Executive Vice President at a computer software company with 11-50 employees
Real User
2024-07-29T16:14:02Z
Jul 29, 2024
Basically, it is a product that serves as an SIEM solution, and its main competitor is Splunk. Splunk and IBM are lookalike tools. IBM Security QRadar hosts a panel where you can feed just about anything you can think of in terms of electronics as it relates to security, along with other elements of infrastructure. The tool provides notification of events.
We utilize the product for our Security Operations Center operations. Additionally, we extend its use to our customers, employing it for tasks such as threat hunting, investigation, and triage analysis.
We use IBM Security QRadar for storage. These tools are setting high tools on the usage of the logs from multiple devices. It manages millions of logs from multiple devices, such as firewalls, routers, switches, etc. The solution is stable and has better support than LogRhythm. It doesn't have multiple components or servers, troubleshooting, or remote servers. It is based on a CentOS platform, and implementation is difficult.
Information Security Engineer at Glasshouse Systems
Real User
Top 5
2023-10-30T16:51:57Z
Oct 30, 2023
I've got use cases where we monitor positive controls wherein something doesn't allow something to happen. It alarms when somebody changes the control.
I use IBM Security QRadar in my company for authentication of users and to block the access of a user to the internet. In my company, we have only used the basic version of the solution, and currently, we don't have a license for the product since we didn't renew it. The basic version of the solution fits my company's basic requirements.
Our clients who are implementing or trying to implement a Security Operations Center use the IBM QRadar SIEM solution. This solution helps automate incident processing and provides visibility into the incident management process.
Information Security Manager at a financial services firm with 1,001-5,000 employees
Real User
Top 5
2023-02-13T20:28:45Z
Feb 13, 2023
My use case for IBM QRadar User Behavior Analytics is to consolidate all the logs and events from a different tool so that I can see the alerts from that other tool on the dashboard. My company connects the Windows event logs to the Xfinity router deployed on the main server, but I have to make some configurations to detect activities. My team is working on reinforcing IBM QRadar User Behavior Analytics features since the solution has not been used for a while because there's a new generation of engineers in my company. My team has to reconfigure almost every screen, including IBM QRadar User Behavior Analytics.
Our primary use case is in the banking industry in two banks here in Egypt. We generally are monitoring the user behavior of the employees, For example, working after working hours, and signing into the machines after working hours.
Our primary use case for the solution is providing visibility for what occurs in our security system and IT assets. So all our event logs and information from a setting and criticality level go there. Additionally, there's AI used to trigger alerts when things are going bad, and then we can action them.
We are using IBM QRadar for log reviews, particularly logs that come and go from the IPS, firewall, etc. We have different dashboards for different technologies such as our firewall, IPS, and domains for our main website, so we use IBM QRadar to observe the logs from our website, and we try to make internal and external connections for better domain security.
We use the blocking mode and spam mode for the IPS - XGS 5000 series and use of QRadar as a SIEM Solution for logging and monitoring network security, security analysis, and monitoring for network-related attacks. The playbook is defined with identified use cases. IPS acted as an inline to the firewall. It helped to track and sniff the packet and match the details. It helped to reduce the insider and outsider attacks. The traffic is analyzed and helped users to know the patters and access level in the network and resource being used.
Lead Technical Architec at Commercial Bank of Ethiopia
Real User
2022-03-30T06:32:00Z
Mar 30, 2022
We use QRadar to collect logs and monitor user activity and traffic from one network to another. The SOC team is in a room watching the logs from the tool live most of the time. QRadar monitors all internet activity and the output of every device configured to send a log. All traffic from various networking devices passes through the QRadar servers, and we can view it live. We have two data centers, and QRadar is deployed in one. It comes with two physical appliances to allow failover capability. There's a management interface that binds them together, and we set up an interface for each device connected to the network that sends a log.
Manager SOC at a comms service provider with 10,001+ employees
Real User
2022-02-22T10:00:00Z
Feb 22, 2022
I'm an administrator. I have been leading the security operation center for the past four years. I have more than 12 members or SOC analysts for our 24/7 operations. I have been pitching the solutions to multiple customers, and I have also designed, implemented, and administered customer projects and completed them at the specified timeline. We have many use cases. The most common use cases are related to insights into any threats from the inside and outside. I have also configured X-Force with QRadar, and we are getting all the feeds showing malware-based IPs, etc. I also have designed some anomaly-based rules in case anyone has logged in from outside Pakistan. Most of the rules are custom-based.
We are a solution provider and QRadar is one of the products that we implement for our customers. The majority of our clients for IBM products are financial institutions. By law, to be compliant, they are only allowed to run the current version of any solutions that have been procured. Specifically for our area, all of the financial institutions such as banks are mandated to use the latest version. The use cases include the logging and reporting of servers. These are typically operations servers and critical servers. You can also use it to monitor network devices such as switches, routers, and firewalls. Endpoints are not included for most of the clients.
IT Solutions Product Manager at a computer software company with 11-50 employees
Real User
2022-01-31T10:42:13Z
Jan 31, 2022
I am a Product Manager. I am managing the inventory and the logs. For R&D purposes, we downloaded various SIEM solutions from the internet to analyze their performance, and QRadar was one of them. I downloaded the Community Edition of QRadar to check its capabilities and see how to integrate various log sources in our network. It is in my lab, and I have tested it with a few hardware devices and a few computers and servers.
We are using mixed solutions. We are currently working with IBM solutions and Azure system services. We are using two SIEM solutions: Azure Sentinel and QRadar. Azure Sentinel is covering our cloud-based solutions, and QRadar is covering our on-premise solutions.
Team Lead & Principal Software Engineer at a tech services company with 51-200 employees
Real User
2022-01-12T15:07:00Z
Jan 12, 2022
I deploy the IBM QRadar for many organizations, and I've been performing analyses for those organizations as well. These organizations use the tool for monitoring of their environment. It's a basic SIEM product. So we just log each and every data source, perform an analysis, and create rules. We also create advanced use cases to cater the advanced threat(s).
