Vice President - Technology & Managed Security Services at Valuepoint Systems
Real User
Top 10
2023-01-13T14:37:22Z
Jan 13, 2023
I rate this solution a six out of ten. Regarding advice, using this solution purely depends on the use case. If it meets your use case, then IBM QRadar is good, but other solutions like Securonix are much better.
I rate the solution an eight out of ten. The solution is good but can be improved with enhanced remote control ability. I recommend the solution to new users considering it.
I'm an intern at one of the biggest telecommunication companies, and my company uses IBM QRadar. My advice if you want to use IBM QRadar is that you should use it because it's very scalable and it's easy to use. The solution also has many dashboards, and you don't have to write any code or write different scripts to get the information you need. You can do it from the UI of IBM QRadar. The only room for improvement in the solution is that it doesn't support newer technologies, and it's late when it comes to updates. I'm rating IBM QRadar nine out of ten because my experience with it has been excellent. The only downside to it is that IBM is late with adding new features or supporting new technologies compared to its competitors. My company is an IBM QRadar customer.
IM Operations Manager at a tech services company with 1,001-5,000 employees
Real User
2022-04-25T09:35:02Z
Apr 25, 2022
My advice to others is they have to have IBM Qradar set for purpose and it depends on the role that you see your SIEM solution playing in the company. If you're offering it as a service to other companies, or you're an IT service provider or security solution provider, then yes, you probably need an enterprise base that is scalable but not with smaller enterprises. I do think the IoT component of IBM Qradar is lacking. IBM tried and IoT is not specifically aimed at only cameras or what I call physical access points, integration into what I call scale technology. They are areas that would depend on each business to map out what the requirements are. This is not a McAfee endpoint or a Symantec endpoint device that gives you an alert. There is more competition and innovative application development in this area we've seen in the last few years. I rate IBM Qradar a seven out of ten.
Senior Cyber Security Engineer at a logistics company with 10,001+ employees
Real User
2022-02-15T14:03:00Z
Feb 15, 2022
I rate IBM QRadar nine out of 10. If you're going to use QRadar, you have to be familiar with it and know all the components. IBM offers free appliances, like data nodes, that offload many processes from the collectors and the processors. Every engineer must understand the overall portfolio to add some value to the solutions. If a solution isn't integrated with other solutions, they are only collectors. You need to tune the rules and be up to date with the Mitre Att&ck framework all the time.
Team Lead & Principal Software Engineer at a tech services company with 51-200 employees
Real User
2022-01-12T15:07:00Z
Jan 12, 2022
You receive alerts for misconfigurations which allows your administer to easily reconfigure any issues. The organizations themselves are able to monitor all of their information regarding their team including what attacks they are facing on a daily bases. I would rate this an eight out of ten.
Management Executive at a security firm with 11-50 employees
Real User
2021-09-07T12:23:57Z
Sep 7, 2021
On QRadar, we look at the cloud-based uses as opposed to on-premise due to the cost factor. In terms of SIEM technologies, in terms of what you can get, I would rate it an eight out of ten. The QRadar platform is phenomenal in terms of what it does. If you want to get the best out of IBM, spend more time on the rules generation and the modification of the rules.
Cyber Security Services Operations Manager at a aerospace/defense firm with 501-1,000 employees
Real User
2021-08-06T10:41:11Z
Aug 6, 2021
Make sure that you have the buy-in from different teams in the company because you will need help from the network teams. You will potentially need help from IT. You need to have a strategy of how you onboard logs into SIEM. Do you take a risk-based approach or do you onboard everything? You should take the time to understand the architecture and the implications of design choices. For instance, QRadar Components communicate with each other using SSH tunnels. The normal practice in security is that if I put a device in a DMZ, then communication between the device on the normal network, which is a higher security zone, and the DMZ, which is a lower security zone, will be initiated from the high-security zone. You would not expect the device in the DMZ to initiate communication back into the normal network. In the case of QRadar, if you put your processes in the DMZ, then it has to communicate with the console, which means that you have to allow the processor to communicate. This has consequences. If you have remote sites or you plan to use cloud-based processes, collectors, etc, and have an internal console, the same communication channels have to exist. So, it requires some careful planning. That's the main thing. I would rate QRadar an eight out of 10 as compared to other products.
Practice Head at a tech services company with 51-200 employees
Real User
2021-07-15T07:35:31Z
Jul 15, 2021
I would recommend this solution to others who are looking for an on-premises solution. For a SIEM solution, it is the best one to go with. If they are interested in using the cloud, I would not recommend it. The cloud version of QRadar is QRoC and it is a bit complicated. I would rate this solution an eight out of ten.
We have nearly two hundred customers making use of the solution. We have direct contact with Ingram Micro or have a service partner relationship with it, but work directly with IBM as our ISP. We are a managed security service provider and wholesale customer of IBM QRadar We buy a bulk license from IBM QRadar and host around 200 plus customers in a single integration so that all the customer events will be integrated in one solution. We are not integrators and do not resell their services. As such, we don't buy the license or sell the tools to others. We will buy a license, inclusive of the services, host it with our private cloud and provide services to the end clients. Our customer base of IBM users is limited. When it comes to a security operations center team, IBM will be looked to for providing security monitoring on an ongoing basis. We must see that it is working as it should be. I would recommend this solution to others. I rate IBM QRadar as an eight out of ten.
Senior IT Technical Support at a training & coaching company with 1,001-5,000 employees
Real User
2021-06-24T13:07:45Z
Jun 24, 2021
I'm actually teaching IBM and some services such as IBM QRadar, as part of my work. I'm familiar with Splunk, however, I'm not working with it on a daily basis. I'm teaching that technology to others. I'm not a customer. I'm using it for teaching purposes. I'm working in a training center. I'm not dealing with it on a daily basis, however, I understand how the product works. We do sometimes help integrate it and work as consultants occasionally as well. While 7.4 is out, we're currently working with version 7.3. Overall, I would rate the product at an eight out of ten. There's more to be done on it, however, we are mostly pleased with its capabilities.
