IBM Security QRadar Reviews

Normally, an offense comes in and an offense is something negative, it triggers when certain events don't comply with the rules, to put it plainly, it is something that will have impacted your environment very negatively. Once it comes through, you can then see from the QRadar log sources, who or what triggered the offense.

For example, if an IP is browsing somewhere where it shouldn't be browsing. Let's say that one of your log sources reported it back to QRadar. You can see if the IP that browsed on certain websites where it shouldn't be browsing. When you right-click and go to the threat protection network, that will normally show you who is browsing, where that IP is coming from, what type of website it is browsing, and if it is good or bad. If it's bad, it will give you recommendations on how to resolve the issue.

The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why.

I would like to see a more user-friendly product. I would like them to make it more user-friendly. At this stage, you need to use a lot of regular expressions to do your searches.

In the first year I used it, there were a few stability problems. In the previous three years, there haven’t been any major stability issues.

I've seen no scalability issues in any of the environments where I am working at the moment. I've seen how it handles a lot of load. I'm talking about a 5,000-user environment. It can handle a lot of logs and events coming through simultaneously.

If you spec it properly, with the proper hardware requirements, then it doesn’t crash. I've seen how people give it way less specs than it should have, then it does crash. But that was the fault on the users’ side, and not the fault of the product.

I would give technical support a rating of an eight out of 10. When they help you with a call for a problem with the product, which I've had twice, the next day, they roll out an update worldwide for all their products to be patched on that problem.

They lose too much time, in my opinion. Normally, you struggle a bit to get a hold of them and get to the correct person to assist you. Even though this isn't a very big delay, it usually takes about an hour. However, in my company, an hour can make a very big difference in my life. For example, it will take me about an hour to an hour and a half to get support from them. I'm a person who loves to get it done now. So if you don't mind waiting about an hour, then it can be very good support. When you log a call with IBM, it takes them about an hour to start working on the problem.

The setup was very straightforward. It's basically, "next, next, type in machine details and next”, then you are finished.

IBM's Qradar is not for small companie. Unfortunately, it would be 'overkill' to place it plainly. The pricing would be too much.

I wasn't completely part of the whole process when they chose a product. I know they evaluated AlienVault, which unfortunately, I do not have any experience with, neither was I part of the whole processes. I'm not able to provide pointers as to why the company chose IBM QRadar. I believe it's because we are a partner with them.

Just spec it correctly and it will do its job for you. It has an active community. IBM patches the product regularly when problems are picked up. I haven’t heard about a lot of problems from other people using the product.

The most valuable feature is the co-ordination of the data it has, such as getting all sorts of log files from different viewpoints and putting it together in one place, so that the incident responders can get all the data they need to see the bigger picture.

We get more insights into the company's assets and vulnerabilities.

It is hard to tell which areas have room from improvement because we always think of new features and inform them to IBM, which they include in the next patch.

We recently went to an IBM conference to look into the Watson feature and see what they could do for us.

I would like to see better support. Their support is good, but I would say, they could do better.

For us, it's kind of wonky because we always try to be bleeding edge and always try to do updates. So, we're always pushing the system to its limit. It's pretty stable, but we always have open issues with it, with IBM.

The scaling was done pretty well with IBM and the architecture teams. I think our system has scaled appropriately.

The technical support really depends on who you get, at the time you call. There are good guys and bad guys. I can't really say. On a scale of 1 to 5, I would give them a 4/5 rating from our experience. We have a pretty good relationship with them.

When I started out, this product was already bought and implemented by my company.

The setup was a mixture of both, i.e., simple and complex.

It was complex because I had never dealt with it before. I had never set up a system like that. At the end, it got better.

You should totally go for it. I've seen a couple systems out there, but I think IBM QRadar is one of the better solutions available.

Professionalism and to always be there when I call are the most important criteria when selecting a vendor. With IBM it's pretty good. We have our sales guy, who is always on top of everything.

Our primary use case for the solution is providing visibility for what occurs in our security system and IT assets. So all our event logs and information from a setting and criticality level go there. Additionally, there's AI used to trigger alerts when things are going bad, and then we can action them.

We find predictive analysis capabilities valuable.

The solution should include remote action capabilities.

We have been using the solution for approximately three years.

The solution is stable.

The solution is scalable. Over 1,000 people in our organization use the solution.

The initial setup is moderate, and it is neither easy nor difficult. However, it took approximately one week to complete the implementation.

We implemented it through a vendor team.

We chose this solution because it was provided to us through software as a service.

I rate the solution an eight out of ten. The solution is good but can be improved with enhanced remote control ability. I recommend the solution to new users considering it.

We are mainly using predefined rules on IBM QRadar User Behavior Analytics

When we started using IBM QRadar User Behavior Analytics's add-on or extension, we received more than 17 new use cases. Our organization has benefited from using IBM QRadar User Behavior Analytics.

IBM QRadar User Behavior Analytics's most important feature is its ease of use. 

