IT Central Station is now PeerSpot: Here's why
Sr. Information Security Analyst at a insurance company with 51-200 employees
Real User
Robust monitoring that is scalable and includes the SOC service
Pros and Cons
  • "The best part of this solution is having a third-party SOC."
  • "The user interface is a bit difficult to get used to."

What is our primary use case?

The primary use case of this solution is for monitoring the network.

What is most valuable?

Part of the SaaS offering is the SOC service. The best part of this solution is having a third-party SOC. It's a robust solution.

What needs improvement?

The user interface is a bit difficult to get used to. Once you do, it's not difficult.

For how long have I used the solution?

I have been working with QRadar for two years. We are working with the latest version.
Buyer's Guide
IBM QRadar
June 2022
Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
610,190 professionals have used our research since 2012.

What do I think about the stability of the solution?

The stability is excellent.

What do I think about the scalability of the solution?

It's scalable. Everything is done through our third-party vendor. We have four other people in my group that have access to it, and we have six people who use it.

How was the initial setup?

The third-party vendor manages the system

What about the implementation team?

We had a third party vendor to complete the installation, so it wasn't bad.

Which other solutions did I evaluate?

We evaluated all of the Gartner top quadrants.

What other advice do I have?

I would recommend having a third-party vendor. There are a lot of alerts and a lot of tuning that has to be done. Every time we add new rules to it, an alert goes up. Having the SOC to go through it all first is very beneficial. For what we do, I would rate IBM QRadar a ten out of ten. We are satisfied with it.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Muhammad Ali Aziz - PeerSpot reviewer
Sr Manager of Cybersecurity at a tech services company with 51-200 employees
Reseller
A User Behavior Analytics (UBA) solution with useful out-of-the-box rules and use cases, but functionality should be more integrated
Pros and Cons
  • "I think this is a good product for enterprises because of the performance and out-of-the-box rules and use cases. If they want to reach the maturity level early, they can use these out-of-the-box rules and use cases. That will help them a lot."
  • "IBM QRadar User Behavior Analytics is good, but I think the functionality should be much more integrated. You should have easy access to the artifacts if you are doing a particular investigation. It's good, but other team solutions like LogRhythm are actually merging the functionality. So, I think that is something IBM can work on."

What is most valuable?

I think this is a good product for enterprises because of the performance and out-of-the-box rules and use cases. If they want to reach the maturity level early, they can use these out-of-the-box rules and use cases. That will help them a lot.

What needs improvement?

IBM QRadar User Behavior Analytics is good, but I think the functionality should be much more integrated. You should have easy access to the artifacts if you are doing a particular investigation. It's good, but other team solutions like LogRhythm are actually merging the functionality. So, I think that is something IBM can work on. 

For how long have I used the solution?

We have been using IBM QRadar User Behavior Analytics for about four years.

What do I think about the stability of the solution?

Stability is good, but the investigation system should be better.

What do I think about the scalability of the solution?

IBM QRadar User Behavior Analytics is scalable. You have the EPS and closed license. I think scalability is not an issue because it is available on both the hardware and the software. You can install the software plans if you want, and there is also a hardware plan.

How are customer service and support?

Their technical support is good. I have not faced any issues before, and the technical support is good.

What other advice do I have?

I will recommend this solution to potential users.

On a scale from one to ten, I would give IBM QRadar User Behavior Analytics a seven. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Buyer's Guide
IBM QRadar
June 2022
Learn what your peers think about IBM QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
610,190 professionals have used our research since 2012.
Kashif-Jamil - PeerSpot reviewer
CEO at Xcelliti
Real User
Top 20
Easy to install and use, but the GUI and reporting features need to be improved
Pros and Cons
  • "It has very rich functionality."
  • "QRadar needs to be more specialized, along the lines of what other SIEM solutions are."

What is our primary use case?

We use QRadar to detect and gather information about any product vulnerabilities and any sort of attack on the network. It's able to help detect suspicious activity that is coming into the system.