IBM QRadar is used to help our customers collect information. It collects the information from other tools on the firewall, network devices, cyber tools with both Carbon Black, Cortex, Cynet, and Darktrace.
The main tool for this operation center for collectings events from different devices, whatever server or network devices, such as switches and routers. It handles anything related to data that can be harmful related to security. Those events can be mapped to promote the threat, it creates another event for promoted threats. We are a service provider and we provide services to our customers. We use IBM QRadar for many types of businesses, such as banks and telecom. It has a good reputation.
Solution Security Architect at PT. Sinergy Informasi Pratama
Real User
2021-09-24T02:06:16Z
Sep 24, 2021
This is a solution you use when you have many security products that you want to manage in one monitor, one analytic. We are partners with IBM and provide implementation services to our customers. I'm a solution security architect.
Management Executive at a security firm with 11-50 employees
Real User
2021-09-07T12:23:57Z
Sep 7, 2021
We primarily use the solution for breach management. We use it for identifying rogue IPs and picking up anomalies in terms of the network traffic coming in. We've seen a year of use cases in terms of breach management and incident management. We find IBM QRadar quite relevant in terms of protecting against potential malicious traffic coming into your organization. Obviously, it is evolved, and where we're utilizing IBM QRadar is to do other analytical capabilities, which include identity and access management. We've got a unique way where we use the platform to generate a view of all your identities and access that is granted within your environment and so forth. We are able to map that using IBM QRadar, which is not a use case that is normally thought about, however, we found from an analytical point of view, this is what we can do because we get all the information we need here.
Cyber Security Services Operations Manager at a aerospace/defense firm with 501-1,000 employees
Real User
2021-08-06T10:41:11Z
Aug 6, 2021
We're a customer, partner, or reseller. We use QRadar on our own internal SOC. We are also a reseller of QRadar for some of the projects. So, we sell QRadar to customers, and we're also a partner because we have different models. We roll the product out to a customer as part of our service where we own it, but the customer is paying. We also do a full deployment that a customer owns. So, we are actually fulfilling all three roles.
Senior IT Technical Support at a training & coaching company with 1,001-5,000 employees
Real User
2021-06-24T13:07:45Z
Jun 24, 2021
The solution is primarily used for threat detection and response. QRadar can be integrated with other services from IBM such as Watson, among others. The main need is for threat detection, incident response, and dealing with threats or hunting threats. What else? I mean, it's always you're looking for threats. Usually, whoever buys this SIM solution or buys QRadar, for example, is looking for hidden threats and they get the logs to see what's happening within their system. They want a solution that looks very deep inside in order to correlate those logs and see if there's any information that they can get out of those logs or even live packets that are spanning through their networks. Therefore, it's usually threat hunting. That's the main thing, Others might use it to understand the system, and how it's performing overall. However, that's the lesser use case.
We are service providers, and we are always exploring tools to accompany existing tools. I am always searching for the best products to meet my clients' requirements. I always look to understand the technology first, learn what benefits we can get from the product, how competitive is it with other tools such as DarkTrace, and Palo Alto. We are working with this solution, but it is being managed by another vendor. We are service providers. We are providing SOC service and MSSP services for our clients. We are working on various products, not one specific product. We can provide services for any product, in fact, any security solution.
We use the solution for network behavior and log analytics. We wish to procure one for behavior analytics. I am not certain which version we are using. There is a need for a behavior analytics solution in the environment. We use the solution to highlight unusual traffic for a single particular link or even single particular user traffic.
AVP - Security at a tech services company with 501-1,000 employees
Real User
2021-06-04T12:28:39Z
Jun 4, 2021
IBM QRadar is typically deployed in a SOC environment for security monitoring. It is used for log and packet capturing. It has some supporting technology, such as data leakage prevention and data encryption.
Solution Architect Cybersecurity at a tech services company with 501-1,000 employees
Real User
2021-05-25T19:18:32Z
May 25, 2021
We use this solution for advanced threat detection, insider threat monitoring, risk and vulnerability management, and unauthorized traffic detection regarding our network. We can monitor and detect web attacks with it as well. Within our organization, there are roughly 2,000 to 3,000 employees using this solution. As of now, we don't have any plans to increase our usage of IBM QRadar.
We make some special demos that we sell to our customers. We work as a technical support L1/L2 for our customers in these cases as well. The solution allows organizations to check people who work from home or in the office. It can help a company understand who is connected from home. Sometimes people give a login and password to colleagues. The security can see the situation when someone logs in locally, and they can see a remote connection. They can see this is from the login and password. They'd be able to tell if something was shared and could dig deep to figure out if it is a breach or if it is something that has been properly shared.
Senior Solutions Architect at a manufacturing company with 51-200 employees
Real User
2021-03-05T17:23:52Z
Mar 5, 2021
We provide cloud services to the users, and we have our own cloud setup over here. The major use case is when clients require the SOC to be set up. Setting up the SOC itself is a huge investment. A customer has to invest a lot to build up the whole SOC environment, so, rather than the customer investing in the SOC environment and building up the SOC, we provide it as a service. Customers don't need to do any up-front investment. They use our service. We manage their security tools and security environment as per the compliance guidelines that come from the Indian government. We follow all those practices, and we help them procure more for their network and infrastructure.
Cybersecurity Business Development Manager at a comms service provider with 10,001+ employees
Real User
2021-02-19T06:14:15Z
Feb 19, 2021
I am currently working in the Brazilian operation of my company. I have a project in the airline industry in Brazil. This project improves the correlation of logs. There is another company I ticket to improve the solution, they have chosen to correlate the logs. We have SOC, Security Operation Center in Brazil, with 53 employees. We developed all these solutions in Brazil and it is in operation in 34 countries.