IBM QRadar User Behavior Analytics could improve machine learning use cases because they are limited and most of the use cases are rule-based. They should develop more use cases, such as in Securonix or Exabeam because they will detect a threat. Using machine learning is mainly on the correlation rules, but if you think about Exabeam or Securonix, they detect using machine learning or machine learning-based algorithms.

Using the interface of IBM QRadar User Behavior Analytics is the same for years, they should redesign the interface to make it more modern. Some historical queries take a long time, they should improve or change their database. There are some missing operators on the correlation side. For example, some before operated.

I have been using IBM QRadar User Behavior Analytics for approximately three years.

IBM QRadar User Behavior Analytics is stable most of the time. However, it works on the client-side which requires a lot of system resources, such as RAM. In some cases, if the work is high, the stability deteriorates, but mainly it is stable.

The scalability of IBM QRadar User Behavior Analytics is good. 

We have two people using this solution. We do not have plans to increase usage.

We use a consultancy company for support and are not directly connected to IBM support.

The deployment of IBM QRadar User Behavior Analytics is very easy when compared to other machine learning solutions. The full deployment took approximately three weeks with less than 5,000 EPAs.

We used a consultant that help us deploy and do maintenance for IBM QRadar User Behavior Analytics.

I rate the return on investment of IBM QRadar User Behavior Analytics a four out of five.

IBM QRadar User Behavior Analytics is an application framework and you can install many applications without any additional costs.

I rate the price of IBM QRadar User Behavior Analytics a four out of five.

IBM QRadar User Behavior Analytics is a good solution. If there is a big enough budget they might be able to afford the solution since it is expensive. If the conditions are okay, then they should select the solution.

I rate IBM QRadar User Behavior Analytics a six out of ten.

The solution is primarily used for threat detection and response. QRadar can be integrated with other services from IBM such as Watson, among others. The main need is for threat detection, incident response, and dealing with threats or hunting threats. 

What else? I mean, it's always you're looking for threats. Usually, whoever buys this SIM solution or buys QRadar, for example, is looking for hidden threats and they get the logs to see what's happening within their system. They want a solution that looks very deep inside in order to correlate those logs and see if there's any information that they can get out of those logs or even live packets that are spanning through their networks. Therefore, it's usually threat hunting. That's the main thing, Others might use it to understand the system, and how it's performing overall.  However, that's the lesser use case.

Inside IBM QRadar there are a lot of engines that actually work to help us to do the correlation and normalization as well for the logs that we're receiving from multiple devices. IBM is very powerful in that regard. 

QRadar, as a solution, can integrate with a lot of other applications. You can write your own custom rules if you want to. We can ask it to detect whatever we want it to, even with the devices that are not supported to send logs. IBM QRadar can understand these types of commands and we can still integrate and write our own rules to help us to detect those logs that are coming from, for example, IoT devices or from other devices that usually we don't understand.

It can handle really a huge number of logs with fewer false positives. We can use the artificial intelligence and the rules that IBM is providing to make it really smart. The solution can help you predict even the false positives when we are alerting the admin or the security admin about some offenses that we have seen from the logs.

Their product is very user-friendly.

Customer service is very good and very helpful.

The initial setup is quite straightforward.

The solution can scale.

The solution is very stable.

As per Gartner, maybe the price makes it so that the customers are not going for IBM QRadar. It's a little bit pricey compared to other solutions in the market. More or less that's the area that needs to be improved. That's usually the main concern that we receive from the customers - that it's a little bit pricey. That's the only thing I can say.

The custom rules could be simplified more or it should be possible to use a different language, other than the ones that the solution is already using. They should add other languages into the mix. You need some advanced customers in order to use the custom rules or to use their rules in order to configure the IBM QRadar in a proper way. Usually, they find it very difficult, especially if they don't have the experience.

Sometimes it works and catches whatever we want, however, sometimes it doesn't work. That's in rare cases, however, that's one thing that they need to maybe enhance.

I've been working with the solution for three years or so.

For stability, I'm not a customer who's using it on daily basis, however, from feedback that I'm getting from the customers who are attending to the solution, I've heard that this solution is stable. That's why it's in the leader area in Gartner. If you compare it to others in Gartner, it shows how their product is actually efficient. Whether I get QRadar, whether it's Splunk, whether it's LogRhythm, all of those products as a SIM are very good at that point. They're all quite reliable.

The scalability is very good. The product is scalable. A company shouldn't have trouble expanding it if they need to.

We typically work with banks and bigger organizations.

Technical support has been very good. They are helpful and responsive.

I've also learned a lot from the documentation, especially the online documentation. Due to the fact that I'm an official instructor for IBM, I have my other resources too, on the Learning Center from IBM. Documentation is not a problem. It's very helpful.

The initial setup is very straightforward. It's not overly complex. It's quite easy.

The deployment takes time, definitely. You've got to prepare for your solution so that it's going to work in spanning all the other devices too. That doesn't mean it's a complex process, it just means it takes a bit.

IBM QRadar is pricey, and therefore, usually small enterprises are not able to afford it. Usually, probably most of the customers are usually large enterprises.

