IBM Security QRadar Reviews

We use the solution for a variety of tasks. We use it, for example, for authentication, network-related authentication, user-related tasks, and Windows UNIX servers. It's a lot. There's a ton of use cases. I really can't sync right now about every single use case, however, the main things are authentication and network-related systems and all flavors of UNIX Windows. 

It helped our organization in the sense that having it was better than nothing. However, I did not enjoy the product overall and I advised we switch to something else.

The user behavior analytics as part of our deployment was okay, even though it was clunky.

The solution can scale.

I really didn't like QRadar to be honest. I inherited it. I was part of the reason that we moved over to LogRhythm. The solution just isn't user friendly.

The solution is clunky. 

The interface could be much better.

The integration capabilities within the product are not that great.

I've been using the solution for about two years at this point. My team has been using it for two to three years, so we have a total of about five years of experience in all.

I wouldn't describe the solution as stable. 

It was really buggy. Like other app integrations, it wasn't straightforward. It was pretty clunky. We tried to integrate Qualys with it and it wasn't effective. To integrate anything took quite a bit of time and energy. It wasn't easy. When it did, it didn't work properly. It wasn't really pulling in the data correctly.

Scalability was hard as it was on-prem. We needed to add more modules, and had to add more of the servers to stack it. It wasn't that a simple task at all. I wouldn't say that it scales well, although technically, you can scale it.

When we were using the solution, we had ten to 15 users on it. They were anyone from Information Security Engineers to regular IT admins.

Technical support was awful. We often didn't even have any assistance available to us. On a scale from one to ten, I'd rate them at a three. We were very unsatisfied with the level of support we received. They just simply weren't helpful when it came down to it.

The organization didn't previously use a different solution before choosing QRadar.

We actually switched to LogRhythm as I didn't like how the solution was working for the organization.

I didn't handle the initial setup. It was handled before I arrived at the organization.

I'm not sure of which version of the solution we're using.

I wouldn't recommend the solution. I'd probably tell others to shy away and look at other products like possibly Splunk, however, it's a pricey option. LogRhythm is pretty good. We're having some issues with it. That said, for the most part, it's okay. 

Exabeam also seems like it might be a good option. I haven't worked with it personally, however, I've had some experience with a POC.

Overall, I would rate the solution at a three out of ten. We didn't have a good experience with it. If it offered, for example, easier behavior analytics, easier integrations, better interface, supported model integration, and a good user interface to perform analysis I might rate it higher. Basically, it just needs to be much more user-friendly.

This is a security monitoring product and the primary use case is to detect strange behavior by users. For example, if we have a user that has not used the service for a long time and then all of a sudden, somebody logs in one night. This is not normal and the system will detect it. This is just one example of many use cases.

Integration is very easy and the reporting is good.

This is a good product, although it does require some fine-tuning.

The dashboard is pathetic and it takes a long time to perform a search.

The graphics need to be improved.

Providing good support is something that they need to work on.

It would be helpful if IBM published more use cases.

We have been using QRadar UBA since 2016.

The issue that I have with technical support is related to their large pool of resources. If you are lucky then you get good support, but sometimes you get pathetic support. Suppose you open a ticket, there are times where it will be very good, but the quality is intermittent.

I have experience working with Splunk and I find that the searching capabilities are better with it. Also, the processing time in Splunk is better. With QRadar UBA, when you have three, four, or five rules together, it takes more time to respond.

The complexity and length of time required for the initial setup depend on the requirements. There are some out-of-the-box features that can be implemented right away, but some equipment is not supported directly, so you need to write a DSM (device support module).

Implementing a DSM takes some time, although it will depend on the log source. If the log source is fully compatible then it will be very quick. However, if it is not compatible then you will need to do some scripting and other work.

The price of this product is high.

QRadar is not perfect. It's a good security monitoring product that can provide threat intelligence, but it cannot do it alone. You need to integrate with many other things, such as IBM Orchestrator. Also, you need to have X-Force. After these kinds of things are integrated, it works a little bit better.

I would rate this solution a six out of ten.

The primary use case for us is the plug and play implementation and it is pretty easy to set it up, and scale up the SIEM. It has a kind of a functionality to it. 

It is really helpful to us from the compliance point of view. Whenever we had an external lawyer come in, he used to ask us for the data retention and log retention. So, QRadar could put out reports that could audit for us within the log collections. It was very helpful for us to meet compliance requirements.

In addition, it is a helpful solution for forensic analysis. It will easily perform Google type searches and get the logs searched easily. This is really helpful for us, and gives us a quicker investigation.

The most valuable feature is that it is a one stop solution for many things. It is a manager for vulnerability, functionality, packet filtering, packet analysis and log analysis.

