IBM QRadar Advisor with Watson OverviewUNIXBusinessApplication

IBM QRadar Advisor with Watson is the #12 ranked solution in top User Behavior Analytics - UEBA tools. PeerSpot users give IBM QRadar Advisor with Watson an average rating of 7.6 out of 10. IBM QRadar Advisor with Watson is most commonly compared to Securonix Next-Gen SIEM: IBM QRadar Advisor with Watson vs Securonix Next-Gen SIEM.
IBM QRadar Advisor with Watson Buyer's Guide

Download the IBM QRadar Advisor with Watson Buyer's Guide including reviews and more. Updated: March 2023

What is IBM QRadar Advisor with Watson?

Security analysts feel the pressures of lack of cybersecurity talent and job fatigue and are often unable to manage the enormous volume of insights day-to-day. This leaves businesses vulnerable to unaddressed security threats. Enter QRadar Advisor with Watson. It automates routine SOC tasks, finds commonalities across investigations and provides actionable feedback to analysts, freeing them up to focus on more important elements of the investigation and increase analyst efficiency. See how QRadar Advisor with Watson can force multiply your team’s efforts to drive consistent and deeper investigation and reduce dwell times.

IBM QRadar Advisor with Watson Customers
Cargills Bank, Smarttech

IBM QRadar Advisor with Watson Pricing Advice

What users are saying about IBM QRadar Advisor with Watson pricing:
  • "The solution is costly and the price differs depending on the vendor you use."
  • "I think my company pays for the license yearly."
  • IBM QRadar Advisor with Watson Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Cyber Security Specialist at a tech vendor with 10,001+ employees
    Real User
    Top 20
    Good dashboard and helpful third-party plugins but technical support could be better
    Pros and Cons
    • "There are other third-party plugins that we can use."
    • "The AQL queries could be better."

    What is most valuable?

    There is a Pulse dashboard that they have. From a reporting perspective, we'll be creating dashboards based on the pulse functionalities. 

    There are other third-party plugins that we can use as well. We can initiate in the QRadar platform, however, Pulse is one of the most user-friendly options. 

    Along with that, there are out the box rules and out the box dashboards that we have available to us. Mostly what we are concentrating on is creating the rules and fine-tuning the rules to align properly with the customer infrastructure depending upon the customer's requirements. Pulse, UEBA, and NBAD are the features that are the best. They are the most useful from a SOC manager perspective.

    What needs improvement?

    The AQL queries could be better. With the queries, there's an option for you to create dashboards based on the queries that they have. The documentation that is available for AQL queries is not well received. They could maybe look at how Microsoft is leveraging AQLs from a Sentinel perspective and create more documentation and training materials and make those more available to the general public.

    They have to facilitate more learning opportunities. Microsoft has something called Playground where you have some sample logs and where you can learn how to work on all this stuff, however, there is nothing like that for IBM. They really could make it more generalized and accessible to the general analyst population.

    Technical support should be improved.

    For how long have I used the solution?

    In terms of QRadar, I've used it for close to two years. I worked for a customer that is a managed security service provider. What we do is we will provide SOC as a service and QRadar. IBM is one of the partners that we have. Depending upon the customer considerations and customer preferences, we will either engage QRadar or Sentinel according to the customer preferences. Splunk and LogRhythm we also use on an as-needed basis. 

    What do I think about the stability of the solution?

    What they have claimed is 99.5% uptime. However, I'm not very sure whether there's an implementation problem or not. Sometimes the system gets hung and then we have to restart everything from the scratch. You have got these multi printing options, though not functionally. Sometimes it gets some jitters there. Sometimes there are cases where we are finding it very difficult to get into the system as there can be three or four people logging into the same platform at the same time and sometimes the reduces the speed a lot.

    Buyer's Guide
    IBM QRadar Advisor with Watson
    March 2023
    Learn what your peers think about IBM QRadar Advisor with Watson. Get advice and tips from experienced pros sharing their opinions. Updated: March 2023.
    688,083 professionals have used our research since 2012.