Senior Security Engineer at a tech services company with 1,001-5,000 employees
Real User
2021-06-08T18:53:00Z
Jun 8, 2021
We recommend QRadar. It is a good product, a good solution. Every customer should go with IBM QRadar. On a scale of one to ten, I would give IBM QRadar a nine.
Vice President at a financial services firm with 10,001+ employees
Real User
2021-06-08T12:03:00Z
Jun 8, 2021
Someone considering implementing IBM QRadar should possess a good knowledge of his own infrastructure. He should have all the documents in place. While IBM provides very good implementation support, a complete inventory and technology detail is required, in respect of how the application is flowing, how the infrastructure is connected, and the version and inventory relationship. I rate IBM QRadar as an eight out of ten.
AVP - Security at a tech services company with 501-1,000 employees
Real User
2021-06-04T12:28:39Z
Jun 4, 2021
Nowadays cloud stack security is very good. Some of my customers are planning to build their data center over the cloud, or implement cloud-based services using some of the beneficial services, such as threat intelligence services. I rate IBM QRadar a ten out of ten.
It has good integration with AWS. AWS has come up with a Marketplace click-in option that provides direct integration between your AWS and data centers or cloud solutions through a small VPN. It allows you to bring up small environments with 5,000 EPS or 6,000 EPS or even 3,500 EPS or 2,500 EPS very quickly. It is very flexible and not at all tough for a startup engineer to click and bring solutions inside. It is quite easy. I would rate IBM QRadar an eight out of ten.
Senior Solutions Architect at a manufacturing company with 51-200 employees
Real User
2021-03-05T17:23:52Z
Mar 5, 2021
I would recommend this solution. If you are looking for a SIEM solution, IBM QRadar is one that you should ideally look for. I would rate IBM QRadar a nine out of ten.
Head of IT Security, Governance and Compliance at a consumer goods company with 10,001+ employees
Real User
2021-02-11T16:07:00Z
Feb 11, 2021
This is a good tool to have because it gives you the ability to track what is currently happening in your environment. Otherwise, if you did not have that, you'd only react to an event or an incident that has already caused problems. The proactiveness goes a long way because it saves your environment and your business from being negatively affected. In summary, this is a good product but there is always room for improvement. I would rate this solution a nine out of ten.
Cyber Security Consultant at Gulf Business Machines
Reseller
2021-02-10T18:53:33Z
Feb 10, 2021
We are resleers of QRadar. In general, we have been quite happy with the solution. I would rate it nine out of ten. We get excellent visibility in every aspect. It's easy to handle incidents when you really have everything in one place. You begin to know exactly what's happening on a network, and how the systems are performing and behaving. When you compare it to other products, what I would advise is you look at how long they have been in business. This product has been in business for a very long time. You also need to look at the other integration factors, such as forensic, as they're very important. When it comes to forensic, nobody does better than what IBM Qradar Forensic does. There are other factors too - like its Watson integration, and all those things really play an equally important role. It's not only about just the SIM, or your goals towards is going to be in building the SOC, Security Operation Center. It's all about automation as well. The integration should also look into automation capabilities. That way, you will be able to scale it up to build up a proper SOC.
We're using the latest version of the solution. We are a reseller. We're selling the solution to end customers. Whenever there is a requirement, a security requirement, or an AFM requirement, we actually position IBM QRadar. We proactively promote the solution and the market, so that we can build a community around QRadar. We're trying to build a community around QRadar so that we can increase sales. We need to have local resources to promote the products. Therefore, we are trying to double up that community of QRadar users. We're doing knowledge sharing among our network. We're changing information so that we can have a knowledge-based group so that we can promote the product to more customers. While I'd recommend the solution, I'd caution that, for any IBM product other than hardware, the local resources are not that great as they are not often available. I can see why some customers are afraid to add this product. It's different from, for example, Oracle, which is doing product training everywhere and is actively certifying people. Overall, aside from support issues, we've been happy with the solution. I'd rate the solution nine out of ten.
General manager at a tech services company with 201-500 employees
Real User
2021-01-24T15:38:21Z
Jan 24, 2021
Within the past year, IBM developed a SaaS version of QRadar, which is a nice option. My advice for anybody who is considering this solution is to implement the latest IBM offerings together. QRadar is just one of the products, and multiple products can be combined to create the best solution for their needs. I would rate this solution an eight out of ten.
It is not something like a next-generation firewall, next-generation intrusion prevention, or the most complex tool that you have got, which you can install and configure and then see if it runs smoothly. It is a completely different story in QRadar or any similar technology. These solutions or technologies have to be managed continuously. The biggest mistake that innovations people usually make is that they don't plan the total cost of the technology tools for a period of five years, especially because they don't know what kind of new threats are coming out. Despite that, IBM is very early in doing some kind of new content packs and including data enforcement, etc. When new threats are coming in, you effectively need to adjust. The more complex use cases you have, the more complex the responses will be. You might have different systems or you might be working in different time zones. When buying, people think that 70% to 80% percent of the initial purchase is the total they are going to spend within next year at this time, and then every next year, they will spend like 20% or 25% on the technical support, maintenance, development of the system, etc. When you are talking about a huge, complex, and central cybersecurity threat management system, it is more likely that you are implementing a document management system and some complex CIP systems, etc. The cost of the license and the cost of the hardware initially can make up around 20%, 30%, or less percent of the total budget that is needed for quality management of such solutions for a longer period of time. Some people think that if they buy this for 100,000 pounds or euros, the next year, they can buy just annual subscriptions for 25,000 or 20,000. You may have some internal costs for the license, etc. If you are buying for, let's say, 100,000, you might have to make your budget for 200,000 more, because it needs to have certain people who are doing everything with the solution. You need to train them and send them to the IBM international technology academies and events such as Visor to know about its management and maintenance. You probably also need to do some certification, so you need to go for a course for implementation. A lot of internal work should be done to adjust the solution with other departments, and those other departments usually don't like such central, overseeing, and controlled solution. They, later on, learn that they can get a lot of different, useful reports out of it without doing additional work. I would rate IBM QRadar an eight out of ten. Every technology has some weaknesses and strengths. It has a lot of points to improve, but based on everything that we have seen in the market and from other customers, this is, so far, at least in Europe, the best solution.
