is rock solid, a ten out of ten.
What do I think about the scalability of the solution?
The solution appears to be scalable. I have used the solution in organizations with users ranging from 2000 to 10,000.
How are customer service and support?
The technical support eventually gets the job done.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Depending on what the client is looking for I have used and recommended ArcSight, Splunk, and Cisco.
How was the initial setup?
The initial setup is in-between straightforward and complex. Any SIEM solution is complex, but compared to other products, it is the middle of the road. It's not as difficult or cumbersome, especially when you compare it to ArcSight being the most difficult where you require a whole team of people to really derive any value.
What was our ROI?
Most of our clients have seen a return on investment because compared to other solutions it does not require a busload of people to operate it and it is reasonably priced.
What's my experience with pricing, setup cost, and licensing?
The solution is costly and the price differs depending on the vendor you use.
What other advice do I have?
I give the solution an eight out of ten.
The solution is fairly easy to maintain and the learning curve is reasonable compared to other products to customize the workflow dashboards and get meaningful insight as far as what is happening within our organization. The solution is also fairly straightforward to integrate with different data log sources.
The solution requires three to five people to maintain including one analyst, an engineer, and an architect.
I suggest before using the solution you know what your process is, know what your logging sources are, and plan well because It's really a leadership challenge. The solution is better deployed than other models.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
IBM
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Sales Consultant at Google, LLC
Great detection capability; lacks features such as predictive identification of threads
Pros and Cons
- "Vulnerability data, network data and the like, are part of correlation and detection."
- "Pricing model could be more cost-effective."
What is our primary use case?
I was initially a reseller before selling the solution from within IBM. I'm currently a freelance security sales consultant.
What is most valuable?
A valuable feature is the detection capability. I like that the solution can use data other than log data which means that things like vulnerability data, network data and the like, are part of the correlation and detection.
What needs improvement?
I think they could change their pricing model to be more cost effective. It currently relies on data ingestion. I'd like to see IBM extend their capability with the solution to include more than just fault finding, features such as predictive identification of threads. Having better support for things like MITRE and the ATT&CK chain, and using all of the known attacks that are out there when they're actually spotting events and correlations.
For how long have I used the solution?
I've used this solution for 10 years.
What do I think about the scalability of the solution?
The solution is very scalable.
How are customer service and technical support?
Technical support is pretty good, but sometimes when the problems are complex they can be slow to respond.
How was the initial setup?
The initial setup is very easy. I think it's one of the easiest SIMs to use.
What other advice do I have?
IBM has recently come out with a new version called Cloud Pak for Security but I haven't used it yet. It contains not just QRadar, but also IBM's resilience incident response products.
I recommend the solution but because of the issues with pricing and technical support, I rate the solution seven out of 10.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer:
Buyer's Guide
IBM Security QRadar
December 2024
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
Cyber Security Specialist at a tech vendor with 10,001+ employees
Good dashboard and helpful third-party plugins but technical support could be better
Pros and Cons
- "There are other third-party plugins that we can use."
- "The AQL queries could be better."
What is most valuable?
There is a Pulse dashboard that they have. From a reporting perspective, we'll be creating dashboards based on the pulse functionalities.
There are other third-party plugins that we can use as well. We can initiate in the QRadar platform, however, Pulse is one of the most user-friendly options.
Along with that, there are out the box rules and out the box dashboards that we have available to us. Mostly what we are concentrating on is creating the rules and fine-tuning the rules to align properly with the customer infrastructure depending upon the customer's requirements. Pulse, UEBA, and NBAD are the features that are the best. They are the most useful from a SOC manager perspective.
What needs improvement?
The AQL queries could be better. With the queries, there's an option for you to create dashboards based on the queries that they have. The documentation that is available for AQL queries is not well received. They could maybe look at how Microsoft is leveraging AQLs from a Sentinel perspective and create more documentation and training materials and make those more available to the general public.
They have to facilitate more learning opportunities. Microsoft has something called Playground where you have some sample logs and where you can learn how to work on all this stuff, however, there is nothing like that for IBM. They really could make it more generalized and accessible to the general analyst population.
Technical support should be improved.
For how long have I used the solution?
In terms of QRadar, I've used it for close to two years. I worked for a customer that is a managed security service provider. What we do is we will provide SOC as a service and QRadar. IBM is one of the partners that we have. Depending upon the customer considerations and customer preferences, we will either engage QRadar or Sentinel according to the customer preferences. Splunk and LogRhythm we also use on an as-needed basis.
What do I think about the stability of the solution?