We primarily use the solution for some compliance, including military compliance such as PCIDSL, ISO 27001, and ISO 27002, and then some other specifications around them. There are also some industries that need to analyze the log and events, and then build and create some rules to put forward.
Managed Security Product at a comms service provider with 1,001-5,000 employees
Real User
2021-01-24T11:57:00Z
Jan 24, 2021
IBM QRadar is a FIM component within the security operation center we were deploying in the customer environment. We are managing their cyber defense capability.
It is used to dive deep into threat analysis. It is a SIEM solution that can be hooked up with some of the endpoint security or threat discovery solutions such as Forescout, Qualys, Sophos, and MDM. After the endpoint security or threat discovery solution discovers the threat, QRadar takes it further from that point onwards and allows you to go deep into the threat analysis. It has a lot of integrations, such as with CMDB, and it can do the asset classification. It can also tell the CVSS score. These are the capabilities or use cases.
We use QRadar to detect and gather information about any product vulnerabilities and any sort of attack on the network. It's able to help detect suspicious activity that is coming into the system. We are also selling this product.
Technical Analyst at a manufacturing company with 10,001+ employees
Real User
2022-09-30T13:51:58Z
Sep 30, 2022
Our company includes 20 senior engineers and analysts who use the solution to detect viruses on Windows servers and critical assets. We also track user activity such as connections during travel. We have many use cases and playbooks in our portfolio.
Director of Incident Response at a retailer with 10,001+ employees
Real User
2022-07-27T20:23:37Z
Jul 27, 2022
The UBA component is something that is there. However, it's something that honestly hasn't been leveraged as much. It's probably not a UBA feature like the ones we’ve used in the past. In any case, the UBA feature is there. You can look at the users and look at any risky activity or use cases. I tend to look at it. However, it's not my main source in terms of leveraging it as a UBA.
Our primary use case is logging for any anomalous traffic in terms of access times and deviations when users are in different groups within the AD. When a user deviates from their functionality, it's flagged in the UBA and for VPN traffic. I also use it for geolocation functionality. We are partners of IBM and I'm a system engineer.
Head of Cyber security analysis at DNV Poland Sp. z o.o.
Real User
2022-06-07T16:25:00Z
Jun 7, 2022
We analyze all our authentication traffic in QRadar UBA using the solution's AI module to detect and understand uncommon authentication patterns. There is also the rule logic, but we don't use that much. Instead, we mostly rely on AI to do that. In that respect, I wouldn't say we are using the product to the fullest extent because we only have the AI and what the CM is providing. We have a suite of security products, and QRadar UBA is only one source of information that we rely on. QRadar UBA collects information on 16,000 employees in the company, including when they log in and out or when they launch applications. We have a team of 10 security analysts who go into the solution to check the alarms. IBM has set the solution up so that we only need to react to the alarms. The UBA will flag it if someone does something weird, and our security team will investigate the anomaly to see if that was valid or malicious. We are currently on QRoC — short for QRadar for Cloud — so it's the latest and greatest solution. It was originally on a private cloud, but we moved to the public cloud three years ago.
Senior Marketing Specialist II at Harman International
Real User
2022-05-01T05:38:22Z
May 1, 2022
Currently, we are using only Amazon Web Services for monitoring. We have CloudTrail, GuardDuty, Avast, and some Kubernetes security we have installed on Amazon AWS. By getting these logs, we have created the uses for these components.
IBM QRadar User Behavior Analytics has a dedicated application for user behavior analytics and must be installed separately on an application server. It is valuable if you created the setup for the use cases. It needs additional customization to have a good value. You will have to point the solution to the suitable data sources that will feed the user analytics in a good manner. You will have good user behavior analytics, based on the created use cases.
Senior Manager Information Security at Conduent (formerly Xerox Services)
Real User
2020-11-27T11:20:17Z
Nov 27, 2020
We are using it from the compliance perspective. We need this solution to comply with HIPAA and PCI because our clients require HIPAA and PCI DSS compliance. We also use it for log management, primarily security logs, and to some extent, for operational activities, even though this tool is actually not meant for operational tasks. We do keep track of errors in our appliances like hardware, storage, and network switches through QRadar. The main or core solution is on-premises. There is an extended arm, which is in the cloud as well for cloud integration.
Information Security Specialist at a comms service provider with 501-1,000 employees
Real User
2020-11-25T19:59:57Z
Nov 25, 2020
We use the solution for a variety of tasks. We use it, for example, for authentication, network-related authentication, user-related tasks, and Windows UNIX servers. It's a lot. There's a ton of use cases. I really can't sync right now about every single use case, however, the main things are authentication and network-related systems and all flavors of UNIX Windows.
Pre-Sale Consultant (Technical) at a tech services company with 51-200 employees
Real User
2020-11-16T12:57:27Z
Nov 16, 2020
We are a system integrator and IBM QRadar is one of the security and monitoring products that we implement for our clients. It is used for monitoring applications such as Windows virtual desktop access (VDA) and computer-managed instruction (CMI).
We use this solution for deploying and integrating log sources and use cases. We use it to generate offensives based on normal behavior and suspicious behavior from our security tools, firewalls, and other solutions. We have applied a set of old and new rules to QRAdar that aim to detect persistent abnormalities in our environments. Within our organization, our security operations center and users from our local security team — roughly 10 to 12 users — use QRadar. We plan to expand to other areas of the company so that other people can use QRadar for different use cases. But right now only the security teams use it.
Queretaro at a tech services company with 1-10 employees
Reseller
2020-11-11T16:49:23Z
Nov 11, 2020
We do not implement this tool ourselves but have experience implementing it for our clients. There are several use cases. The two most important ones are network analysis and UBA.
Senior Manager, Security Architecture & Operation, Corporate Security at Omantel
Real User
2020-10-08T07:25:22Z
Oct 8, 2020
This is a security monitoring product and the primary use case is to detect strange behavior by users. For example, if we have a user that has not used the service for a long time and then all of a sudden, somebody logs in one night. This is not normal and the system will detect it. This is just one example of many use cases.