Director of Information Security at a financial services firm with 501-1,000 employees
Real User
2021-01-12T16:38:34Z
Jan 12, 2021
Like any complex enterprise CM tool, you have to have a strong support organization. People who are good at understanding Linux operating systems. You also need a strong technical support team in-house. I would rate this solution an eight out of ten.
I would definitely recommend this solution. It is a good solution with good capabilities like integration with CMDB and CVSS score. The dashboard is also really nice. It can help with threat intelligence, and it also has artificial intelligence. It is a futuristic kind of technology because the more AI-driven a product is, the better are the results. We plan to keep using this solution. I would rate IBM QRadar a seven out of ten.
I'm using the latest version of the solution. I'm the only user and I use the desktop version of the solution. I'm basically using it because it's here and I have access to it. I would recommend the solution to other organizations, however, if it is right for them depends on their need. Overall, on a scale from one to ten, I'd rate the product at an eight. We've mostly been pretty satisfied with it.
When you go for this solution, you are paying not only for the product but also for integration, good staff to help you, scalability, and many other things. There are many things that you can use in QRadar. It is easy to use. I would rate IBM QRadar a nine out of ten.
IT Security Analyst at a manufacturing company with 10,001+ employees
Real User
2020-12-10T17:37:00Z
Dec 10, 2020
I would absolutely recommend QRadar because it has a lot of options to improve or detect some information. On a scale of one to ten, I would give QRadar a 10.
This is a good product but there is room for improvement in several areas, including the integration of advanced data mining. I would rate this solution a six out of ten.
Sr. Information Security Analyst at a insurance company with 51-200 employees
Real User
2020-11-30T14:46:28Z
Nov 30, 2020
I would recommend having a third-party vendor. There are a lot of alerts and a lot of tuning that has to be done. Every time we add new rules to it, an alert goes up. Having the SOC to go through it all first is very beneficial. For what we do, I would rate IBM QRadar a ten out of ten. We are satisfied with it.
Senior Manager Information Security at Conduent (formerly Xerox Services)
Real User
2020-11-27T11:20:17Z
Nov 27, 2020
I would absolutely recommend this solution. I am pretty okay with it, and I don't have any issues with it. It has some competitors like Splunk and LogRhythm. Symantec has its own SIEM solution. ArcSight, LogRhythm, and Splunk are in the first quadrant for the Gartner research. They are leaders in their products, and they know what they're doing. It also comes down to what your company is into, how does it fit into a particular environment, and how compatible it is with a particular environment. I could have gone on the Splunk path and probably said the same thing for it as well. I would rate IBM QRadar a nine out of ten. It is a pretty solid product.
Information Security Specialist at a comms service provider with 501-1,000 employees
Real User
2020-11-25T19:59:57Z
Nov 25, 2020
I'm not sure of which version of the solution we're using. I wouldn't recommend the solution. I'd probably tell others to shy away and look at other products like possibly Splunk, however, it's a pricey option. LogRhythm is pretty good. We're having some issues with it. That said, for the most part, it's okay. Exabeam also seems like it might be a good option. I haven't worked with it personally, however, I've had some experience with a POC. Overall, I would rate the solution at a three out of ten. We didn't have a good experience with it. If it offered, for example, easier behavior analytics, easier integrations, better interface, supported model integration, and a good user interface to perform analysis I might rate it higher. Basically, it just needs to be much more user-friendly.
I'd recommend QRadar for security teams that are more from the IT world and not so much from the development or data-science world. I think other tools, such as Splunk, are really great too, but QRadar is natively concerned with providing security rules and use cases. If you're looking for a reliable solution for security purposes only, QRadar is probably the way to go. Overall, on a scale from one to ten, I would give this solution a rating of eight.
Chief Technology Officer at a tech services company with 51-200 employees
Real User
2019-06-16T07:23:00Z
Jun 16, 2019
This is a good solution, but I am familiar with the capabilities of the other products and IBM needs to make some improvements. I would rate this solution a seven out of ten.
B.T. Güvenlik Yöneticisi at a energy/utilities company with 10,001+ employees
Real User
2019-06-13T12:36:00Z
Jun 13, 2019
There are many good products and solutions on the market, but for implementation and maintenance, I can say that the most important thing is local support. We do not have any issues with this product, and we have seen the benefits of it. It is easily configured and installed, and we have a local team to support it. It does have issues in terms of user experience, however. I would rate this solution an eight out of ten.
Security Engineer at a tech services company with 11-50 employees
Real User
2019-06-13T12:36:00Z
Jun 13, 2019
The first advice I give my customers before buying SIEM is: "You should understand the solution well before starting the implementation." If they don't understand the solution, they will never be able to use it correctly. This is the first piece. The second point is that they will resist the change made to the setup installation. If they look for the solution, QRadar ATM is the best. I would rate this solution as nine out of ten. I think there is no perfect product; maybe there will never be a perfect product. When I started to learn IBM QRadar, it was complicated to me in the beginning, because we did the installation for the customer. It is complicated, and the meaning and training were not very clear.
I would recommend this product. It is very simple to install, and not a complicated solution. IBM supplies regular software updates. I would rate this solution an eight out of ten.
Marketing Director at a aerospace/defense firm with 1-10 employees
Real User
2019-04-29T07:11:00Z
Apr 29, 2019
This kind of solution is essential. The communication network functions very well. On a scale of one to 10, ten being the best, I would give this product a rating of nine.
The solution functions very well. It is amazing but there are some bugs with it. The unknown bugs can just come up with the adaptor with the data stored in Qradar. On a scale from one to 10, ten being the best, I would rate this product an eight out of 10.
I think this product adds significant value to organizations seeking a scalable, security integration tool. It does a great job of identifying, classifying, prioritizing, remediating, and mitigating software vulnerabilities. It's a good solution On a scale of 1 - 10, 10 being the best, I give this product a rating of 9.