    What do I think about the scalability of the solution?

    From an architect implementation perspective, the role that I have played is very limited. I'm not very sure about scaling. I'm not in a position to comment on that part. That said, once everything is implemented, I've noted that it's not as scalable as Sentinel or Splunk on the cloud, for sure. That is the same for LogRhythm and QRadar. Obviously, cloud-hosted applications will be more scalable and more resilient.

    How are customer service and support?

    Technical support is something that has always been an issue for us. We have to raise a ticket and the products team will be available, however, depending upon the criticality, sometimes the support is not very easily accessible on weekends and on Friday evenings.

    Which solution did I use previously and why did I switch?

    I've also worked with Sentinel, Splunk, QRadar, and LogRhythm. 

    How was the initial setup?

    Compared to Sentinel, the initial setup is a bit complex. Depending upon whether you're going ahead with the cloud version or on-prem version, there is human involvement, however, normally everything is done by the platform engineer. I don't have to get my head into that part. Once everything is up and running, that is when we have to start working from our side. I'm sure it is more complex than a plug-and-play Sentinel, where connectors are easily available and just have to click, click and get things done.

    The administration and maintenance would be two or three people depending upon the availability. I'm not very sure about troubleshooting. I'm coming at the solution from a user perspective. I'm more concerned with the rule fine-tuning and rule-building part. That kind of troubleshooting will be done with the platform team, which specializes in that. 

    What's my experience with pricing, setup cost, and licensing?

    Licensing is mostly dependent on the EPS, events per second. Depending upon the number of products that are integrated with the platform, we have to come to an optimal EPS value. I'm not very sure about the financials, however, the licensing cost cannot be as much as that for Sentinel, which is not very low. For customers who need medium EPS values, we advise QRadar.

    The basic out the box cost covers, the EPS value that you have specified, and then some archiving maybe. It should include at least six months of archiving and other functionalities. Most of the customers will go for the standard package and we don't have to go for extra archival or enhanced DPS. 10% to 15% of DPS can always be increased. It will not completely shut down the system, however, it'll start sending us notifications that the DPS is getting increased and then we can go for a higher licensing.

    What other advice do I have?

    The version we use depends on when the customer is onboarded. Whenever recent onboarding takes place, we use the most up-to-date versions. However, there are customers that we have been facilitating for the past two or two and a half years and they might be using the previous versions. There are proper version upgrades that happen on a quarterly basis. 

    I'd rate the solution seven out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    IM Operations Manager at a tech services company with 1,001-5,000 employees
    Real User
    Top 5
    Reliable, suitable for large enterprises, but could be more user-friendly
    Pros and Cons
    • "IBM QRadar Advisor with Watson is a stable solution."
    • "IBM QRadar Advisor with Watson could be more user-friendly. You need some skills and understanding of what you're looking at, especially if you're going to draw down specific information."

    What is our primary use case?

    IBM QRadar Advisor with Watson is aligned with regards to what's happening in the public space in terms of the Phishing attacks that we are seeing prevalent in the market. In the campaigns that which hackers are trying to obtain information, the use cases are very practical. The solution offers quite a bit of protection.  

    What needs improvement?

    IBM QRadar Advisor with Watson could be more user-friendly. You need some skills and understanding of what you're looking at, especially if you're going to draw down specific information.

    Massive improvement is required in reporting. IBM QRadar Advisor with Watson is not a tool that is known for its reporting capability. It's a highly operational tool that you use for monitoring, you can sit and you can watch your alerts, whether it's flows or EPS, and you set up your playbooks directly. It is not a reporting tool. It is the worst possible tool to ever expect any reporting. It's unfortunate it's not a great reporting tool.

    In a future release, there could be a bit more intelligence in terms of predictive accuracy and overall predictions. I haven't been too close in the last two, three, or four months, but I certainly would expect that their technology would be simplified to provide predictive analytics as opposed to retrospective looking back and analyzing past historic data.

    For how long have I used the solution?

    I have been using IBM QRadar Advisor with Watson for approximately 10 years.

    What do I think about the stability of the solution?

