Share your experience using Snare

Our main use case for Datadog is that we heavily rely on it for our infrastructure monitoring and application monitoring, including some of the browser-based application monitoring, which is RUM.

A specific example of how we use Datadog for monitoring is that we monitor our infrastructure CPU and memory utilization. Sometimes we see slowness and figure out CPU utilization was near the threshold, around 90-95%, which helped us to resolve the issue, underlying SQL problem, and that helped us to troubleshoot the issue.

In addition to our main use case, we also use RUM monitoring and synthetic monitoring, which really help us to look at our end-user sessions and proactively solve any slowness or errors spiking up.

The best feature that Datadog offers is infrastructure monitoring, where it can look at the CPU utilization, different process utilization, all the processes which are running, and alert us in advance if things are going beyond normal threshold.

I think everything about the features of Datadog is amazing. Datadog provides details up to the transactions. We can look at the transaction log too for the application, which is really helpful.

Datadog has impacted our organization positively since we were previously using AppDynamics and then we switched to Datadog. It has improved a lot in our alerting and monitoring in the infrastructure space and application space. We can monitor business transactions and take proactive action. It is really great to take actions on the issues before an end user reports it, which is a great advantage for us.

The world is moving toward artificial intelligence, so maybe we can have an inbuilt AI agent within Datadog, or maybe it exists and I have not used it.

The AI aspect would be great where we would not need to go and look at different transactions or different modules of Datadog, as AI can actually provide the data to us on Datadog UI. If we need more details, it could have a link to go to that specific module to look at more details for the application and infrastructure monitoring and alerts.

I have been using Datadog for three years now.

Datadog is stable for our organization, and we have not seen any downtime or issues so far.

Datadog's scalability has been great as it has been able to grow with our needs. As per our need, we are able to utilize different modules and there was never any need where we needed to scale anything else. We have limited our transition recording to 45 days, which helps. That is what our need is. It is really helpful and nothing additional is needed.

We reached out to Datadog only once to find out our AMI images, which we needed for our infrastructure as a code component, and it was a great experience. We got the required information and that helped us.

Neutral

Before Datadog, we previously used OpsRamp and also AppDynamics, and both of the tools we retired and moved to Datadog due to our enterprise approach to consolidate overall monitoring to Datadog.

I gave Datadog a nine out of ten because it is amazing. All the features and functionalities are amazing. The ease of implementation was a bit difficult for us for the database servers where we have different kinds of databases. We needed different kinds of agents to be installed, and that was a bit tricky for us. I think it is not on Datadog but it is about our complex infrastructure where we have a different set of infrastructure in place, so that created a bit of trouble during the implementation.

Since using Datadog, we have seen a return on investment with a lot of savings around infrastructure monitoring, and also on the people needed to monitor overall application and infrastructure on both sides. Previously we had thirteen contractors doing the monitoring for us, which is now reduced to only five. That is a huge saving.

We did not evaluate other options before choosing Datadog, we went with Datadog directly.

My advice for others looking into using Datadog is to keep exploring the tool and utilize the different modules and the different functionalities of features Datadog offers. There are multiple features and functionalities available with the Datadog agents which are really helpful and powerful to troubleshoot, alert, and monitor both applications and infrastructure.

So far, all the features I have used in Datadog are amazing. It captures all the logging information which I have, and I can include the links of Datadog transactions on my Splunk logs. It is integrated with Splunk and other platforms, which is great.

On a scale of one to ten, I rate Datadog a nine.

I have worked on several use cases, including creating custom ones. QRadar also provides built-in use cases.

Once integrated, you gain comprehensive visibility into all threats. The user behavior analytics module is particularly strong, and adding features allowing integration with third-party threat intelligence services enhances the analysts' ability to identify threats.

The best aspect of Pareto is its user-friendliness. Unlike other solutions requiring query language knowledge, Pareto is entirely GUI-based. This makes it easy to use and understand without learning any query languages.

People are increasingly moving towards big data tools, so QRadar needs to enhance its compatibility. For example, QRadar does not integrate with SAP HANA, widely used in large industries. Similarly, QRadar lacks support for integrating with Fortinet's firewall management services, resulting in limited visibility.

It is still in its early stages. AI analytics require further development because, in my experience, they often generate false positive alerts.

I have been using IBM Security QRadar for seven years.

It is very much stable.

On-premises deployments can be challenging to scale. In contrast, cloud solutions offer much greater scalability; you simply place an order for the required EPS, get approval, and then proceed. This process is more straightforward and faster than on-premises setups.

The initial setup is user-friendly and straightforward, making deployment easy. However, compatibility issues with other security controls still need to be addressed. It provides a 35-day period for project enablement. This timeframe is too short and should be extended to 45 or 50 days.

When deploying QRadar on-premises, we assess the organization's size to determine the required number of UPS units, application servers, and other necessary hardware. Once these requirements are identified, we proceed with the deployment.

We face challenges in the deployment phase, especially when working with an MSSP license. The main issue is with QRadar's multi-tenancy, which often causes the system to crash. Their support services are not very helpful in addressing these problems.

We allocate two working days for the deployment of QRadar for our customers. Our team includes a senior engineer who communicates with the client and a junior engineer responsible for deploying and installing other services.

The deployment time can vary based on the size of the setup. Large deployments, such as those with 20,000 to 25,000 EPS for corporate clients, take longer due to the need for multiple hardware servers. In such cases, it can take several days. QRadar can be installed in about three to four hours for smaller setups.

The price is lower than Splunk but remains high compared to other SIEMs like LogRhythm, Elastic, and RSA. For example, 1,000 EPS costs around $55,000. While it's somewhat more affordable than Splunk, it is still higher than LogRhythm, Elastic, and RSA.

QRadar offers a clean solution with straightforward integration for various devices. Once you define your scope, you effectively gain visibility into it. When comparing QRadar to other SIEM solutions like GloD and Splunk, QRadar lags behind other modern advancements. While new SIEM solutions focus on data lakes and big data, QRadar continues to rely on traditional correlation modules.

QRadar should prioritize R&D and product improvement. Their support services have also declined and need attention.

In QRadar's user behavior analytics, we observed an alert triggered by an unusual login attempt from one of our administrators. While monitoring alerts during my shift, QRadar's anomaly-based detection identified a login attempt outside normal hours. The system detected this as a deviation from the established baseline since the administrator had never logged in at that time before. This triggered the alert, helping us identify the compromised account.

QRadar requires ongoing maintenance, and running it effectively often depends on support from engineers. Unlike big data tools, QRadar can struggle with integration and may require fine-tuning, restarts, or troubleshooting if issues arise. Since its merger with other companies, we've encountered many problems and have experienced delays in receiving timely technical support.

You don’t need to learn any additional tools to use the system. It allows you to create dashboards from a management perspective, and its user behavior analytics work very well, although the AI analytics module is still developing.

When handling compliance requests or forensic investigations, an SIEM solution like QRadar is essential. It helps pull up logs and identify what happened during incidents or breaches.

The time required for investigation depends entirely on the impact of the attack. Sometimes, only a single device or network is compromised, which may be resolved quickly. However, the investigation takes longer in cases where the scope is broader, involving multiple devices and networks. The timeframe is driven by the extent of the incident, not just by QRadar.

QRadar is a good product. In Pakistan, many financial sectors are starting to shift towards other solutions. In South Asia, particularly Pakistan, has a growing trend towards Splunk. Similarly, there is a shift towards Splunk, LogRhythm, and RSA in the Gulf region. 

Overall, I rate the solution a seven out of ten.