What they have claimed is 99.5% uptime. However, I'm not very sure whether there's an implementation problem or not. Sometimes the system gets hung and then we have to restart everything from the scratch. You have got these multi printing options, though not functionally. Sometimes it gets some jitters there. Sometimes there are cases where we are finding it very difficult to get into the system as there can be three or four people logging into the same platform at the same time and sometimes the reduces the speed a lot.
What do I think about the scalability of the solution?
From an architect implementation perspective, the role that I have played is very limited. I'm not very sure about scaling. I'm not in a position to comment on that part. That said, once everything is implemented, I've noted that it's not as scalable as Sentinel or Splunk on the cloud, for sure. That is the same for LogRhythm and QRadar. Obviously, cloud-hosted applications will be more scalable and more resilient.
How are customer service and support?
Technical support is something that has always been an issue for us. We have to raise a ticket and the products team will be available, however, depending upon the criticality, sometimes the support is not very easily accessible on weekends and on Friday evenings.
Which solution did I use previously and why did I switch?
I've also worked with Sentinel, Splunk, QRadar, and LogRhythm.
How was the initial setup?
Compared to Sentinel, the initial setup is a bit complex. Depending upon whether you're going ahead with the cloud version or on-prem version, there is human involvement, however, normally everything is done by the platform engineer. I don't have to get my head into that part. Once everything is up and running, that is when we have to start working from our side. I'm sure it is more complex than a plug-and-play Sentinel, where connectors are easily available and just have to click, click and get things done.
The administration and maintenance would be two or three people depending upon the availability. I'm not very sure about troubleshooting. I'm coming at the solution from a user perspective. I'm more concerned with the rule fine-tuning and rule-building part. That kind of troubleshooting will be done with the platform team, which specializes in that.
What's my experience with pricing, setup cost, and licensing?
Licensing is mostly dependent on the EPS, events per second. Depending upon the number of products that are integrated with the platform, we have to come to an optimal EPS value. I'm not very sure about the financials, however, the licensing cost cannot be as much as that for Sentinel, which is not very low. For customers who need medium EPS values, we advise QRadar.
The basic out the box cost covers, the EPS value that you have specified, and then some archiving maybe. It should include at least six months of archiving and other functionalities. Most of the customers will go for the standard package and we don't have to go for extra archival or enhanced DPS. 10% to 15% of DPS can always be increased. It will not completely shut down the system, however, it'll start sending us notifications that the DPS is getting increased and then we can go for a higher licensing.
What other advice do I have?
The version we use depends on when the customer is onboarded. Whenever recent onboarding takes place, we use the most up-to-date versions. However, there are customers that we have been facilitating for the past two or two and a half years and they might be using the previous versions. There are proper version upgrades that happen on a quarterly basis.
I'd rate the solution seven out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Cyber Security Services Operations Manager at a aerospace/defense firm with 501-1,000 employees
Provides a single window into your network, SIEM, network flows, and risk management of your assets
Pros and Cons
- "The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis."
- "I'd like them to improve the offense. When QRadar detects something, it creates what it calls offenses. So, it has a rudimentary ticketing system inside of it. This is the same interface that was there when I started using it 12 years ago. It just has not been improved. They do allow integration with IBM Resilient, but IBM Resilient is grotesquely expensive. The most effective integration that IBM offers today is with IBM Resilient, which is an instant response platform. It is a very good platform, but it is very expensive. They really should do something with the offense handling because it is very difficult to scale, and it has limitations. The maximum number of offenses that it can carry is 16K. After 16K, you have to flush your offenses out. So, it is all or nothing. You lose all your offenses up until that point in time, and you don't have any history within the offense list of older events. If you're dealing with multiple customers, this becomes problematic. That's why you need to use another product to do the actual ticketing. If you wanted the ticket existence, you would normally interface with ServiceNow, SolarWinds, or some other product like that."
What is our primary use case?
We're a customer, partner, or reseller. We use QRadar on our own internal SOC. We are also a reseller of QRadar for some of the projects. So, we sell QRadar to customers, and we're also a partner because we have different models. We roll the product out to a customer as part of our service where we own it, but the customer is paying. We also do a full deployment that a customer owns. So, we are actually fulfilling all three roles.
What is most valuable?
The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis.
What needs improvement?
In terms of the GUI, they need to improve the consistency. It has been written by different teams at different times. So, when you go around the interface, you'll find a lot of inconsistencies in terms of the way it works.