    IBM QRadar Advisor with Watson is a stable solution.

    What do I think about the scalability of the solution?

    IBM QRadar Advisor with Watson is best suited for large enterprises.

    How are customer service and support?

    The support from IBM is not great at all. They can offer much better aftermarket support. They don't respond in a timely manner and it's such a challenge to have IBM respond. You have to follow their due diligence process when logging a call on their portal, you need access to their portal, and you have to provide detailed logs, et cetera. If their problem is always about integration, they have to get to the vendors. They can always enhance their support.

    I would rate the support from IBM QRadar Advisor with Watson a two out of five.

    They do respond but it depends on many factors, such as urgency. When we had an issue with Microsoft integration it took us six weeks to have a solution to the problem.

    How was the initial setup?

    IBM QRadar Advisor with Watson's initial setup is not straightforward. You have to set up your network infrastructure, IP range, and firewalls, and make sure everything is secure. There's nothing easy about that.

    What about the implementation team?

    You need application and hardware leads, firewall administrators, network engineers, and server administrators to complete the implementation.

    What other advice do I have?

    My advice to others is to shop around because IBM QRadar Advisor with Watson is not for small enterprises, it's aimed at your larger environments that have a multitude of infrastructure and networks that are hybrid across different environments. It integrates into quite a few tools, such as your email system, and file systems. 

    This tool is not for everybody. IBM doesn't have the sort of tool that helps a five, ten, or twenty user environment. This is not advisable to go and invest in the solution. There are other tools that you could possibly look at that do probably some of the functions in terms of monitoring your playbooks and integration points that are a little bit easier to map to. However, that is not a tool for every organization out there. The solution is targeting major enterprises.

    I rate IBM QRadar Advisor with Watson a seven out of ten.

    There are quite a few areas they could improve, such as they have a lot of technical manual configs and orchestration could be better.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Buyer's Guide
    IBM QRadar Advisor with Watson
    March 2023
    Learn what your peers think about IBM QRadar Advisor with Watson. Get advice and tips from experienced pros sharing their opinions. Updated: March 2023.
    688,083 professionals have used our research since 2012.
    James Riffenburg - PeerSpot reviewer
    Principal Cybersecurity Consultant (Architecture, Engineering, Operations) CISO VCISO at a financial services firm with 10,001+ employees
    Consultant
    Top 10
    The solution uses AI to analyze different logged events, and network activity and create a correlation
    Pros and Cons
    • "The most valuable features are the AI assistant, which is good at detecting known types of behavior."
    • "The solution can be improved by lowering the cost and bettering their technical support."

    What is our primary use case?

    The primary use case of this solution is to help customize the workflows and dashboards for our clients in a secure manner.

    How has it helped my organization?

    The solution has helped improve our organization by providing the comfort and visibility that we are, meeting compliance, and doing our due diligence in analyzing events from multiple sources and correlating threat activity. 

    What is most valuable?

    The most valuable features are the AI assistant, which is good at detecting known types of behavior. The solution can analyze different logged events, and network activity and create a correlation. The solution is easy to customize and tune compared to other products.

    What needs improvement?

    The solution can be improved by lowering the cost and bettering their technical support.

    For how long have I used the solution?

    I have been using the solution for three and a half years.

    What do I think about the stability of the solution?

    The stability of this solution is rock solid, a ten out of ten.

    What do I think about the scalability of the solution?

    The solution appears to be scalable. I have used the solution in organizations with users ranging from 2000 to 10,000.

    How are customer service and support?

    The technical support eventually gets the job done.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    Depending on what the client is looking for I have used and recommended ArcSight, Splunk, and Cisco.

    How was the initial setup?

    The initial setup is in-between straightforward and complex. Any SIEM solution is complex, but compared to other products, it is the middle of the road. It's not as difficult or cumbersome, especially when you compare it to ArcSight being the most difficult where you require a whole team of people to really derive any value.

    What was our ROI?

    Most of our clients have seen a return on investment because compared to other solutions it does not require a busload of people to operate it and it is reasonably priced.