Works at a tech services company with 11-50 employees
Real User
2019-04-11T06:16:00Z
Apr 11, 2019
I would recommend IBM QRadar because of the security features and the organization. I can recommend the security. Security is nowadays an essential part of IBM QRadar. IBM QRadar is probably the best possible solution in the market. I would rate it an eight out of 10.
Vulnerability Manager at a tech services company with 51-200 employees
Reseller
2019-03-31T09:41:00Z
Mar 31, 2019
QRadar, as a product, might be very straightforward, but to fully understand the product you would need to go for the QRadar training. IBM's training for QRadar is very expensive but it really helps you use the product to its full potential. Before I went to the training, I only used about ten percent of its capability. I would recommend going for the training on the product. In terms of the number of users, it's not users logging in every day and doing stuff on QRadar. It's a handful of people from the team monitoring QRadar. We could be managing, for example, 50 or 70 customers through one dashboard and about ten people would be monitoring it. The users have a specific role. The amount of staff required for deployment or maintenance depends on the type of update or patch that's being deployed. For deployment of a new patch it, it could take anything from an hour to about ten hours. It depends on the patch, how big the patch is, and if you've gone through a testing phase or not. So there are multiple dependencies on how long it would take. An average, for me, would be three hours to do certain deployments. Currently it's being used quite widely. The only downfall of this product would be its price. I wouldn't recommend it for a small company. For larger companies I know it's being widely used.
Overall, it's much better than other products. In terms of increasing its usage, I have suggested to my organization that it tell customers to use it, its capacity and capabilities, with other tools like Watson.
Senior Information Security Analyst at a financial services firm with 501-1,000 employees
Real User
2019-03-28T08:19:00Z
Mar 28, 2019
I would advise someone considering this solution to write down your use cases and evaluate them with the vendor. Evaluate the best solution based on your use cases because you are the ones who are going to use it. The vendor will try and implement and leave you with your problems. If the solution meets your requirements and solves most of your problems, you're good to go. QRadar is the best solution we have. The only challenge is that IBM has been a closed enterprise. It should be more open to integrating with other providers at an enterprise level. We're a bank and the core banking system integration is not always straightforward and there is no integration between IBM and these products. If IBM could open up and provide a way of integrating it seamlessly, without charging more for it, that would make a big difference. I would rate it an eight out of ten.
I would rate it an eight out of ten. Not a ten because the configuration part of it should be easier. They tried to integrate everything together to be all in one, but it's not easy to configure.
IT Security and Business Development Manager at a tech services company with 51-200 employees
Real User
2019-03-06T07:41:00Z
Mar 6, 2019
I would advise someone considering this solution to evaluate several solutions, compare them, and if there is an option for customization check with the solution provider, and then go for it. I would rate it a seven out of ten. It's a good solution, we've used it for a long time, but then there are a few issues with security.
Cybersecurity Practice Lead at a tech services company with 201-500 employees
Real User
2019-03-06T07:40:00Z
Mar 6, 2019
My advice is to take your time. It depends on your network, on what you want to gather information from. Make sure that the networking and the cybersecurity teams are working towards a common goal. The solution is very much worth it. You can gather all the information that you need as long as you know first what you need. This solution is mainly for the Security Operations Center, so there are just three or four users. But it's one of the key tools for us to identify threats and attacks. The users are security operations analysts and threat hunters. In our case, deployment and maintenance requires just a few people. They are the network administrators and our cybersecurity engineers. At the moment we have no plans to increase usage. If the company grows, usage should grow as well. The company is growing but, as of the moment, we are planning for expansion. That's why the solutions that we carry are already built for expansion for the next three to five years. I would rate QRadar at eight out of ten. It's not perfect and the big issues would be the price and it that it takes some time to understand it. But so far, it's one of the best solutions out there.
Manager-Cloud Security Operations at a retailer with 10,001+ employees
Real User
2018-10-29T15:46:00Z
Oct 29, 2018
If you are a medium to large size enterprise, you can surely consider IBM as one of the major contenders for your selection. If you are a small enterprise, QRadar may be too much for you, it may be too complex. When deciding on a solution, we always consider: * Cost-benefit * Shelf-life of the solution * Security of the solution
Senior Security Architect at Larsen & Toubro Infotech Ltd.
Real User
2018-10-04T17:27:00Z
Oct 4, 2018
There are new things that are coming up in QRadar, such as AI to IBM Watson. This is going to create a huge impact in these types of solutions, because we don't have an artificial intelligence coming in. There are other tools that have artificial intelligence, but IBM QRadar getting integrated with artificial intelligence is the next step. It should be noted that the QRadar type products are actually changing their strategy. they will move on to the next stage that is called "Threat Hunting." Instead of waiting for some attack to happen and getting an alert, the new solutions will try to find out those suspicious activities in your network or environment and resolve it before it creates havoc.
Director of Market Enabling Solutions at Raksha Technologies Pvt Ltd
Reseller
2018-07-22T08:31:00Z
Jul 22, 2018
I would rate it a seven out of 10. I have had some challenges integrating this solution. Each organization is looking for security. If you have a SIEM tool, you can integrate it with all of your security devices, and get all your security logs. This console gives you the entire view, which makes life easier and allows you to take precautionary measures. People who handle only four or five security devices spread across the globe should go with this SIEM tool.
Do your research before implementing it, because it is tough to implement. Most important criteria when selecting a vendor: support. I say this to every vendor. It is not always about pricing, which is nice when we start, but when the crap hits the fan. I want the vendor to be there with me.
Network Security Engineer at a wellness & fitness company with 10,001+ employees
Real User
2018-06-29T07:18:00Z
Jun 29, 2018
The most important criteria when selecting a vendor: stability. The security space is tough. Unlike a lot of other spaces, IBM will not be bought anytime soon as a 100 year-old company.
Research, and don’t be afraid to do a few PoCs. Also, make sure you have a team for the tool. Most solutions require a team, so if you cannot apply a team towards the tool then hopefully you can use one of the managed SIEM options.