They have introduced a lot of different suite of products and functionalities and that sometimes leads to confusion among the customers. There are a lot of options to provided and then I need to decide, what is my requirement, and what is my desire. I may be tempted to have a particular feature, but I have to decide whether it is relevant or not.

The stability is very good. There is not a single point lacking in terms of stability. And, I have never faced technical issues.

The scalability is good, especially with the introduction of data nodes. As of now, it is not a problem.

The tech support is not that good. They often rely on their learned knowledge base, instead of getting their hands dirty upon the actual case issues. They just think of the traditional approach of "OK, try this, or that." Obviously, we already know which steps to follow, we need for them to come up with some out-of-the-box solutions. This delays the process of finding a solution to the problem. Unfortunately, this happens a lot.

I previously used Splunk. And, we considered Sumo Logic, which has a similar kind of functionality. But, they are still in a very premature stage in terms of the product development.

The initial setup was straightforward. It was not complex or difficult. It is not complicated.

The cost of this product is expensive.

If you are a medium to large size enterprise, you can surely consider IBM as one of the major contenders for your selection. If you are a small enterprise, QRadar may be too much for you, it may be too complex.

When deciding on a solution, we always consider:

• Cost-benefit
• Shelf-life of the solution
• Security of the solution

Normally, an offense comes in and an offense is something negative, it triggers when certain events don't comply with the rules, to put it plainly, it is something that will have impacted your environment very negatively. Once it comes through, you can then see from the QRadar log sources, who or what triggered the offense.

For example, if an IP is browsing somewhere where it shouldn't be browsing. Let's say that one of your log sources reported it back to QRadar. You can see if the IP that browsed on certain websites where it shouldn't be browsing. When you right-click and go to the threat protection network, that will normally show you who is browsing, where that IP is coming from, what type of website it is browsing, and if it is good or bad. If it's bad, it will give you recommendations on how to resolve the issue.

The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why.

I would like to see a more user-friendly product. I would like them to make it more user-friendly. At this stage, you need to use a lot of regular expressions to do your searches.

In the first year I used it, there were a few stability problems. In the previous three years, there haven’t been any major stability issues.

I've seen no scalability issues in any of the environments where I am working at the moment. I've seen how it handles a lot of load. I'm talking about a 5,000-user environment. It can handle a lot of logs and events coming through simultaneously.

If you spec it properly, with the proper hardware requirements, then it doesn’t crash. I've seen how people give it way less specs than it should have, then it does crash. But that was the fault on the users’ side, and not the fault of the product.

I would give technical support a rating of an eight out of 10. When they help you with a call for a problem with the product, which I've had twice, the next day, they roll out an update worldwide for all their products to be patched on that problem.

They lose too much time, in my opinion. Normally, you struggle a bit to get a hold of them and get to the correct person to assist you. Even though this isn't a very big delay, it usually takes about an hour. However, in my company, an hour can make a very big difference in my life. For example, it will take me about an hour to an hour and a half to get support from them. I'm a person who loves to get it done now. So if you don't mind waiting about an hour, then it can be very good support. When you log a call with IBM, it takes them about an hour to start working on the problem.

The setup was very straightforward. It's basically, "next, next, type in machine details and next”, then you are finished.

IBM's Qradar is not for small companie. Unfortunately, it would be 'overkill' to place it plainly. The pricing would be too much.

I wasn't completely part of the whole process when they chose a product. I know they evaluated AlienVault, which unfortunately, I do not have any experience with, neither was I part of the whole processes. I'm not able to provide pointers as to why the company chose IBM QRadar. I believe it's because we are a partner with them.

Just spec it correctly and it will do its job for you. It has an active community. IBM patches the product regularly when problems are picked up. I haven’t heard about a lot of problems from other people using the product.

The most valuable feature is the co-ordination of the data it has, such as getting all sorts of log files from different viewpoints and putting it together in one place, so that the incident responders can get all the data they need to see the bigger picture.

We get more insights into the company's assets and vulnerabilities.

It is hard to tell which areas have room from improvement because we always think of new features and inform them to IBM, which they include in the next patch.

We recently went to an IBM conference to look into the Watson feature and see what they could do for us.

I would like to see better support. Their support is good, but I would say, they could do better.

For us, it's kind of wonky because we always try to be bleeding edge and always try to do updates. So, we're always pushing the system to its limit. It's pretty stable, but we always have open issues with it, with IBM.

The scaling was done pretty well with IBM and the architecture teams. I think our system has scaled appropriately.

The technical support really depends on who you get, at the time you call. There are good guys and bad guys. I can't really say. On a scale of 1 to 5, I would give them a 4/5 rating from our experience. We have a pretty good relationship with them.

When I started out, this product was already bought and implemented by my company.

The setup was a mixture of both, i.e., simple and complex.

It was complex because I had never dealt with it before. I had never set up a system like that. At the end, it got better.