User Behavior Analytics is a part of IBM QRadar. It's a kind of application that can be installed over IBM QRadar SIEM. The primary use case is to detect user behavior anomalies, and through these anomalies, detect and better understand different threats and attacks.
Application Security Architect at Bank Al Habib Limited
Real User
2020-07-13T06:55:00Z
Jul 13, 2020
Our primary use case with IBM QRadar User Behavior Analytics is seeing if there are log-ins from the same ID's but from different locations, this is one use case. Or if MAC addresses keep changing, this is another use case. Lastly, if the risk level is high, like with different IP's. These are the three use cases we have.
Deputy General Manager - Network Security at a tech services company with 201-500 employees
Real User
2020-06-15T07:33:00Z
Jun 15, 2020
We use IBM QRadar for monitoring user behavior in order to baseline the user activity. Then we print use cases around those behaviors to see if anything stands out. We can then see if something is going wrong in the enrollment from a user activity point of view.
Principal Security Architect at Tech Mahindra Limited
Real User
2020-05-12T05:43:00Z
May 12, 2020
Some of these products can be used in any vertical like healthcare, manufacturing, and vehicle. You can use these products in all types of verticals. But I found that there is a limitation in central verticals. These products do not do well in central verticals.
Marketing Director at a aerospace/defense firm with 1-10 employees
Real User
2019-04-29T07:11:00Z
Apr 29, 2019
We don't have a business relationship with IBM QRadar, our relationship is a customer relationship. We use IBM QRadar as our primary security solution.
I'm the technical consultant here at ActivEdge Technologies. Our primary use case for this solution is for Security Intelligence and Event Monitoring (SIEM) p. We provide protection services models for an organization's networks through a sophisticated technology which permits a proactive security posture. We have a business relationship with IBM QRadar as well as being a partner. We are a partner and we also use this feature. It's an integrated solution. We design it to be compatible with our client's network devices to maintain real-time monitoring through a centralized console. Our clients rely on us to create value.
Vulnerability Manager at a tech services company with 51-200 employees
Reseller
2019-03-31T09:41:00Z
Mar 31, 2019
Our primary use case is to get logs mainly from firewalls, although you can also get logs from anything that can forward syslogs. We use it to sort events.
Our primary use case if for security analytics. We do investigation and security analytics, so we collect events and after collecting events we give positive security analytics to clients.
IT Security and Business Development Manager at a computer software company with 51-200 employees
Real User
2019-03-06T07:41:00Z
Mar 6, 2019
Our primary use case is for the security. We use it to make sure that the data that is being transferred from one company to the other is being done securely.
Cybersecurity Practice Lead at a tech services company with 201-500 employees
Real User
2019-03-06T07:40:00Z
Mar 6, 2019
We are using it for SIEM, for Security Information and Event Management. We're gathering the logs and doing analytics on how we are going to react to security incidents.
Senior Field Manager at a security firm with 11-50 employees
Reseller
2019-02-03T08:35:00Z
Feb 3, 2019
It is a requirement for all of the banks to have a security solution in Pakistan. That is the reason most of the banks are using it. In the last one and a half years, Pakistani companies are taking security very seriously, so for that reason, they evaluate these solutions. All in all, it's a good solution.
Information Security Manager at a comms service provider with 1,001-5,000 employees
Real User
2018-11-15T07:11:00Z
Nov 15, 2018
We are a telecom company, and we use it for IT systems, for telecom systems and on various different levels of applications. We use it for web servers, routers, firewalls, and other security components. Our SIEM solution serves technical and non technical business units including customer care, engineering, revenue assurance, and anti fraud.
Manager-Cloud Security Operations at a retailer with 10,001+ employees
Real User
2018-10-29T15:46:00Z
Oct 29, 2018
The primary use case for us is the plug and play implementation and it is pretty easy to set it up, and scale up the SIEM. It has a kind of a functionality to it.
Senior Security Architect at Larsen & Toubro Infotech Ltd.
Real User
2018-10-04T17:27:00Z
Oct 4, 2018
My primary use case is for security monitoring. We activated freeze, proxy and firewalls and we collect data from them. We receive alerts and customize that according to our customer environments.
Director of Market Enabling Solutions at Raksha Technologies Pvt Ltd
Reseller
2018-07-22T08:31:00Z
Jul 22, 2018
Its primary use case is for people who want to manage all of their logs with analytics and correlate that between different security devices whose logs are related. This solution is performing well.
In recent years, our focus has been the third-party integrations. Like most companies, we have several security products. (I hope most other companies are not relying on a single product). The challenge with a SIEM is taking the data produced by a log source and presenting it in a readable manner for technical and non-technical staff. That can be done with custom-built reports or in dashboards. With the IBM Security App Exchange you add a new extension (i.e. download from the App Exchange site) and configure it.
Security Analyst at a security firm with 11-50 employees
Real User
2018-06-11T10:36:00Z
Jun 11, 2018
SIEM solutions must be business driven. Utilizing a SIEM solution depends on your enterprise goals, from meeting compliance requirements to implementing security controls and identifying the absence of controls. A SIEM solution can also be used to improve your business and increase your sales. With QRadar, you can do all these, even if you are not a security expert. It comes with a set of default rules which makes your life easier, from ransomware attacks to DDoS attacks. Everything can be detected if your logs are properly integrated into QRadar. It gets better with extensions and other rules you install from the IBM Security App Exchange, where you can detect malicious website access (with the intent of ransomware), P2P activity, or someone spamming everything. You can be notified, then you can run scripts to make QRadar take an action. I am a security analyst working with QRadar.