I'm actually teaching IBM and some services such as IBM QRadar, as part of my work. I'm familiar with Splunk, however, I'm not working with it on a daily basis. I'm teaching that technology to others. I'm not a customer. I'm using it for teaching purposes. I'm working in a training center. I'm not dealing with it on a daily basis, however, I understand how the product works. We do sometimes help integrate it and work as consultants occasionally as well.

While 7.4 is out, we're currently working with version 7.3.

Overall, I would rate the product at an eight out of ten. There's more to be done on it, however, we are mostly pleased with its capabilities.

The primary use case of this solution is for monitoring an enterprise data center, globally for 12,000 devices.

It has improved the way that the organization functions.

The most valuable feature is the searching capability and real-time operational use.

Some of the cloud apps need improvement.

In the next release, I would like to see improving the stability of some of the add-on applications.

I have been using IBM QRadar for two years.

We are using the current version.

Stability is moderate.

We have 15 people using this solution in our organization. Their positions vary from Network Engineers, Security Engineers, and Security Analysts.

It's very scalable.

Technical support is good.

I would rate them a nine out of ten. Their response time is good.

Previously, I did not use another solution.

The initial setup is complex. It's just the nature of the CM tool.

I think that the price is fair, but we can always say that the price could be cheaper.

Like any complex enterprise CM tool, you have to have a strong support organization. People who are good at understanding Linux operating systems. You also need a strong technical support team in-house.

I would rate this solution an eight out of ten.

Maybe the best way it helped our organization is that QRadar is well prepared for PoCs. When you are doing PoCs, you just install the solution and you can show it to the customer.

It has great benefits because we don't spend a lot of time to set it up. There are a lot of features that are there out-of-the-box. It's great to do a PoC with customers and to reduce the money spent on the implementations.

The most valuable features are all the implementations, the plug-ins, and the User Behavior Analytics (UBA). All that stuff is really cool.

We are using the solution a lot on the customer side. We like the strength of the platform, basically. I know there is no other product like QRadar.

We thought about what was missing and it was the analysis of the user behavior. However, with the User Behavior Analytics (UBA), it's much less complicated.

I recently attended a conference presentation on machine learning, and it is a great plug-in to UBA. It will help us a lot because a lot of customers want to analyze their user behavior patterns.

Maybe there should be more custom rules in the exchange. Basically, we are using a lot of threat rules, so maybe they'll develop something like that. It will be better.

I would like to see improvement in the technical support. Sometimes, when we do patching or something like that, it creates some problems. Maybe they could test the patches and the OEM product better.

The stability is not bad. We had some problems with patching, but there are problems with all software.

We had the problem when we patched from Version 7.2 to Version 7.2.8. There were some problems with the authentication tokens. It didn’t go so well, but we solved it with the help of technical support and it was very quick. I think that's cool.

Sometimes, we have a problem with support. We are also using QVM (IBM Security QRadar Vulnerability Manager) and I think it is a little bit buggy for now. We have a lot of problems with it. It should be better.

In terms of scalability, there is no doubt about it: It is perfect.

The quality of technical support depends on the agent. Sometimes, it's hard to get the person who you need. Sometimes, it's better to create a ticket when the USA is working because I think they can help you better.

We had McAfee, but we are ending our use of it. There are only some small implementations that are running with it. We are no longer developing with it. I think in the future, we will switch to QRadar. This is because we don't want to have two separate platforms.

RSA enVision was being used with one of our banking customers. However, we transferred to QRadar last year.

We implemented the solution from the scratch with our customers. We have a lot of implementations that they can check.

The setup was very complex. We have integration with a customer service desk and a lot of customization. It's the best thing that we can create our own app and adapt it to QRadar.

We attended the IBM master class to help us with an SDK to develop our own apps. Some of our customers are banks and they have a lot of things to do. Sometimes the features they need are not in QRadar, so we have to customize the solution a little bit for them.

We have a security department in the Czech Republic. We are basically only implementing IBM security products.

Definitely try it. Do a PoC with a customer. You can get the value for the customer quickly. It's great.

We are using it for monitoring different systems, and we are monitoring the logs with QRadar. This is one of the good tools which we have identified, and we are using it for monitoring the application.

Any issues regarding monitoring, if we feel that there is anything going on in the application, QRadar collects the logs, we monitor those logs, and we get alerts for those logs.

Reporting should be very good, and a proper integration with cloud, not only the IBM cloud, but with other clouds also.

The stability is good. I never got a complaint, but sometimes we have difficulty in configuring new applications. Since it is going into the cloud, we have a big challenge how we are going to monitor those applications which are sitting in Bluemix.

The scalability is good. We have been using and increasing the applications most of the time.

I think my team has used technical support. They are responsive, I can say it is 8-9/10.

We were using a different solution, and we moved to QRadar. It has some more benefits than our previous solution. We have totally transferred to QRadar now.

I was not involved in the initial setup.

We have evaluated only the large vendors. As we have a long-standing relationship with IBM, that's why we moved to QRadar. I don't know which other vendors were on the shortlist for evaluation.

If you have the budget, go for QRadar. It depends on the company size. It's expensive.