Lead Security Infrastructure Engineer at a financial services firm with 5,001-10,000 employees
Real User
2018-06-26T12:31:00Z
Jun 26, 2018
Understand how your analysts need to use SIEM to execute use cases. This platform can collect and normalize data better than just about anything (if you want it to), but it will not be useful if it is not presented in a useful way.
Partner at a tech services company with 1-10 employees
Real User
2018-06-26T12:31:00Z
Jun 26, 2018
Ensure you have the functional skills on BPM and the technical skills on IBM BPM. We used to be IBM partners, but are not anymore. Now, we are Red Hat partners.
Network and Security Technical Team Leader at a wholesaler/distributor with 201-500 employees
Real User
2018-06-03T09:17:00Z
Jun 3, 2018
IBM needs to invest more into the collaboration with other vendors. If you want to go to IBM, do not just go for QRadar. You need QRadar and all the products that surround QRadar, especially BigFix, because the product is ten times stronger with it. Most important criteria when selecting a vendor: * The technical features of the solution. * The people in my region at the vendor. * The perspective of the project manager on the customer side. * Data involved and time of the implementation. * The needs of the customer. * The cost of the project. * Training involved.
Vulnerability Manager at a tech services company with 51-200 employees
Reseller
2017-04-05T06:02:00Z
Apr 5, 2017
Just spec it correctly and it will do its job for you. It has an active community. IBM patches the product regularly when problems are picked up. I haven’t heard about a lot of problems from other people using the product. When we only have four hours to respond, an hour can make a difference in waiting for support.
IBM Security QRadar (recently acquired by Palo Alto Networks) is a security and analytics platform designed to defend against threats and scale security operations. This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility, security teams and analysts can determine their security stance, which...
I rate this solution a nine out of ten.
I rate this solution a six out of ten. Regarding advice, using this solution purely depends on the use case. If it meets your use case, then IBM QRadar is good, but other solutions like Securonix are much better.
I rate the solution an eight out of ten. The solution is good but can be improved with enhanced remote control ability. I recommend the solution to new users considering it.
I'm an intern at one of the biggest telecommunication companies, and my company uses IBM QRadar. My advice if you want to use IBM QRadar is that you should use it because it's very scalable and it's easy to use. The solution also has many dashboards, and you don't have to write any code or write different scripts to get the information you need. You can do it from the UI of IBM QRadar. The only room for improvement in the solution is that it doesn't support newer technologies, and it's late when it comes to updates. I'm rating IBM QRadar nine out of ten because my experience with it has been excellent. The only downside to it is that IBM is late with adding new features or supporting new technologies compared to its competitors. My company is an IBM QRadar customer.
My advice to others is they have to have IBM Qradar set for purpose and it depends on the role that you see your SIEM solution playing in the company. If you're offering it as a service to other companies, or you're an IT service provider or security solution provider, then yes, you probably need an enterprise base that is scalable but not with smaller enterprises. I do think the IoT component of IBM Qradar is lacking. IBM tried and IoT is not specifically aimed at only cameras or what I call physical access points, integration into what I call scale technology. They are areas that would depend on each business to map out what the requirements are. This is not a McAfee endpoint or a Symantec endpoint device that gives you an alert. There is more competition and innovative application development in this area we've seen in the last few years. I rate IBM Qradar a seven out of ten.
I will recommend this solution to potential users. On a scale from one to ten, I would give IBM QRadar User Behavior Analytics a seven.
I rate QRadar eight out of 10.
I rate IBM QRadar nine out of 10. If you're going to use QRadar, you have to be familiar with it and know all the components. IBM offers free appliances, like data nodes, that offload many processes from the collectors and the processors. Every engineer must understand the overall portfolio to add some value to the solutions. If a solution isn't integrated with other solutions, they are only collectors. You need to tune the rules and be up to date with the Mitre Att&ck framework all the time.
You receive alerts for misconfigurations which allows your administer to easily reconfigure any issues. The organizations themselves are able to monitor all of their information regarding their team including what attacks they are facing on a daily bases. I would rate this an eight out of ten.
I would rate it an eight out of ten.
I rate QRadar an eight out of ten. I would recommend QRadar, as well as LogRhythm, to others considering implementation.
I recommend this solution to others. I rate IBM QRadar an eight out of ten.
I rate the solution nine out of 10.
I recommend this solution because I think they provide great support from the sales and technical perspective. I rate the solution nine out of 10.
On QRadar, we look at the cloud-based uses as opposed to on-premise due to the cost factor. In terms of SIEM technologies, in terms of what you can get, I would rate it an eight out of ten. The QRadar platform is phenomenal in terms of what it does. If you want to get the best out of IBM, spend more time on the rules generation and the modification of the rules.
Make sure that you have the buy-in from different teams in the company because you will need help from the network teams. You will potentially need help from IT. You need to have a strategy of how you onboard logs into SIEM. Do you take a risk-based approach or do you onboard everything? You should take the time to understand the architecture and the implications of design choices. For instance, QRadar Components communicate with each other using SSH tunnels. The normal practice in security is that if I put a device in a DMZ, then communication between the device on the normal network, which is a higher security zone, and the DMZ, which is a lower security zone, will be initiated from the high-security zone. You would not expect the device in the DMZ to initiate communication back into the normal network. In the case of QRadar, if you put your processes in the DMZ, then it has to communicate with the console, which means that you have to allow the processor to communicate. This has consequences. If you have remote sites or you plan to use cloud-based processes, collectors, etc, and have an internal console, the same communication channels have to exist. So, it requires some careful planning. That's the main thing. I would rate QRadar an eight out of 10 as compared to other products.
I would recommend this solution to others. I rate IBM QRadar a seven out of ten.
I would recommend this solution to others who are looking for an on-premises solution. For a SIEM solution, it is the best one to go with. If they are interested in using the cloud, I would not recommend it. The cloud version of QRadar is QRoC and it is a bit complicated. I would rate this solution an eight out of ten.