Cybersecurity Engineer Consultant at a tech services company with 501-1,000 employees
Consultant
2018-06-11T06:45:00Z
Jun 11, 2018
My use case is the deployment of an X-Force successful connection with a botnet and malware website. An X-Force feed is free with QRadar. I have been using the product for three years now. I used it for six month at an internship to PoC some different SIEM and for two and a half years as an administrator. Now, I am using it as an architect.
Network and Security Technical Team Leader at a wholesaler/distributor with 201-500 employees
Real User
2018-06-03T09:17:00Z
Jun 3, 2018
We work with it in the banking sector. We had torrent limitations and big banks could join them. It has performed well. However, the limitation is not easy, so the product is not easy. You cannot get the real value of the product unless you combine it with the other products from IBM, like BigFix, the full integration of Vulnerability Management, and so on.
IBM Security QRadar (recently acquired by Palo Alto Networks) is a security and analytics platform designed to defend against threats and scale security operations. This is done through integrated visibility, investigation, detection, and response. QRadar empowers security groups with actionable insights into high-priority threats by providing visibility into enterprise security data. Through centralized visibility, security teams and analysts can determine their security stance, which...
Basically, it is a product that serves as an SIEM solution, and its main competitor is Splunk. Splunk and IBM are lookalike tools. IBM Security QRadar hosts a panel where you can feed just about anything you can think of in terms of electronics as it relates to security, along with other elements of infrastructure. The tool provides notification of events.
We use the product to customize rules and detect malicious behavior.
I have worked on several use cases, including creating custom ones. QRadar also provides built-in use cases.
The tool helps with infrastructure, application, and network monitoring.
We utilize the product for our Security Operations Center operations. Additionally, we extend its use to our customers, employing it for tasks such as threat hunting, investigation, and triage analysis.
We use IBM Security QRadar for storage. These tools are setting high tools on the usage of the logs from multiple devices. It manages millions of logs from multiple devices, such as firewalls, routers, switches, etc. The solution is stable and has better support than LogRhythm. It doesn't have multiple components or servers, troubleshooting, or remote servers. It is based on a CentOS platform, and implementation is difficult.
I use IBM Security QRadar in my company as it provides features like SIEM, SOAR, and QNI.
I've got use cases where we monitor positive controls wherein something doesn't allow something to happen. It alarms when somebody changes the control.
I use IBM Security QRadar in my company for authentication of users and to block the access of a user to the internet. In my company, we have only used the basic version of the solution, and currently, we don't have a license for the product since we didn't renew it. The basic version of the solution fits my company's basic requirements.
The product is a threat detection and response solution. It is useful for consultants or security analysts. It is an incident management tool.
Our clients who are implementing or trying to implement a Security Operations Center use the IBM QRadar SIEM solution. This solution helps automate incident processing and provides visibility into the incident management process.
My use case for IBM QRadar User Behavior Analytics is to consolidate all the logs and events from a different tool so that I can see the alerts from that other tool on the dashboard. My company connects the Windows event logs to the Xfinity router deployed on the main server, but I have to make some configurations to detect activities. My team is working on reinforcing IBM QRadar User Behavior Analytics features since the solution has not been used for a while because there's a new generation of engineers in my company. My team has to reconfigure almost every screen, including IBM QRadar User Behavior Analytics.
Checks the quantity (and quality) of use cases for a specific sector (financial, for example) and connectors.
Our primary use case is in the banking industry in two banks here in Egypt. We generally are monitoring the user behavior of the employees, For example, working after working hours, and signing into the machines after working hours.
Our primary use case for the solution is providing visibility for what occurs in our security system and IT assets. So all our event logs and information from a setting and criticality level go there. Additionally, there's AI used to trigger alerts when things are going bad, and then we can action them.
We are using IBM QRadar for log reviews, particularly logs that come and go from the IPS, firewall, etc. We have different dashboards for different technologies such as our firewall, IPS, and domains for our main website, so we use IBM QRadar to observe the logs from our website, and we try to make internal and external connections for better domain security.
We use the blocking mode and spam mode for the IPS - XGS 5000 series and use of QRadar as a SIEM Solution for logging and monitoring network security, security analysis, and monitoring for network-related attacks. The playbook is defined with identified use cases. IPS acted as an inline to the firewall. It helped to track and sniff the packet and match the details. It helped to reduce the insider and outsider attacks. The traffic is analyzed and helped users to know the patters and access level in the network and resource being used.
We use QRadar to collect logs and monitor user activity and traffic from one network to another. The SOC team is in a room watching the logs from the tool live most of the time. QRadar monitors all internet activity and the output of every device configured to send a log. All traffic from various networking devices passes through the QRadar servers, and we can view it live. We have two data centers, and QRadar is deployed in one. It comes with two physical appliances to allow failover capability. There's a management interface that binds them together, and we set up an interface for each device connected to the network that sends a log.
I am an integrator of this solution, my customers use this as a SIEM solution for log management.
I'm an administrator. I have been leading the security operation center for the past four years. I have more than 12 members or SOC analysts for our 24/7 operations. I have been pitching the solutions to multiple customers, and I have also designed, implemented, and administered customer projects and completed them at the specified timeline. We have many use cases. The most common use cases are related to insights into any threats from the inside and outside. I have also configured X-Force with QRadar, and we are getting all the feeds showing malware-based IPs, etc. I also have designed some anomaly-based rules in case anyone has logged in from outside Pakistan. Most of the rules are custom-based.
We are a solution provider and QRadar is one of the products that we implement for our customers. The majority of our clients for IBM products are financial institutions. By law, to be compliant, they are only allowed to run the current version of any solutions that have been procured. Specifically for our area, all of the financial institutions such as banks are mandated to use the latest version. The use cases include the logging and reporting of servers. These are typically operations servers and critical servers. You can also use it to monitor network devices such as switches, routers, and firewalls. Endpoints are not included for most of the clients.
I am a Product Manager. I am managing the inventory and the logs. For R&D purposes, we downloaded various SIEM solutions from the internet to analyze their performance, and QRadar was one of them. I downloaded the Community Edition of QRadar to check its capabilities and see how to integrate various log sources in our network. It is in my lab, and I have tested it with a few hardware devices and a few computers and servers.