    What's my experience with pricing, setup cost, and licensing?

    The solution is costly and the price differs depending on the vendor you use.

    What other advice do I have?

    I give the solution an eight out of ten.

    The solution is fairly easy to maintain and the learning curve is reasonable compared to other products to customize the workflow dashboards and get meaningful insight as far as what is happening within our organization. The solution is also fairly straightforward to integrate with different data log sources.

    The solution requires three to five people to maintain including one analyst, an engineer, and an architect.

    I suggest before using the solution you know what your process is, know what your logging sources are, and plan well because It's really a leadership challenge. The solution is better deployed than other models.

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    IBM
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Team Lead - Information Security at a computer software company with 10,001+ employees
    Real User
    Top 20
    Easy to set up and reliable, with a simple user-interface
    Pros and Cons
    • "We've found the solution to be scalable."
    • "The IBM support can be better."

    What is our primary use case?

    The use cases that are widely used across the globe are related to ransomware phishing, lateral movement, et cetera.

    What is most valuable?

    The simple user access model, or the user interface, is something that is very helpful.

    The initial setup is not too difficult. 

    So far, we have found the product to be stable. 

    We've found the solution to be scalable.

    What needs improvement?

    The IBM support can be better. It's an aspect that needs improvement. 

    In future iterations, I'd like to see an advance in office management, the out-of-the-box use cases that are provided. That needs to be part of the requirement.

    What do I think about the stability of the solution?

    It's a stable solution. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

    What do I think about the scalability of the solution?

    The solution scales well.

    We have 45,000 users on the solution right now. 

    We do plan to increase usage soon. 

    How are customer service and support?

    We've dealt with technical support in the past and it was lacking. 

    They have provided dedicated time to us, to work on the issue that we are observing right now.

    Which solution did I use previously and why did I switch?

    We did not use a different solution. We chose this due to the fact that it's an industry-accepted solution. The use cases are easy to configure in multiple things that we considered important while taking the solution.

    How was the initial setup?

    The deployment was easy. It wasn't overly complex.

    It took me around six months to do the implementation. 

    What about the implementation team?

    We handled the deployment with the assistance of a vendor partner. 

    What's my experience with pricing, setup cost, and licensing?

    I can't speak to the exact pricing. I've never looked at its commercial costs. 

    Which other solutions did I evaluate?

    We did consider other options before choosing this product.

    What other advice do I have?

    We are a preferred partner of IBM.

    I'd rate the solution at a seven out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Ahmed Hossam - PeerSpot reviewer
    SOC Analyst Tier 2 at IP Protocol INC
    Real User
    Top 10
    An AI-powered incident and risk analysis, triage and response tool with a user-friendly graphical interface
    Pros and Cons
    • "I like the graphical interface. It's so good and easy."
    • "Integration could be better. They should make it easy to integrate with other solutions."

    What is our primary use case?

    First, I used the manual to learn, then I tried to merge it with my company's needs, and there weren't any problems.

    What is most valuable?

    I like the graphical interface. It's so good and easy.

    What needs improvement?

    Integration could be better. They should make it easy to integrate with other solutions. 

    For how long have I used the solution?

    I have been using IBM QRadar Advisor with Watson for three or four years.

    What do I think about the stability of the solution?

    IBM QRadar Advisor with Watson is a stable solution.

    What do I think about the scalability of the solution?

    I think IBM QRadar Advisor with Watson is scalable.

    How are customer service and support?

    We didn't use technical support as the community was very helpful.

    How was the initial setup?

    The initial setup was difficult the first time, but it got easier after that.

    What's my experience with pricing, setup cost, and licensing?

    I think my company pays for the license yearly.

    What other advice do I have?

    I would advise potential users to read the manual or the workbook before going forward with the deployment. Try to match the requirements with the company's needs to avoid facing issues in the future. But if you get stuck, you can always ask the community for help.

    On a scale from one to ten, I would give IBM QRadar Advisor with Watson a nine.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: partner
    Flag as inappropriate
    PeerSpot user