We have nearly two hundred customers making use of the solution. We have direct contact with Ingram Micro or have a service partner relationship with it, but work directly with IBM as our ISP. We are a managed security service provider and wholesale customer of IBM QRadar We buy a bulk license from IBM QRadar and host around 200 plus customers in a single integration so that all the customer events will be integrated in one solution. We are not integrators and do not resell their services. As such, we don't buy the license or sell the tools to others. We will buy a license, inclusive of the services, host it with our private cloud and provide services to the end clients. Our customer base of IBM users is limited. When it comes to a security operations center team, IBM will be looked to for providing security monitoring on an ongoing basis. We must see that it is working as it should be. I would recommend this solution to others. I rate IBM QRadar as an eight out of ten.
I'm actually teaching IBM and some services such as IBM QRadar, as part of my work. I'm familiar with Splunk, however, I'm not working with it on a daily basis. I'm teaching that technology to others. I'm not a customer. I'm using it for teaching purposes. I'm working in a training center. I'm not dealing with it on a daily basis, however, I understand how the product works. We do sometimes help integrate it and work as consultants occasionally as well. While 7.4 is out, we're currently working with version 7.3. Overall, I would rate the product at an eight out of ten. There's more to be done on it, however, we are mostly pleased with its capabilities.
We recommend QRadar. It is a good product, a good solution. Every customer should go with IBM QRadar. On a scale of one to ten, I would give IBM QRadar a nine.
Someone considering implementing IBM QRadar should possess a good knowledge of his own infrastructure. He should have all the documents in place. While IBM provides very good implementation support, a complete inventory and technology detail is required, in respect of how the application is flowing, how the infrastructure is connected, and the version and inventory relationship. I rate IBM QRadar as an eight out of ten.
Nowadays cloud stack security is very good. Some of my customers are planning to build their data center over the cloud, or implement cloud-based services using some of the beneficial services, such as threat intelligence services. I rate IBM QRadar a ten out of ten.
It has good integration with AWS. AWS has come up with a Marketplace click-in option that provides direct integration between your AWS and data centers or cloud solutions through a small VPN. It allows you to bring up small environments with 5,000 EPS or 6,000 EPS or even 3,500 EPS or 2,500 EPS very quickly. It is very flexible and not at all tough for a startup engineer to click and bring solutions inside. It is quite easy. I would rate IBM QRadar an eight out of ten.
I would recommend this solution to others. We have invested in it and we plan on using it in the future. I rate IBM QRadar an eight out of ten.
I rate IBM QRadar a nine out of ten.
I would recommend this solution. If you are looking for a SIEM solution, IBM QRadar is one that you should ideally look for. I would rate IBM QRadar a nine out of ten.
I rate IBM QRadar a ten out of ten.
This is a good tool to have because it gives you the ability to track what is currently happening in your environment. Otherwise, if you did not have that, you'd only react to an event or an incident that has already caused problems. The proactiveness goes a long way because it saves your environment and your business from being negatively affected. In summary, this is a good product but there is always room for improvement. I would rate this solution a nine out of ten.
We are resleers of QRadar. In general, we have been quite happy with the solution. I would rate it nine out of ten. We get excellent visibility in every aspect. It's easy to handle incidents when you really have everything in one place. You begin to know exactly what's happening on a network, and how the systems are performing and behaving. When you compare it to other products, what I would advise is you look at how long they have been in business. This product has been in business for a very long time. You also need to look at the other integration factors, such as forensic, as they're very important. When it comes to forensic, nobody does better than what IBM Qradar Forensic does. There are other factors too - like its Watson integration, and all those things really play an equally important role. It's not only about just the SIM, or your goals towards is going to be in building the SOC, Security Operation Center. It's all about automation as well. The integration should also look into automation capabilities. That way, you will be able to scale it up to build up a proper SOC.
I would rate this product a nine out of ten.
We're using the latest version of the solution. We are a reseller. We're selling the solution to end customers. Whenever there is a requirement, a security requirement, or an AFM requirement, we actually position IBM QRadar. We proactively promote the solution and the market, so that we can build a community around QRadar. We're trying to build a community around QRadar so that we can increase sales. We need to have local resources to promote the products. Therefore, we are trying to double up that community of QRadar users. We're doing knowledge sharing among our network. We're changing information so that we can have a knowledge-based group so that we can promote the product to more customers. While I'd recommend the solution, I'd caution that, for any IBM product other than hardware, the local resources are not that great as they are not often available. I can see why some customers are afraid to add this product. It's different from, for example, Oracle, which is doing product training everywhere and is actively certifying people. Overall, aside from support issues, we've been happy with the solution. I'd rate the solution nine out of ten.
Within the past year, IBM developed a SaaS version of QRadar, which is a nice option. My advice for anybody who is considering this solution is to implement the latest IBM offerings together. QRadar is just one of the products, and multiple products can be combined to create the best solution for their needs. I would rate this solution an eight out of ten.
I would recommend IBM to others who want to start using it. On a scale from one to 10, I would rate IBM QRadar a seven.
It is not something like a next-generation firewall, next-generation intrusion prevention, or the most complex tool that you have got, which you can install and configure and then see if it runs smoothly. It is a completely different story in QRadar or any similar technology. These solutions or technologies have to be managed continuously. The biggest mistake that innovations people usually make is that they don't plan the total cost of the technology tools for a period of five years, especially because they don't know what kind of new threats are coming out. Despite that, IBM is very early in doing some kind of new content packs and including data enforcement, etc. When new threats are coming in, you effectively need to adjust. The more complex use cases you have, the more complex the responses will be. You might have different systems or you might be working in different time zones. When buying, people think that 70% to 80% percent of the initial purchase is the total they are going to spend within next year at this time, and then every next year, they will spend like 20% or 25% on the technical support, maintenance, development of the system, etc. When you are talking about a huge, complex, and central cybersecurity threat management system, it is more likely that you are implementing a document management system and some complex CIP systems, etc. The cost of the license and the cost of the hardware initially can make up around 20%, 30%, or less percent of the total budget that is needed for quality management of such solutions for a longer period of time. Some people think that if they buy this for 100,000 pounds or euros, the next year, they can buy just annual subscriptions for 25,000 or 20,000. You may have some internal costs for the license, etc. If you are buying for, let's say, 100,000, you might have to make your budget for 200,000 more, because it needs to have certain people who are doing everything with the solution. You need to train them and send them to the IBM international technology academies and events such as Visor to know about its management and maintenance. You probably also need to do some certification, so you need to go for a course for implementation. A lot of internal work should be done to adjust the solution with other departments, and those other departments usually don't like such central, overseeing, and controlled solution. They, later on, learn that they can get a lot of different, useful reports out of it without doing additional work. I would rate IBM QRadar an eight out of ten. Every technology has some weaknesses and strengths. It has a lot of points to improve, but based on everything that we have seen in the market and from other customers, this is, so far, at least in Europe, the best solution.