We are using mixed solutions. We are currently working with IBM solutions and Azure system services. We are using two SIEM solutions: Azure Sentinel and QRadar. Azure Sentinel is covering our cloud-based solutions, and QRadar is covering our on-premise solutions.
I deploy the IBM QRadar for many organizations, and I've been performing analyses for those organizations as well. These organizations use the tool for monitoring of their environment. It's a basic SIEM product. So we just log each and every data source, perform an analysis, and create rules. We also create advanced use cases to cater the advanced threat(s).
IBM QRadar is used to help our customers collect information. It collects the information from other tools on the firewall, network devices, cyber tools with both Carbon Black, Cortex, Cynet, and Darktrace.
QRadar is our SIEM solution. Our use cases include authentication between logins, database security, monitoring, and user behavior analytics.
We primarily use QRadar for monitoring and preparing use cases. This solution is deployed on-prem.
We are users and implementers of this solution.
We use IBM QRadar for user behavior analytics and incident handling.
I use IBM QRadar for user behavior analytics, and mostly incident handling.
The main tool for this operation center for collectings events from different devices, whatever server or network devices, such as switches and routers. It handles anything related to data that can be harmful related to security. Those events can be mapped to promote the threat, it creates another event for promoted threats. We are a service provider and we provide services to our customers. We use IBM QRadar for many types of businesses, such as banks and telecom. It has a good reputation.
We use this solution both in our company and those of our clients. We are resellers of QRadar.
This is a solution you use when you have many security products that you want to manage in one monitor, one analytic. We are partners with IBM and provide implementation services to our customers. I'm a solution security architect.
I use QRadar for cybersecurity defense, operation, and to improve performances.
Our primary use case is for monitoring global infrastructure.
We primarily use the solution for breach management. We use it for identifying rogue IPs and picking up anomalies in terms of the network traffic coming in. We've seen a year of use cases in terms of breach management and incident management. We find IBM QRadar quite relevant in terms of protecting against potential malicious traffic coming into your organization. Obviously, it is evolved, and where we're utilizing IBM QRadar is to do other analytical capabilities, which include identity and access management. We've got a unique way where we use the platform to generate a view of all your identities and access that is granted within your environment and so forth. We are able to map that using IBM QRadar, which is not a use case that is normally thought about, however, we found from an analytical point of view, this is what we can do because we get all the information we need here.
We are using IBM QRadar for threat protection and management.
I was initially a reseller before selling the solution from within IBM. I'm currently a freelance security sales consultant.
We're a customer, partner, or reseller. We use QRadar on our own internal SOC. We are also a reseller of QRadar for some of the projects. So, we sell QRadar to customers, and we're also a partner because we have different models. We roll the product out to a customer as part of our service where we own it, but the customer is paying. We also do a full deployment that a customer owns. So, we are actually fulfilling all three roles.
We use IBM QRadar to monitor security logs across the network.
We use IBM QRadar for threat protection.
We have a POC environment but have not onboard it to any of our clients.
We are using the current version.
This product helps to build a strong architecture, which is important to avoid problems.
The solution is primarily used for threat detection and response. QRadar can be integrated with other services from IBM such as Watson, among others. The main need is for threat detection, incident response, and dealing with threats or hunting threats. What else? I mean, it's always you're looking for threats. Usually, whoever buys this SIM solution or buys QRadar, for example, is looking for hidden threats and they get the logs to see what's happening within their system. They want a solution that looks very deep inside in order to correlate those logs and see if there's any information that they can get out of those logs or even live packets that are spanning through their networks. Therefore, it's usually threat hunting. That's the main thing, Others might use it to understand the system, and how it's performing overall. However, that's the lesser use case.
We are service providers, and we are always exploring tools to accompany existing tools. I am always searching for the best products to meet my clients' requirements. I always look to understand the technology first, learn what benefits we can get from the product, how competitive is it with other tools such as DarkTrace, and Palo Alto. We are working with this solution, but it is being managed by another vendor. We are service providers. We are providing SOC service and MSSP services for our clients. We are working on various products, not one specific product. We can provide services for any product, in fact, any security solution.
This a Security Information and Event Management (SIEM) solution and we use it for many purposes.
We use the solution for network behavior and log analytics. We wish to procure one for behavior analytics. I am not certain which version we are using. There is a need for a behavior analytics solution in the environment. We use the solution to highlight unusual traffic for a single particular link or even single particular user traffic.
IBM QRadar is typically deployed in a SOC environment for security monitoring. It is used for log and packet capturing. It has some supporting technology, such as data leakage prevention and data encryption.
There are many use cases for this solution. One example is we are using this solution to monitor user site access to band sites.
We use this solution for advanced threat detection, insider threat monitoring, risk and vulnerability management, and unauthorized traffic detection regarding our network. We can monitor and detect web attacks with it as well. Within our organization, there are roughly 2,000 to 3,000 employees using this solution. As of now, we don't have any plans to increase our usage of IBM QRadar.
We make some special demos that we sell to our customers. We work as a technical support L1/L2 for our customers in these cases as well. The solution allows organizations to check people who work from home or in the office. It can help a company understand who is connected from home. Sometimes people give a login and password to colleagues. The security can see the situation when someone logs in locally, and they can see a remote connection. They can see this is from the login and password. They'd be able to tell if something was shared and could dig deep to figure out if it is a breach or if it is something that has been properly shared.
We are a product-based organization. We use this solution for a shared SOC service and security audits and compliance.
We are a service provider and we are providing the solution as a managed service for multitenancy security.
We mostly use the product for PCI compliance.