I'd like them to improve the offense. When QRadar detects something, it creates what it calls offenses. So, it has a rudimentary ticketing system inside of it. This is the same interface that was there when I started using it 12 years ago. It just has not been improved. They do allow integration with IBM Resilient, but IBM Resilient is grotesquely expensive. The most effective integration that IBM offers today is with IBM Resilient, which is an instant response platform. It is a very good platform, but it is very expensive. They really should do something with the offense handling because it is very difficult to scale, and it has limitations. The maximum number of offenses that it can carry is 16K. After 16K, you have to flush your offenses out. So, it is all or nothing. You lose all your offenses up until that point in time, and you don't have any history within the offense list of older events. If you're dealing with multiple customers, this becomes problematic. That's why you need to use another product to do the actual ticketing. If you wanted the ticket existence, you would normally interface with ServiceNow, SolarWinds, or some other product like that.
Their support should also be improved. Their support is very slow, and it is very difficult to find knowledgeable people within IBM.
Its price and licensing should be improved. It is overly expensive and overly complex in terms of licensing.
For how long have I used the solution?
I have been using this solution for 12 years.
How are customer service and technical support?
Their support is very slow. it is very difficult to find knowledgeable people within IBM. I'm an expert in the use of QRadar, and I know the technical insights of QRadar very well, but it is sometimes very painful to deal with IBM's support and actually get them to do something. Their support is very difficult to work with for some customers.
Which solution did I use previously and why did I switch?
I work with Prelude, which is by a French company. It is a basic beginner's SIEM. If you never had a SIEM before and you wanted to experiment, this is where you would start, but it is probably that you would leave very quickly. I've also worked with ArcSight and Splunk.
My recommendation would depend upon your technical appetite or your technical capability. QRadar is essentially a Linux-based Red Hat appliance. Unfortunately, you still need some Linux knowledge to work with this effectively. Not everything is through the GUI.
Comparing it with Splunk, in terms of licensing, IBM's model is simpler than Splunk's model. Splunk has two models. One is volume metrics, so you pay for the number of bytes that are transmitted daily. The other one is based upon the number of events per second, which they introduced relatively recently. Splunk can be more expensive than QRadar when you start to get into adding what they call indexes. So, basically, you create specific indexes to hold, for instance, logs related to Cisco. This is implicit within QRadar, and it is designed that way, but within Splunk, if you want to get that performance and you have large volumes of logs, you need to create indexes. This is where the cost of Splunk can escalate.
How was the initial setup?
Installing QRadar is very simple. You insert a DVD, boot the system, and it runs the installation after asking you a few questions. It runs pretty much automatically, and then you're up and going. From an installation point of view, it is very easy.
The only thing that you have to get right before you do the installation is your architecture because it has event collectors, event processes, flow collectors, flow processes, and a number of other components. You need to understand where they should be placed. If you want more storage, then you need to place data nodes on the ends of the processes. All this is something that you need to have in mind when you design and deploy.
What's my experience with pricing, setup cost, and licensing?
It is overly expensive and overly complex in terms of licensing. They have many different appliances, which makes it extremely difficult to choose the technology. It is very difficult to choose the technology or QRadar components that you should be deploying.
They have improved some of it in the last few years. They have made it slightly easy with the fact that you can now buy virtual versions of all the appliances, which is good, but it is still very fragmented. For instance, on some of the smaller appliances, there is no upgrade path. So, if you exceed the capacity of the appliance, you have to buy a bigger appliance, which is not helpful because it is quite a major cost. If you want to add more disks to the system, they'll say that you can't. If they ship a disk with 2 terabytes that the older appliances have, and you say to them that you can commercially get 10 terabyte disks, they will say this is not possible, even though there is no technical reason why it cannot be done. So, they're not very flexible from that point of view. For IBM, it is good because you basically have to buy new appliances, but from a customer's point of view, it is a very expensive investment.
What other advice do I have?
Make sure that you have the buy-in from different teams in the company because you will need help from the network teams. You will potentially need help from IT.
You need to have a strategy of how you onboard logs into SIEM. Do you take a risk-based approach or do you onboard everything? You should take the time to understand the architecture and the implications of design choices. For instance, QRadar Components communicate with each other using SSH tunnels. The normal practice in security is that if I put a device in a DMZ, then communication between the device on the normal network, which is a higher security zone, and the DMZ, which is a lower security zone, will be initiated from the high-security zone. You would not expect the device in the DMZ to initiate communication back into the normal network. In the case of QRadar, if you put your processes in the DMZ, then it has to communicate with the console, which means that you have to allow the processor to communicate. This has consequences. If you have remote sites or you plan to use cloud-based processes, collectors, etc, and have an internal console, the same communication channels have to exist. So, it requires some careful planning. That's the main thing.
