The best feature of IBM QRadar is visualization which shows you when there's a spike in the system, and this makes you realize that there's something wrong with the log.
IM Operations Manager at a tech services company with 1,001-5,000 employees
Real User
2022-04-25T09:35:02Z
Apr 25, 2022
IBM Qradar's ability to simplify the number of events, not only on a technical level but by making that information easy to pan through the orchestration deduplication. It is very impressive given that we have hundreds of devices that send event logs through.
Senior Manager Cyber Security Services & Solutions at Trillium
Vendor
Top 10
2022-04-04T15:29:22Z
Apr 4, 2022
I think this is a good product for enterprises because of the performance and out-of-the-box rules and use cases. If they want to reach the maturity level early, they can use these out-of-the-box rules and use cases. That will help them a lot.
Lead Technical Architec at Commercial Bank of Ethiopia
Real User
2022-03-30T06:32:00Z
Mar 30, 2022
It also has a graph that shows the traffic history. I can see what happened yesterday or today. If there's an incident, I can check the traffic behavior on QRadar.
Management Executive at a security firm with 11-50 employees
Real User
2021-09-07T12:23:57Z
Sep 7, 2021
What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value.
Cyber Security Services Operations Manager at a aerospace/defense firm with 501-1,000 employees
Real User
2021-08-06T10:41:11Z
Aug 6, 2021
The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis.
Senior Security Engineer at a tech services company with 1,001-5,000 employees
Real User
2021-06-08T18:53:00Z
Jun 8, 2021
The features that I have found most valuable in QRadar are its data enrichment, use case creations, and adding references - those kinds of features are very good. Also QRadar's event filtration and device integration are perfect.
There are a lot of features in QRadar. App Exchange is the most valuable feature. User behavior analytics (UBA) is also a very good feature. Watson is also there, but we are not currently using Watson.
It is versatile and quite easy. It also has an all-in-one-box feature and good integration with AWS.
Deputy General Manager at a comms service provider with 5,001-10,000 employees
Real User
2021-03-05T20:13:36Z
Mar 5, 2021
When it comes to QRadar, they can do the correlation and not only in networks but also endpoints. This is one of the good features that we have noticed.
Senior Solutions Architect at a manufacturing company with 51-200 employees
Real User
2021-03-05T17:23:52Z
Mar 5, 2021
QRadar, Splunk, and ArcSight are SIEM solutions with built-in AI/ML features. They can do the complete investigation and alert the admin about what is happening. They can also do the root cause analysis.
There are many other features that come with QRadar. It has a more granular log, so you can integrate with various non-IT as well as IT-based components. You can get unstructured data to the SIEM data, and you can identify more what is happening in the network or what is happening in the central head office. You can also identify what is happening between your remote offices. You can also use it to identify what the users in the field are doing on their devices and how things are moving.
From the integration point of view, it is very centric. It gives complete control centrally. If a user is not connected to the system, whenever he comes online, we can see the policy updates over the Internet, and we can ensure that the data that is supposed to be protected is protected.
This is a distributed application, meaning that a customer can stack small and then scale it so that they can expand pretty effectively. You can use, basically, the same product in an SMB or a large enterprise.
Managed Security Product at a comms service provider with 1,001-5,000 employees
Real User
2021-01-24T11:57:00Z
Jan 24, 2021
The feature that I have found most valuable is its artificial intelligence component, Watson. Its contribution is pretty good from a machine-learning artificial intelligence perspective. This compliments the orchestration automation component, as well.
We have worked with other solutions, such as LogRhythm and Splunk. Compared to others, IBM QRadar has the best price-performance ratio so that you are able to reserve minimum costs. It starts settling in fast and gets the first results very quickly. It is also very scalable.
Integrations are quite a useful and key feature of this solution. It has integration with the CVSS score, which is a central point for all the data and scores about the threats. There is an IBM Bluemix dashboard that is integrated with the CVSS score.
Senior Manager Information Security at Conduent (formerly Xerox Services)
Real User
2020-11-27T11:20:17Z
Nov 27, 2020
It is a pretty solid product for the type that it is representing. It is a CM solution as compared to Splunk or ArcSight from HP. It is also user friendly.
It comes with some internal AI as well, in which it automatically maps multiple lots from unrelated devices and makes a smart decision to link them back and create an offense based on that. It is a smart tool.
Security Engineer at a tech services company with 11-50 employees
Real User
2019-06-13T12:36:00Z
Jun 13, 2019
We get events and make the correlation, or rules. In IBM, we can implement our customer's rules. We can have very clear status threats and severity of antigens.
IBM QRadar has improved my organization by introducing many functions. It collects logs from all of our systems in the organization and has functioned very well. It alerts and correlates the aggregate events or offenses we receive through all the applications we use.