We provide cloud services to the users, and we have our own cloud setup over here. The major use case is when clients require the SOC to be set up. Setting up the SOC itself is a huge investment. A customer has to invest a lot to build up the whole SOC environment, so, rather than the customer investing in the SOC environment and building up the SOC, we provide it as a service. Customers don't need to do any up-front investment. They use our service. We manage their security tools and security environment as per the compliance guidelines that come from the Indian government. We follow all those practices, and we help them procure more for their network and infrastructure.
Depending on the organization's needs the solution can monitor different types of security through logs.
I am currently working in the Brazilian operation of my company. I have a project in the airline industry in Brazil. This project improves the correlation of logs. There is another company I ticket to improve the solution, they have chosen to correlate the logs. We have SOC, Security Operation Center in Brazil, with 53 employees. We developed all these solutions in Brazil and it is in operation in 34 countries.
We are using QRadar as a managed service.
We primarily use the solution for log collection and security incidents as well as event management.
We primarily use the solution for some compliance, including military compliance such as PCIDSL, ISO 27001, and ISO 27002, and then some other specifications around them. There are also some industries that need to analyze the log and events, and then build and create some rules to put forward.
We used this product as a SIEM, for information security.
IBM QRadar is a FIM component within the security operation center we were deploying in the customer environment. We are managing their cyber defense capability.
I am a system integrator. We have installed it on-premises, on the cloud, in distributed environments, and all other environments for our clients.
The primary use case of this solution is for monitoring an enterprise data center, globally for 12,000 devices.
It is used to dive deep into threat analysis. It is a SIEM solution that can be hooked up with some of the endpoint security or threat discovery solutions such as Forescout, Qualys, Sophos, and MDM. After the endpoint security or threat discovery solution discovers the threat, QRadar takes it further from that point onwards and allows you to go deep into the threat analysis. It has a lot of integrations, such as with CMDB, and it can do the asset classification. It can also tell the CVSS score. These are the capabilities or use cases.
We primarily use the solution to develop software, for some device controllers.
We have a lot of use cases with IBM QRadar, but our primary use is for monitoring traffic and detecting tricks.
We use QRadar to detect and gather information about any product vulnerabilities and any sort of attack on the network. It's able to help detect suspicious activity that is coming into the system. We are also selling this product.
Our company includes 20 senior engineers and analysts who use the solution to detect viruses on Windows servers and critical assets. We also track user activity such as connections during travel. We have many use cases and playbooks in our portfolio.
The UBA component is something that is there. However, it's something that honestly hasn't been leveraged as much. It's probably not a UBA feature like the ones we’ve used in the past. In any case, the UBA feature is there. You can look at the users and look at any risky activity or use cases. I tend to look at it. However, it's not my main source in terms of leveraging it as a UBA.
Our primary use case is logging for any anomalous traffic in terms of access times and deviations when users are in different groups within the AD. When a user deviates from their functionality, it's flagged in the UBA and for VPN traffic. I also use it for geolocation functionality. We are partners of IBM and I'm a system engineer.
We analyze all our authentication traffic in QRadar UBA using the solution's AI module to detect and understand uncommon authentication patterns. There is also the rule logic, but we don't use that much. Instead, we mostly rely on AI to do that. In that respect, I wouldn't say we are using the product to the fullest extent because we only have the AI and what the CM is providing. We have a suite of security products, and QRadar UBA is only one source of information that we rely on. QRadar UBA collects information on 16,000 employees in the company, including when they log in and out or when they launch applications. We have a team of 10 security analysts who go into the solution to check the alarms. IBM has set the solution up so that we only need to react to the alarms. The UBA will flag it if someone does something weird, and our security team will investigate the anomaly to see if that was valid or malicious. We are currently on QRoC — short for QRadar for Cloud — so it's the latest and greatest solution. It was originally on a private cloud, but we moved to the public cloud three years ago.
Currently, we are using only Amazon Web Services for monitoring. We have CloudTrail, GuardDuty, Avast, and some Kubernetes security we have installed on Amazon AWS. By getting these logs, we have created the uses for these components.
IBM QRadar User Behavior Analytics has a dedicated application for user behavior analytics and must be installed separately on an application server. It is valuable if you created the setup for the use cases. It needs additional customization to have a good value. You will have to point the solution to the suitable data sources that will feed the user analytics in a good manner. You will have good user behavior analytics, based on the created use cases.
The primary use case of this solution is for monitoring the network.
We are using it from the compliance perspective. We need this solution to comply with HIPAA and PCI because our clients require HIPAA and PCI DSS compliance. We also use it for log management, primarily security logs, and to some extent, for operational activities, even though this tool is actually not meant for operational tasks. We do keep track of errors in our appliances like hardware, storage, and network switches through QRadar. The main or core solution is on-premises. There is an extended arm, which is in the cloud as well for cloud integration.
We use the solution for a variety of tasks. We use it, for example, for authentication, network-related authentication, user-related tasks, and Windows UNIX servers. It's a lot. There's a ton of use cases. I really can't sync right now about every single use case, however, the main things are authentication and network-related systems and all flavors of UNIX Windows.
We are a system integrator and IBM QRadar is one of the security and monitoring products that we implement for our clients. It is used for monitoring applications such as Windows virtual desktop access (VDA) and computer-managed instruction (CMI).
We use this solution for deploying and integrating log sources and use cases. We use it to generate offensives based on normal behavior and suspicious behavior from our security tools, firewalls, and other solutions. We have applied a set of old and new rules to QRAdar that aim to detect persistent abnormalities in our environments. Within our organization, our security operations center and users from our local security team — roughly 10 to 12 users — use QRadar. We plan to expand to other areas of the company so that other people can use QRadar for different use cases. But right now only the security teams use it.
We do not implement this tool ourselves but have experience implementing it for our clients. There are several use cases. The two most important ones are network analysis and UBA.
This is a security monitoring product and the primary use case is to detect strange behavior by users. For example, if we have a user that has not used the service for a long time and then all of a sudden, somebody logs in one night. This is not normal and the system will detect it. This is just one example of many use cases.