We are also selling this product.

What is most valuable?

This product is easy to install, integrate, and use.

It has very rich functionality.

What needs improvement?

QRadar needs to be more specialized, along the lines of what other SIEM solutions are. It needs to be more detailed.

Incorporating an AI component is needed, where the learning feature identifies malicious activities coming into the network.

The GUI and reporting need to be improved.

The footprint needs to be optimized because the application footprint is too heavy. The machine requires a very high amount of resources.

For how long have I used the solution?

I have been working with IBM QRadar for between three and four years.

What do I think about the stability of the solution?

This is a very stable product.

What do I think about the scalability of the solution?

QRadar is a scalable solution.

How are customer service and technical support?

Technical support is very good.

What's my experience with pricing, setup cost, and licensing?

I feel that the price is reasonable but compared to other products that are on the market, such as an offering by Microsoft, it is more expensive.

What other advice do I have?

This is a good product but there is room for improvement in several areas, including the integration of advanced data mining.

I would rate this solution a six out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Syed Hammad Shafiq - PeerSpot reviewer
Information Security Manager at a tech services company with 1,001-5,000 employees
Real User
Easy to set up but support is lacking

What is our primary use case?

There are many use cases for this solution. One example is we are using this solution to monitor user site access to band sites. 

What needs improvement?

The solution is highly used here in Pakistan and in many sectors, they could improve it by having more SIEM connectors.

For how long have I used the solution?

I have been using this solution for approximately four years.

What do I think about the stability of the solution?

The stability is good until you upgrade to a new version. You have to properly shut down services when you are doing some maintenance activities every three to four months. There might be some problems that you do not expect. We have had some complaints from users regarding operation. 

How are customer service and technical support?

We have had bad experiences with support from IBM. We are not satisfied with the support and they have made me very angry. My customers have had similar experiences.

How was the initial setup?

The initial setup of QRadar is not complex because we have done it before and we are used to the development. It is getting easier all the time.

What's my experience with pricing, setup cost, and licensing?

There is a license required for this solution and it is an annual payment. I have found all solutions in the category to be expensive, including Splunk.

Which other solutions did I evaluate?

I am evaluating Splunk.

What other advice do I have?

Here in Pakistan, this solution has already saturated the financial market.

I rate IBM QRadar a five out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Professional Services at a tech services company with 51-200 employees
Real User
Powerful user behavior analytics capabilities, and the log and process collection functionality is good

What is most valuable?

The most valuable feature is user behavior analytics (UBA).

The EPS and FPS graphs are helpful.

The collecting of logs and processes is very good.

What needs improvement?

The support process needs to be improved.

Every SIEM solution has issues with plugins, as they have to connect to different log systems. It can affect security, infrastructure, and other things. IBM should continue to expand its database and cover as many systems as possible.

For how long have I used the solution?

I have been using IBM QRadar for about one year.

What do I think about the stability of the solution?

QRadar is a very stable product.

How are customer service and technical support?

The whole process for support is something that needs to be improved. You have to create a case, export the log and attach it to the case, then an engineer will clarify what you need to export and attach it to the ticket or support case, and so on. When you're working with a system that does not have good bandwidth, it makes it even more stressful. It is a lot of work and it should be easier to do.

My colleague has worked more with support and the feedback that I have heard is that they are quite good. It's the process that I am complaining about.

How was the initial setup?

The initial setup is pretty straightforward.  We had several logs to integrate so it took a week and perhaps a few days.

What other advice do I have?

I would rate this product a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Assistant IT Manager at a insurance company with 1,001-5,000 employees
Real User
Top 5
A SIEM solution that's easy to use, but the price could be better

What is our primary use case?

I use QRadar for cybersecurity defense, operation, and to improve performances.

What is most valuable?

I like that it's easy to use and the performance is good.

What needs improvement?