I would rate QRadar an eight out of 10 as compared to other products.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Relationship Manager at a financial services firm with 5,001-10,000 employees
Reasonably priced with good technical support and offers great performance
Pros and Cons
- "We've found the technical support to be very good."
- "The product needs to improve its GUI."
What is most valuable?
The price is very good. It's quite reasonable.
The solution's performance is excellent. The stability is excellent.
We've found the technical support to be very good.
The pricing is very good.
What needs improvement?
The product needs to improve its GUI. The dashboard which they facilitate needs to be modernized. They could make it a lot better and a lot easier to navigate.
For how long have I used the solution?
I've been using the solution for approximately two years or so.
What do I think about the stability of the solution?
The stability of the product has been great. It's from 80% to 90% is stable. There are very few bugs or glitches. It doesn't crash or freeze. If you do run into issues, technical support is quite helpful.
What do I think about the scalability of the solution?
The product works well for small or medium-sized enterprises.
How are customer service and technical support?
The technical support has been great so far. If you run into any kind of issue, their support is available. They are very helpful and extremely responsive. We're quite satisfied with their level of service. I'd give them a rating of 90% to 95%.
What's my experience with pricing, setup cost, and licensing?
The pricing of the solution is quite reasonable.
What other advice do I have?
We're a customer and an end-user. We don't have a direct business relationship with IBM.
Overall, I would rate the solution at a nine out of ten. We've been extremely satisfied with the product so far.
I'd recommend the solution, however, depends upon a company's budget and requirements. For small and medium enterprises, QRadar is the best solution, due to its price and performance.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Analyst at Allegiance Air
The UI is the most valuable feature, and the product is stable.
What is most valuable?
The most valuable feature of this product is the nice UI. It is easy and quick to get the information you're looking for.
How has it helped my organization?
The benefits are that it's easy to navigate the UI and to get the information as quickly as possible. We're able to resolve problems quicker, so that we get to the solution in an easier manner.
What needs improvement?
It would probably be better to get more access to the APIs.
What do I think about the stability of the solution?
The product is very stable. I don't have any issues with stability at all.
What do I think about the scalability of the solution?
Scalability is nice, as well. We have a distributed environment and it's real easy to both manage and upgrade. Anything we need to do, we can do it from the console.
How are customer service and technical support?
On a scale of 1-10, probably seven; I would rate the technical support team a 7/10.
Which solution did I use previously and why did I switch?
We were previously using a different solution that just wasn't getting the job done. It was taking too long to get where we needed to get to.
How was the initial setup?
The setup was very straightforward. The special services team gave us insight and helped out to resolve any issues.
Which other solutions did I evaluate?
QRadar was at the top our list. We also looked at other solutions such as HPE ArcSight and Splunk. The reason we went with QRadar is because we could bring it on-prem, which made it nice, and we also use other IBM products as well.
In general, when selecting a vendor, support is probably going to be the number one criteria. Then, the second criteria is the availability of the product; the product is not very good if it's not available, it's broken, etc.
What other advice do I have?
Make sure you try them all and then, pick the one that you think would work the best. It's nice to value other people's opinions, but it's better to test all the products and choose what you think would be best, for whatever your need is.
It's very easy and initiative. It's just a good overall solution, compared to the other ones I've used.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Solutions Product Manager at a computer software company with 11-50 employees
It is very easy to install and configure, but after restarting the server, you need to manually start some of the services
Pros and Cons
- "What I like the most about it is that you can very easily install and configure it. As compared to other SIEM solutions, for which you need to know and do a lot more to prepare your SIEM environment, QRadar is much simpler to install and configure. There are various options in the Admin console. In the Admin tab, you can design dashboards and view various graphs. It has a lot of attractive features, and you don't need to configure everything on your own."
- "I have noticed a few things while working on this. After the restart of the server, sometimes, the services misbehave, and you need to manually start or restart the service. I have seen that specifically with the Tomcat service. Sometimes, when you click on log sources, instead of opening the log source extension, it redirects you over the internet."
What is our primary use case?
I am a Product Manager. I am managing the inventory and the logs. For R&D purposes, we downloaded various SIEM solutions from the internet to analyze their performance, and QRadar was one of them. I downloaded the Community Edition of QRadar to check its capabilities and see how to integrate various log sources in our network. It is in my lab, and I have tested it with a few hardware devices and a few computers and servers.