You should totally go for it. I've seen a couple systems out there, but I think IBM QRadar is one of the better solutions available.

Professionalism and to always be there when I call are the most important criteria when selecting a vendor. With IBM it's pretty good. We have our sales guy, who is always on top of everything.

My use case for IBM QRadar User Behavior Analytics is to consolidate all the logs and events from a different tool so that I can see the alerts from that other tool on the dashboard.

My company connects the Windows event logs to the Xfinity router deployed on the main server, but I have to make some configurations to detect activities.

My team is working on reinforcing IBM QRadar User Behavior Analytics features since the solution has not been used for a while because there's a new generation of engineers in my company. My team has to reconfigure almost every screen, including IBM QRadar User Behavior Analytics.

What's most valuable in IBM QRadar User Behavior Analytics is its higher availability than other tools. It consolidates all alerts and detections from the other tools, but my team has to check each tool. As my company lacks the manpower to do that, my team has to do monitoring while working on making each function clear.

As a product, IBM QRadar User Behavior Analytics does everything mentioned on the datasheet for my company's version. Still, compatibility is a problem because my company needs to use an updated version of the tool. That version doesn't integrate with many new-generation tools, so this is an area for improvement.

You can scale IBM QRadar User Behavior Analytics, but it has room for improvement.

I've been using IBM QRadar User Behavior Analytics for years.

IBM QRadar User Behavior Analytics has been stable, and my team has made no significant changes since 2015. The team is working on utilizing it most efficiently.

The scalability of IBM QRadar User Behavior Analytics is a six out of ten.

My company doesn't get support from IBM because it's on a perpetual usage type of contract. My team can configure IBM QRadar User Behavior Analytics but cannot contact IBM for help.

When I used to get technical support for IBM QRadar User Behavior Analytics, I'd say it was a seven out of ten.

The version of IBM QRadar User Behavior Analytics, which my company uses, is a little outdated from 2013. That version doesn't have the log collection feature.

My rating for the version of IBM QRadar User Behavior Analytics I'm using is a seven overall.

Our primary use case for the solution is providing visibility for what occurs in our security system and IT assets. So all our event logs and information from a setting and criticality level go there. Additionally, there's AI used to trigger alerts when things are going bad, and then we can action them.

We find predictive analysis capabilities valuable.

The solution should include remote action capabilities.

We have been using the solution for approximately three years.

The solution is stable.

The solution is scalable. Over 1,000 people in our organization use the solution.

The initial setup is moderate, and it is neither easy nor difficult. However, it took approximately one week to complete the implementation.

We implemented it through a vendor team.

We chose this solution because it was provided to us through software as a service.

I rate the solution an eight out of ten. The solution is good but can be improved with enhanced remote control ability. I recommend the solution to new users considering it.

We are mainly using predefined rules on IBM QRadar User Behavior Analytics

When we started using IBM QRadar User Behavior Analytics's add-on or extension, we received more than 17 new use cases. Our organization has benefited from using IBM QRadar User Behavior Analytics.

IBM QRadar User Behavior Analytics's most important feature is its ease of use. 

IBM QRadar User Behavior Analytics could improve machine learning use cases because they are limited and most of the use cases are rule-based. They should develop more use cases, such as in Securonix or Exabeam because they will detect a threat. Using machine learning is mainly on the correlation rules, but if you think about Exabeam or Securonix, they detect using machine learning or machine learning-based algorithms.

Using the interface of IBM QRadar User Behavior Analytics is the same for years, they should redesign the interface to make it more modern. Some historical queries take a long time, they should improve or change their database. There are some missing operators on the correlation side. For example, some before operated.

I have been using IBM QRadar User Behavior Analytics for approximately three years.

IBM QRadar User Behavior Analytics is stable most of the time. However, it works on the client-side which requires a lot of system resources, such as RAM. In some cases, if the work is high, the stability deteriorates, but mainly it is stable.

The scalability of IBM QRadar User Behavior Analytics is good. 

We have two people using this solution. We do not have plans to increase usage.

We use a consultancy company for support and are not directly connected to IBM support.

The deployment of IBM QRadar User Behavior Analytics is very easy when compared to other machine learning solutions. The full deployment took approximately three weeks with less than 5,000 EPAs.

We used a consultant that help us deploy and do maintenance for IBM QRadar User Behavior Analytics.

I rate the return on investment of IBM QRadar User Behavior Analytics a four out of five.

IBM QRadar User Behavior Analytics is an application framework and you can install many applications without any additional costs.

I rate the price of IBM QRadar User Behavior Analytics a four out of five.

IBM QRadar User Behavior Analytics is a good solution. If there is a big enough budget they might be able to afford the solution since it is expensive. If the conditions are okay, then they should select the solution.

I rate IBM QRadar User Behavior Analytics a six out of ten.