Like any complex enterprise CM tool, you have to have a strong support organization. People who are good at understanding Linux operating systems. You also need a strong technical support team in-house. I would rate this solution an eight out of ten.
I would definitely recommend this solution. It is a good solution with good capabilities like integration with CMDB and CVSS score. The dashboard is also really nice. It can help with threat intelligence, and it also has artificial intelligence. It is a futuristic kind of technology because the more AI-driven a product is, the better are the results. We plan to keep using this solution. I would rate IBM QRadar a seven out of ten.
I'm using the latest version of the solution. I'm the only user and I use the desktop version of the solution. I'm basically using it because it's here and I have access to it. I would recommend the solution to other organizations, however, if it is right for them depends on their need. Overall, on a scale from one to ten, I'd rate the product at an eight. We've mostly been pretty satisfied with it.
When you go for this solution, you are paying not only for the product but also for integration, good staff to help you, scalability, and many other things. There are many things that you can use in QRadar. It is easy to use. I would rate IBM QRadar a nine out of ten.
I would absolutely recommend QRadar because it has a lot of options to improve or detect some information. On a scale of one to ten, I would give QRadar a 10.
This is a good product but there is room for improvement in several areas, including the integration of advanced data mining. I would rate this solution a six out of ten.
I would recommend having a third-party vendor. There are a lot of alerts and a lot of tuning that has to be done. Every time we add new rules to it, an alert goes up. Having the SOC to go through it all first is very beneficial. For what we do, I would rate IBM QRadar a ten out of ten. We are satisfied with it.
I would absolutely recommend this solution. I am pretty okay with it, and I don't have any issues with it. It has some competitors like Splunk and LogRhythm. Symantec has its own SIEM solution. ArcSight, LogRhythm, and Splunk are in the first quadrant for the Gartner research. They are leaders in their products, and they know what they're doing. It also comes down to what your company is into, how does it fit into a particular environment, and how compatible it is with a particular environment. I could have gone on the Splunk path and probably said the same thing for it as well. I would rate IBM QRadar a nine out of ten. It is a pretty solid product.
I'm not sure of which version of the solution we're using. I wouldn't recommend the solution. I'd probably tell others to shy away and look at other products like possibly Splunk, however, it's a pricey option. LogRhythm is pretty good. We're having some issues with it. That said, for the most part, it's okay. Exabeam also seems like it might be a good option. I haven't worked with it personally, however, I've had some experience with a POC. Overall, I would rate the solution at a three out of ten. We didn't have a good experience with it. If it offered, for example, easier behavior analytics, easier integrations, better interface, supported model integration, and a good user interface to perform analysis I might rate it higher. Basically, it just needs to be much more user-friendly.
Overall, I like this product and I think that the features are good enough. I would rate this solution a seven out of ten.
I'd recommend QRadar for security teams that are more from the IT world and not so much from the development or data-science world. I think other tools, such as Splunk, are really great too, but QRadar is natively concerned with providing security rules and use cases. If you're looking for a reliable solution for security purposes only, QRadar is probably the way to go. Overall, on a scale from one to ten, I would give this solution a rating of eight.
I think the tool is very complete and very agile. I would rate this solution a ten out of ten.
If you absolutely positively have to catch the bad guys, and you have a heterogeneous environment QRadar is a great choice.
This is a good solution, but I am familiar with the capabilities of the other products and IBM needs to make some improvements. I would rate this solution a seven out of ten.
There are many good products and solutions on the market, but for implementation and maintenance, I can say that the most important thing is local support. We do not have any issues with this product, and we have seen the benefits of it. It is easily configured and installed, and we have a local team to support it. It does have issues in terms of user experience, however. I would rate this solution an eight out of ten.
The first advice I give my customers before buying SIEM is: "You should understand the solution well before starting the implementation." If they don't understand the solution, they will never be able to use it correctly. This is the first piece. The second point is that they will resist the change made to the setup installation. If they look for the solution, QRadar ATM is the best. I would rate this solution as nine out of ten. I think there is no perfect product; maybe there will never be a perfect product. When I started to learn IBM QRadar, it was complicated to me in the beginning, because we did the installation for the customer. It is complicated, and the meaning and training were not very clear.
I would recommend this product. It is very simple to install, and not a complicated solution. IBM supplies regular software updates. I would rate this solution an eight out of ten.
This kind of solution is essential. The communication network functions very well. On a scale of one to 10, ten being the best, I would give this product a rating of nine.
The solution functions very well. It is amazing but there are some bugs with it. The unknown bugs can just come up with the adaptor with the data stored in Qradar. On a scale from one to 10, ten being the best, I would rate this product an eight out of 10.
I would rate this solution eight and a half out of ten.
I would rate this product eight out of ten.
I think this product adds significant value to organizations seeking a scalable, security integration tool. It does a great job of identifying, classifying, prioritizing, remediating, and mitigating software vulnerabilities. It's a good solution On a scale of 1 - 10, 10 being the best, I give this product a rating of 9.
I would recommend IBM QRadar because of the security features and the organization. I can recommend the security. Security is nowadays an essential part of IBM QRadar. IBM QRadar is probably the best possible solution in the market. I would rate it an eight out of 10.