Works at a tech services company with 11-50 employees
Real User
2019-04-11T06:16:00Z
Apr 11, 2019
IBM QRadar is easy to scale, it doesn't affect the environment. In our office, we have around 40 - 50 users, but our clients have more users on their networks. Our organization has staff in the software department that manages IBM QRadar for us.
Most of our clients are interested in automation. The automation part is good because they are able to detect threats and vulnerabilities in real time. It's very fast.
IT Security and Business Development Manager at a computer software company with 51-200 employees
Real User
2019-03-06T07:41:00Z
Mar 6, 2019
The support is very good. We get support whenever we need it. Sometimes they respond immediately and sometimes it will be within 24 hours. We can ask them to please do it right away and they can get a request done within an hour or two.
Cybersecurity Practice Lead at a tech services company with 201-500 employees
Real User
2019-03-06T07:40:00Z
Mar 6, 2019
One of the most valuable features is its ability to integrate with other solutions. IBM has a lot of solutions and we have managed to make it work with IBM BigFix and MaaS360, and even Microsoft.
IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution.
Operations Analyst at a logistics company with 51-200 employees
Real User
2018-06-12T12:14:00Z
Jun 12, 2018
An engineer can live-monitor all the flow happening in real-time. This would help us a lot while investigating a case, and it would even help us with preventive actions.
Cybersecurity Architecture and Technology Lead at Appxone
Consultant
Top 20
2017-03-30T06:20:00Z
Mar 30, 2017
Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure.
IBM Security QRadar (recently acquired by Palo Alto Networks) is a security and analytics platform designed to defend against threats and scale security operations. This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility, security teams and analysts can determine their security stance, which...
The event collector, flow collector, PCAP and SOAR are valuable.
The simplicity of the solution is the best feature.
We find predictive analysis capabilities valuable.
The best feature of IBM QRadar is visualization which shows you when there's a spike in the system, and this makes you realize that there's something wrong with the log.
The monitoring and dashboards are great.
IBM Qradar's ability to simplify the number of events, not only on a technical level but by making that information easy to pan through the orchestration deduplication. It is very impressive given that we have hundreds of devices that send event logs through.
I think this is a good product for enterprises because of the performance and out-of-the-box rules and use cases. If they want to reach the maturity level early, they can use these out-of-the-box rules and use cases. That will help them a lot.
It also has a graph that shows the traffic history. I can see what happened yesterday or today. If there's an incident, I can check the traffic behavior on QRadar.
It's built around Red Hat Linux, which is highly robust.
It is a very good SIEM.
Flexible and valuable product that is modular, so you can easily set up a roadmap for your clients.
I have found IBM QRadar to be stable.
The product has plenty of features and capabilities.
It can analyze event logs, event security, and give a good consult.
What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value.
The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis.
The most valuable features are log monitoring, easy-to-fix issues, and problem-solving.
It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch.
No doubt about it, the solution is extremely stable.
Customer service is very good and very helpful.
The features that I have found most valuable in QRadar are its data enrichment, use case creations, and adding references - those kinds of features are very good. Also QRadar's event filtration and device integration are perfect.
The product provides a complete platform for ingesting the log, doing the correlations and handling the runtime.
I have found visibility very helpful for analytics.
There are a lot of features in QRadar. App Exchange is the most valuable feature. User behavior analytics (UBA) is also a very good feature. Watson is also there, but we are not currently using Watson.
It is versatile and quite easy. It also has an all-in-one-box feature and good integration with AWS.
The solution is flexible and easy to use.
When it comes to QRadar, they can do the correlation and not only in networks but also endpoints. This is one of the good features that we have noticed.
QRadar, Splunk, and ArcSight are SIEM solutions with built-in AI/ML features. They can do the complete investigation and alert the admin about what is happening. They can also do the root cause analysis.
There are many other features that come with QRadar. It has a more granular log, so you can integrate with various non-IT as well as IT-based components. You can get unstructured data to the SIEM data, and you can identify more what is happening in the network or what is happening in the central head office. You can also identify what is happening between your remote offices. You can also use it to identify what the users in the field are doing on their devices and how things are moving.
From the integration point of view, it is very centric. It gives complete control centrally. If a user is not connected to the system, whenever he comes online, we can see the policy updates over the Internet, and we can ensure that the data that is supposed to be protected is protected.
Overall a great solution.
This is a good tool to have because it gives you the ability to track what is currently happening in your environment.
The most valuable aspect of the solution is the integration capabilities on offer.
The most valuable feature is user behavior analytics (UBA).
This is a distributed application, meaning that a customer can stack small and then scale it so that they can expand pretty effectively. You can use, basically, the same product in an SMB or a large enterprise.
The detection rate is good and the false positive rate is low.
The feature that I have found most valuable is its artificial intelligence component, Watson. Its contribution is pretty good from a machine-learning artificial intelligence perspective. This compliments the orchestration automation component, as well.