What is most valuable?
What I like the most about it is that you can very easily install and configure it. As compared to other SIEM solutions, for which you need to know and do a lot more to prepare your SIEM environment, QRadar is much simpler to install and configure. There are various options in the Admin console. In the Admin tab, you can design dashboards and view various graphs. It has a lot of attractive features, and you don't need to configure everything on your own.
What needs improvement?
I have noticed a few things while working on this. After the restart of the server, sometimes, the services misbehave, and you need to manually start or restart the service. I have seen that specifically with the Tomcat service.
Sometimes, when you click on log sources, instead of opening the log source extension, it redirects you over the internet.
There are two types of dashboards in QRadar. One is the conventional or old one, and the other one is Pulse. The Pulse dashboard is better, but we would like to have more options in the dashboard.
Additionally, if possible, there should be a single product for SIEM and SOAR. Instead of having QRadar and Resilient separately, there should be a combined solution to benefit from both. Furthermore, there should be a built-in mechanism to configure it in the cluster mode and high availability mode.
For how long have I used the solution?
I tested this product in the last two, three months. It is not implemented in our company.
How was the initial setup?
Its installation is very simple. You can install it and configure it very easily.
Which other solutions did I evaluate?
We are looking at implementing a SIEM solution, and currently, we're comparing various commercial and open-source SIEM solutions. We have tested Wazuh, which is an open-source SIEM solution, but we have not finalized anything.
What other advice do I have?
I would rate it a seven out of 10. It is good, but when a product doesn't behave in a good manner, it creates confusion. Its behavior isn't consistent.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cyber Security Consultant at raf
Good monitoring functionality that helps us to identify threats, but dealing with support is a struggle
Pros and Cons
- "We can easily monitor many things using this tool."
- "They need to improve their threat intelligence feed and they need to improve their user behavior analytics modules."
What is our primary use case?
QRadar is our SIEM solution. Our use cases include authentication between logins, database security, monitoring, and user behavior analytics.
How has it helped my organization?
QRadar is helping us to identify ongoing, day-to-day threats. We use it to analyze the risk in our environment, including user behaviors. We can easily monitor many things using this tool.
What is most valuable?
All of the features offered by this product are useful for analysis. Essentially, everything that it offers is critical and we use it.
What needs improvement?
Several things need to be improved.
We have been struggling with the QRadar support team for quite a long time. There are things that they can reproduce in their lab environment and can fix, yet we struggled with them trying to get this done. These issues included things like custom logs. There are many things that they need to improve upon.
This product should support multiple log sources.
They need to improve their threat intelligence feed and they need to improve their user behavior analytics modules.
The risk manager module needs to be improved.
It's not a very user-friendly interface.
For how long have I used the solution?
I have been working with IBM QRadar for seven years.
What do I think about the stability of the solution?
IBM QRadar is quite stable.
What do I think about the scalability of the solution?
We have approximately 50 users and we keep expanding its usage. It is growing on the infrastructure level, as well as the EPS level.
Three or four administrators are all that is required for the maintenance.
I recommend this product for large enterprises.
How are customer service and support?
We have had a lot of trouble with technical support. As of late, they take too long to respond to our issues. For 99% of our issues, they take too long to respond. It's not instant.
Which solution did I use previously and why did I switch?
I do not have any experience with other SIEM solutions. QRadar is the first one for me.
How was the initial setup?
The initial setup is complex because it is not managed properly.
Our implementation strategy is based on it being a distributed environment.
What about the implementation team?
We completed the implementation and deployment ourselves.
Which other solutions did I evaluate?
We did not evaluate other options prior to selecting QRadar.
What other advice do I have?
This is a good product for large enterprises. Smaller companies should implement an open-source solution but for a large enterprise, QRadar is a good product.
I would rate this solution a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Security Information and Event Management (SIEM) Log Management User Entity Behavior Analytics (UEBA) Endpoint Detection and Response (EDR) Security Orchestration Automation and Response (SOAR) Managed Detection and Response (MDR) Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
Splunk Enterprise Security
Elastic Security
LogRhythm SIEM
Sumo Logic Security
Rapid7 InsightIDR
Fortinet FortiSIEM
AlienVault OSSIM
Cortex XSIAM
Securonix Next-Gen SIEM
Buyer's Guide
Download our free IBM Security QRadar Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What SOC product do you recommend?
- Has anyone got experience in deployment of a SIEM solution?
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- What is your opinion of IBM QRadar?
- What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
- Why do most companies prefer IBM QRadar?
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?