QRadar, as a product, might be very straightforward, but to fully understand the product you would need to go for the QRadar training. IBM's training for QRadar is very expensive but it really helps you use the product to its full potential. Before I went to the training, I only used about ten percent of its capability. I would recommend going for the training on the product. In terms of the number of users, it's not users logging in every day and doing stuff on QRadar. It's a handful of people from the team monitoring QRadar. We could be managing, for example, 50 or 70 customers through one dashboard and about ten people would be monitoring it. The users have a specific role. The amount of staff required for deployment or maintenance depends on the type of update or patch that's being deployed. For deployment of a new patch it, it could take anything from an hour to about ten hours. It depends on the patch, how big the patch is, and if you've gone through a testing phase or not. So there are multiple dependencies on how long it would take. An average, for me, would be three hours to do certain deployments. Currently it's being used quite widely. The only downfall of this product would be its price. I wouldn't recommend it for a small company. For larger companies I know it's being widely used.
Overall, it's much better than other products. In terms of increasing its usage, I have suggested to my organization that it tell customers to use it, its capacity and capabilities, with other tools like Watson.
I would advise someone considering this solution to write down your use cases and evaluate them with the vendor. Evaluate the best solution based on your use cases because you are the ones who are going to use it. The vendor will try and implement and leave you with your problems. If the solution meets your requirements and solves most of your problems, you're good to go. QRadar is the best solution we have. The only challenge is that IBM has been a closed enterprise. It should be more open to integrating with other providers at an enterprise level. We're a bank and the core banking system integration is not always straightforward and there is no integration between IBM and these products. If IBM could open up and provide a way of integrating it seamlessly, without charging more for it, that would make a big difference. I would rate it an eight out of ten.
I would rate it an eight out of ten. Not a ten because the configuration part of it should be easier. They tried to integrate everything together to be all in one, but it's not easy to configure.
I would advise someone considering this solution to evaluate several solutions, compare them, and if there is an option for customization check with the solution provider, and then go for it. I would rate it a seven out of ten. It's a good solution, we've used it for a long time, but then there are a few issues with security.
My advice is to take your time. It depends on your network, on what you want to gather information from. Make sure that the networking and the cybersecurity teams are working towards a common goal. The solution is very much worth it. You can gather all the information that you need as long as you know first what you need. This solution is mainly for the Security Operations Center, so there are just three or four users. But it's one of the key tools for us to identify threats and attacks. The users are security operations analysts and threat hunters. In our case, deployment and maintenance requires just a few people. They are the network administrators and our cybersecurity engineers. At the moment we have no plans to increase usage. If the company grows, usage should grow as well. The company is growing but, as of the moment, we are planning for expansion. That's why the solutions that we carry are already built for expansion for the next three to five years. I would rate QRadar at eight out of ten. It's not perfect and the big issues would be the price and it that it takes some time to understand it. But so far, it's one of the best solutions out there.
I would rate it an eight out of ten.
I would rate it an eight out of ten. Not a ten because of the complex interface.
I would rate this solution a six out of ten.
I would rate it an eight out of ten.
If you are a medium to large size enterprise, you can surely consider IBM as one of the major contenders for your selection. If you are a small enterprise, QRadar may be too much for you, it may be too complex. When deciding on a solution, we always consider: * Cost-benefit * Shelf-life of the solution * Security of the solution
There are new things that are coming up in QRadar, such as AI to IBM Watson. This is going to create a huge impact in these types of solutions, because we don't have an artificial intelligence coming in. There are other tools that have artificial intelligence, but IBM QRadar getting integrated with artificial intelligence is the next step. It should be noted that the QRadar type products are actually changing their strategy. they will move on to the next stage that is called "Threat Hunting." Instead of waiting for some attack to happen and getting an alert, the new solutions will try to find out those suspicious activities in your network or environment and resolve it before it creates havoc.
I highly recommend this product.
I would rate it a seven out of 10. I have had some challenges integrating this solution. Each organization is looking for security. If you have a SIEM tool, you can integrate it with all of your security devices, and get all your security logs. This console gives you the entire view, which makes life easier and allows you to take precautionary measures. People who handle only four or five security devices spread across the globe should go with this SIEM tool.
Do your research before implementing it, because it is tough to implement. Most important criteria when selecting a vendor: support. I say this to every vendor. It is not always about pricing, which is nice when we start, but when the crap hits the fan. I want the vendor to be there with me.
The most important criteria when selecting a vendor: stability. The security space is tough. Unlike a lot of other spaces, IBM will not be bought anytime soon as a 100 year-old company.
Most important criteria when selecting a vendor: Our customers need a cross of different units which make up a better solution for them.
Research, and don’t be afraid to do a few PoCs. Also, make sure you have a team for the tool. Most solutions require a team, so if you cannot apply a team towards the tool then hopefully you can use one of the managed SIEM options.
Understand how your analysts need to use SIEM to execute use cases. This platform can collect and normalize data better than just about anything (if you want it to), but it will not be useful if it is not presented in a useful way.
Ensure you have the functional skills on BPM and the technical skills on IBM BPM. We used to be IBM partners, but are not anymore. Now, we are Red Hat partners.
Overall, I love this product.
Think scalability and make sure your product can be integrate into QRadar.
IBM needs to invest more into the collaboration with other vendors. If you want to go to IBM, do not just go for QRadar. You need QRadar and all the products that surround QRadar, especially BigFix, because the product is ten times stronger with it. Most important criteria when selecting a vendor: * The technical features of the solution. * The people in my region at the vendor. * The perspective of the project manager on the customer side. * Data involved and time of the implementation. * The needs of the customer. * The cost of the project. * Training involved.
Just spec it correctly and it will do its job for you. It has an active community. IBM patches the product regularly when problems are picked up. I haven’t heard about a lot of problems from other people using the product. When we only have four hours to respond, an hour can make a difference in waiting for support.
QRadar also supports UBA which is a fantastic feature to detect user's malicious activities.