It would be better if it were more stable and more secure. The price for maintenance could be better. It's too high. In the next release, I think they should focus on the price and the operation.

For how long have I used the solution?

I have been using IBM QRadar for four years.

What do I think about the stability of the solution?

IBM QRadar is a stable solution, but it could be more stable.

What do I think about the scalability of the solution?

IBM QRadar is a scalable solution. We have about 100 users at the moment.

How are customer service and technical support?

I remember that I opened ten or 20 cases to receive support from IBM over three years.

How was the initial setup?

The initial setup and deployment are very easy. I think it took us about a month to implement this solution. We have a team of two, one manager and one technical, to deploy, manage, and maintain this solution.

What about the implementation team?

We installed this solution with the help of a consultant.

What's my experience with pricing, setup cost, and licensing?

The price could be better. I bought a subscription for three years. 

What other advice do I have?

On a scale from one to ten, I would give IBM QRadar a seven.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Head Of Sales at Cascade Solutions Inc
Real User
Top 10
Modular product that sets up a clear roadmap
Pros and Cons
  • "Flexible and valuable product that is modular, so you can easily set up a roadmap for your clients."
  • "Each module requires a separate license and a separate cost."

What is most valuable?

From a sales perspective, IBM QRadar is very competitive when it comes to prices. It's a flexible and valuable product. It has a good edge in the region and good references as well. You can easily capitalize and upsell on whatever you sold previously.  It's a modular product, so you can set up a roadmap and plan for your customers. This is one of the main advantages of QRadar.

What needs improvement?

Right now, there are a lot of solutions in the market that consider themselves next-gen SIEM solutions, like AzureVM. IBM QRadar can be revised considering the competition, market segment, references, and the maintenance of the landscape.

Some modules can be shared as embedded within the same solution because this would be a compelling edge versus others. When it comes to other products, like LogRhythm for example, they can consider the SOAR and the threat Intel embedded with the SIEM Solution licenses. However, when it comes to IBM, they consider each module as a separate license with a separate cost. So it doesn't make sense to compete if the customer isn't convinced with IBM, because you'd have tough competition when it comes to financials.

For how long have I used the solution?

I have been using QRadar for more than five to six years.

What do I think about the stability of the solution?

IBM QRadar is a stable product.

What other advice do I have?

I would rate it an eight out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Cybersecurity Architecture and Technology Lead at Appxone
Consultant
Top 20
Can detect off-hours or excessive usage of an application or cloud-based service, or network activity patterns that are inconsistent.
Pros and Cons
  • "Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure."
  • "AI is superb but need improvements."

What is our primary use case?

Find the malicious activity via filter, don't rely on the rules which trigger the offenses and fix the suspicious activities.

How has it helped my organization?

Gaining application visibility and anomaly detection helping IT personnel to quickly identify meaningful deviations. For example, QRadar SIEM can detect off-hours or excessive usage of an application or cloud-based service, or network activity patterns that are inconsistent with historical, moving-average profiles and seasonal usage patterns.

What is most valuable?

Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure, helping organizations detect and remediate threats often missed by other security solutions. These threats can include inappropriate use of applications; insider fraud; and advanced, “low and slow” threats easily lost in the “noise” of millions of events..

What needs improvement?

Artificial Intelligence is superb, QRadar correlate the events smartly and remove the same events but need improvements.

For how long have I used the solution?

One to three years...

What do I think about the stability of the solution?

No issues.

How are customer service and technical support?

Very good

Which solution did I use previously and why did I switch?

Mcafee, switched due to the bad correlation of data.

How was the initial setup?

It was straightforward

Which other solutions did I evaluate?

Splunk and Logrhythm..

What other advice do I have?

QRadar also supports UBA which is a fantastic feature to detect user's malicious activities.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free IBM QRadar Report and get advice and tips from experienced pros sharing their opinions.
Updated: June 2022
Buyer's Guide
Download our free IBM QRadar Report and get advice and tips from experienced pros sharing their opinions.