User Behavior Analytics is a part of IBM QRadar. It's a kind of application that can be installed over IBM QRadar SIEM. The primary use case is to detect user behavior anomalies, and through these anomalies, detect and better understand different threats and attacks.
Our primary use case with IBM QRadar User Behavior Analytics is seeing if there are log-ins from the same ID's but from different locations, this is one use case. Or if MAC addresses keep changing, this is another use case. Lastly, if the risk level is high, like with different IP's. These are the three use cases we have.
The first thing that we implemented for user behavior was to find out whether somebody is logging in at odd hours. It studies user behavior.
We use IBM QRadar for monitoring user behavior in order to baseline the user activity. Then we print use cases around those behaviors to see if anything stands out. We can then see if something is going wrong in the enrollment from a user activity point of view.
Some of these products can be used in any vertical like healthcare, manufacturing, and vehicle. You can use these products in all types of verticals. But I found that there is a limitation in central verticals. These products do not do well in central verticals.
Our primary use case is intrusion prevention and detection. We also use this solution for compliance and assisting in network troubleshooting for IT.
We use this solution for log correlation and alerting.
We are a cybersecurity service provider, and I manage the QRadar service for my customers.
Our primary use for this solution is to collect and correlate our logs. We also create appropriate alarms based on the contents of the logs.
The primary use of the solution in our deployment was for threat detection.
We are a partner and provide this solution to our customers.
We don't have a business relationship with IBM QRadar, our relationship is a customer relationship. We use IBM QRadar as our primary security solution.
We are a reseller of this solution. We have numerous uses cases all dependant on the needs of our customers.
Our primary use case for this solution is compliance.
Our primary use case for this solution for the management of our security services, and our NOC (Network Operations Center) services.
I'm the technical consultant here at ActivEdge Technologies. Our primary use case for this solution is for Security Intelligence and Event Monitoring (SIEM) p. We provide protection services models for an organization's networks through a sophisticated technology which permits a proactive security posture. We have a business relationship with IBM QRadar as well as being a partner. We are a partner and we also use this feature. It's an integrated solution. We design it to be compatible with our client's network devices to maintain real-time monitoring through a centralized console. Our clients rely on us to create value.
We are partners with IBM. We do simulations for our clients. Then we resolve the issue that they're facing using IBM QRadar.
Our primary use case is to get logs mainly from firewalls, although you can also get logs from anything that can forward syslogs. We use it to sort events.
We use it to detect security incidents.
Our primary use case if for security analytics. We do investigation and security analytics, so we collect events and after collecting events we give positive security analytics to clients.
Our primary use case is for the security. We use it to make sure that the data that is being transferred from one company to the other is being done securely.
We are using it for SIEM, for Security Information and Event Management. We're gathering the logs and doing analytics on how we are going to react to security incidents.
The primary use case is for insurance and product manufacturing. We use it to create rules and Windows firewalls.
I use it to analyze incidents.
Our primary use case of this solution is to identify threats.
Our primary use case of this solution is for our customer's operations.
It is a requirement for all of the banks to have a security solution in Pakistan. That is the reason most of the banks are using it. In the last one and a half years, Pakistani companies are taking security very seriously, so for that reason, they evaluate these solutions. All in all, it's a good solution.
We are a telecom company, and we use it for IT systems, for telecom systems and on various different levels of applications. We use it for web servers, routers, firewalls, and other security components. Our SIEM solution serves technical and non technical business units including customer care, engineering, revenue assurance, and anti fraud.
The primary use case for us is the plug and play implementation and it is pretty easy to set it up, and scale up the SIEM. It has a kind of a functionality to it.
My primary use case is for security monitoring. We activated freeze, proxy and firewalls and we collect data from them. We receive alerts and customize that according to our customer environments.
My primary use case for this solution is to monitor security events in our cloud environment.
* CRM and billing system * 100 multiple technology servers: Windows AD, Linux, HP-UX, etc. * 40 firewall multiple routers * Cisco Nexus switches
It is under a non-disclosure agreement (NDA).
Its primary use case is for people who want to manage all of their logs with analytics and correlate that between different security devices whose logs are related. This solution is performing well.
In recent years, our focus has been the third-party integrations. Like most companies, we have several security products. (I hope most other companies are not relying on a single product). The challenge with a SIEM is taking the data produced by a log source and presenting it in a readable manner for technical and non-technical staff. That can be done with custom-built reports or in dashboards. With the IBM Security App Exchange you add a new extension (i.e. download from the App Exchange site) and configure it.
* Origination process in banks. * Insurance claims on insurance companies.
I used the IBM QRadar product from 2015 until 2017.
SIEM solutions must be business driven. Utilizing a SIEM solution depends on your enterprise goals, from meeting compliance requirements to implementing security controls and identifying the absence of controls. A SIEM solution can also be used to improve your business and increase your sales. With QRadar, you can do all these, even if you are not a security expert. It comes with a set of default rules which makes your life easier, from ransomware attacks to DDoS attacks. Everything can be detected if your logs are properly integrated into QRadar. It gets better with extensions and other rules you install from the IBM Security App Exchange, where you can detect malicious website access (with the intent of ransomware), P2P activity, or someone spamming everything. You can be notified, then you can run scripts to make QRadar take an action. I am a security analyst working with QRadar.
My use case is the deployment of an X-Force successful connection with a botnet and malware website. An X-Force feed is free with QRadar. I have been using the product for three years now. I used it for six month at an internship to PoC some different SIEM and for two and a half years as an administrator. Now, I am using it as an architect.
We work with it in the banking sector. We had torrent limitations and big banks could join them. It has performed well. However, the limitation is not easy, so the product is not easy. You cannot get the real value of the product unless you combine it with the other products from IBM, like BigFix, the full integration of Vulnerability Management, and so on.
Find the malicious activity via filter, don't rely on the rules which trigger the offenses and fix the suspicious activities.