We have worked with other solutions, such as LogRhythm and Splunk. Compared to others, IBM QRadar has the best price-performance ratio so that you are able to reserve minimum costs. It starts settling in fast and gets the first results very quickly. It is also very scalable.
The most valuable feature is the searching capability and real-time operational use.
Integrations are quite a useful and key feature of this solution. It has integration with the CVSS score, which is a central point for all the data and scores about the threats. There is an IBM Bluemix dashboard that is integrated with the CVSS score.
The solution is relatively easy to use.
The UBA feature is the most valuable because you can see everything about users' activities.
I have found its network traffic log, network bit log, and QBI most valuable.
It has very rich functionality.
The best part of this solution is having a third-party SOC.
It is a pretty solid product for the type that it is representing. It is a CM solution as compared to Splunk or ArcSight from HP. It is also user friendly.
It comes with some internal AI as well, in which it automatically maps multiple lots from unrelated devices and makes a smart decision to link them back and create an offense based on that. It is a smart tool.
The solution can scale.
We are using the platform version, which I like.
The rule engine is very easy to use — very flexible.
The most valuable features are the versatility of this solution and the variety of things you can do with it.
The ability to transition from microscopic to macroscopic view, instantly, is very good.
This solution has allowed us to correlate logs from multiple sources.
Provided that the report is prebuilt and I can find what I am looking for, the reporting is the most valuable feature in this solution.
This solution provides me with various alarms, and I have found security issues with some of my other products.
We get events and make the correlation, or rules. In IBM, we can implement our customer's rules. We can have very clear status threats and severity of antigens.
It is a very optimized engine.
IBM QRadar has improved my organization by introducing many functions. It collects logs from all of our systems in the organization and has functioned very well. It alerts and correlates the aggregate events or offenses we receive through all the applications we use.
Vulnerability detection is the most valuable feature. It's the tool that finds the threats.
There is a single dashboard that gives us a complete overview of what is happening around the globe.
In addition to using this solution for our security operations center, we are using it for our other customers.
The most valuable features would have to be the products' ability to customize vulnerability management settings.
IBM QRadar is easy to scale, it doesn't affect the environment. In our office, we have around 40 - 50 users, but our clients have more users on their networks. Our organization has staff in the software department that manages IBM QRadar for us.
The most valuable feature is the QRadar Vulnerability Manager which provides vulnerability scans. In addition, I like the way QRadar generates alerts.
The most valuable feature is the DSM Editor. The custom parsing tool is very nice, outstanding.
It helps us discover any threats with their alerts and tracking.
The stability is good.
Most of our clients are interested in automation. The automation part is good because they are able to detect threats and vulnerabilities in real time. It's very fast.
The support is very good. We get support whenever we need it. Sometimes they respond immediately and sometimes it will be within 24 hours. We can ask them to please do it right away and they can get a request done within an hour or two.
One of the most valuable features is its ability to integrate with other solutions. IBM has a lot of solutions and we have managed to make it work with IBM BigFix and MaaS360, and even Microsoft.
It integrates very easily with other solutions. The solution is flexible. We can add anything to it, as it is a good companion to other tools.
IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution.
The ability to add extensions is the most valuable feature. For example, extensions that provide valuable test ports.
It's quite scalable. We have upgraded some solutions from 1000 APS up to 3500 APS to 5000 APS. It's a good solution, they have no scalability issues.
It is very stable. We have not faced interruptions in the past four and a half years.
It is really helpful to us from the compliance point of view.
QRadar has somewhat of a new structure recently from last gen. They have moved from the standard UI based infrastructure.
A nice benefit is when we go to the process of selecting our youth cases, they go by building blocks. QRadar links it to building blocks.
Log correlation is very useful for processing alerts. It serves to follow up alerts in real-time, building an entire workflow.
It's a state-of-the-art product for security information and event management (SIEM).
On the back-end, Watson helps me figure out an exact problem, sometimes giving me the result.
It showed us where weaknesses were in our environment, so we could actively target those patches first.
It is the core of our entire SOX.
The scalability is awesome, because QRadar includes other solutions in the same console.
We have the abilities to monitor each instance which originates on the process along with the performance of each department.
It is incredibly easy to deploy. All the appliances are flexible in the roles that they serve and are all managed the in the same way.
An engineer can live-monitor all the flow happening in real-time. This would help us a lot while investigating a case, and it would even help us with preventive actions.
Senses, tracks, and links significant incidents and threats.
There are more than 120 extensions in QRadar, which are easy to install and configure. These can improve your analysis of events.
The correlation and the parsing are important features, since it is very important for a SIEM to have a good scalability and performance.
It does good correlation for events. It does good general analysis, and it has good apps as well.
Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure.