What is our primary use case?
We primarily use the solution for some compliance, including military compliance such as PCIDSL, ISO 27001, and ISO 27002, and then some other specifications around them. There are also some industries that need to analyze the log and events, and then build and create some rules to put forward.
What is most valuable?
The solution has very good Watson Analyzer integration. It's one of the key differentiators if you compare it to other solutions.
The solution offers very good BSM support. There's 400 BSM support out of the box. That's a huge advantage. with it, you are actually adding almost all the devices that are available in an IT environment.
This is a distributed application, meaning that a customer can stack small and then scale it so that they can expand pretty effectively. You can use, basically, the same product in an SMB or a large enterprise.
You can deploy the solution and leave it. It's very unfussy.
When it comes to deployment, it's very flexible.
What needs improvement?
Right now, if you look at the compatibility, if you need to deploy QRadar in a physical appliance you have only two choices of server, their own or a Lenovo server. In today's world, you cannot keep something tied to such a big brand. Clients want to be able to use whatever type of server they want. It's very limiting for many. You need that flexibility to deploy on any Intel platform.
IBM doesn't have people in every corner of the world. Oracle, for example, is actively training and certifying people so that companies will have access to local connections. IBM is lacking this, and therefore it can be difficult to get qualified support when a customer needs it. They should try to replicate the Oracle approach to training and certifications.
For how long have I used the solution?
I've been using the solution for the last three years or so. It's been a while.
What do I think about the stability of the solution?
The solution is very stable. It's reliable. You don't need to worry about bugs or glitches. It doesn't crash or freeze. It's pretty much a set and forget kind of setup.
What do I think about the scalability of the solution?
The solution scales well. It's stackable, which means you can start small if you want and then just stack more and more. It's perfect for any size of organization, from small to large.
We have sold this solution to six organizations, however, as a whole, we have around 10 customers in Bangladesh. Their sizes vary.
How are customer service and technical support?
In terms of some of the IBM support we recently have received, we've had some issues. While it should be 24/7 support, sometimes we have to wait an extended period. Our customers have had to wait an extended amount of time - in some case like two or three months. Some support we used to get was from the US team and they were good. However, support from elsewhere isn't really that great, and certainly not up to their level of service.
How was the initial setup?
The initial setup is not complex at all. It's very straightforward.
Since it is coming with a predefined image, anybody can actually deploy this on a VM or ia physical appliance. The deployment is flexible.
A control installation takes four to five hours to initialize the console. After that, deployment is dependant on the customer requirements. However, simply initializing the appliance takes two to four hours depending on the allocated resources, therefore, it's quite quick.
What about the implementation team?
From a product perspective, we have three persons in the product team. However, in the deployment and support team, we have five people. We tend to sell and help implement this product to our customers.
What other advice do I have?
We're using the latest version of the solution.
We are a reseller. We're selling the solution to end customers.
Whenever there is a requirement, a security requirement, or an AFM requirement, we actually position IBM QRadar. We proactively promote the solution and the market, so that we can build a community around QRadar. We're trying to build a community around QRadar so that we can increase sales. We need to have local resources to promote the products. Therefore, we are trying to double up that community of QRadar users. We're doing knowledge sharing among our network. We're changing information so that we can have a knowledge-based group so that we can promote the product to more customers.
While I'd recommend the solution, I'd caution that, for any IBM product other than hardware, the local resources are not that great as they are not often available. I can see why some customers are afraid to add this product. It's different from, for example, Oracle, which is doing product training everywhere and is actively certifying people.
Overall, aside from support issues, we've been happy with the solution. I'd rate the solution nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller