IBM QRadar Valuable Features
The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis.View full review »
We have worked with other solutions, such as LogRhythm and Splunk. Compared to others, IBM QRadar has the best price-performance ratio so that you are able to reserve minimum costs. It starts settling in fast and gets the first results very quickly. It is also very scalable.View full review »
Management Executive at a security firm with 11-50 employees
IBM QRadar is phenomenal as a SIEM SOC solution. In terms of its capability, in terms of its usability, in terms of the SOC solutions or SIEM solutions out there, we find QRadar the most user-friendly.
It gives you the right coverage as the analytical platform that's coupled with Watson is phenomenal.
From a deployment perspective, we found it very, very good.
What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value.
It's easy to use if you go through the proper training. We find that the current IBM team in South Africa is not as good as the teams abroad, however, if you get the right support and the right training, which we have got, we find it very, very, very customizable and user-friendly.
What we have done is we do not use a lot of level-one analysts. We use a lot of developers, so we constantly evolve the rule-set. Most of the organizations that have employed QRadar, what they do is they stack it up with level-one and level-two analysts, as opposed to having more security developers who enhance the rule-set, due to the fact that all of the same technologies work on rule-sets. If you can dynamically change the rule-set on the fly, you're good. We have got a different model in terms of the way we operate a SOC, where we have more developers amending the rules, you will lessen the number of false positives that you encounter. The biggest problem with most of the SIEM technologies out there is that you get too many false positives, and again, it impacts your operational SOC. We don't have that issue here.View full review »
I think the log search is pretty good. It's very easy to create complex searches and aggregate results and create graphics, etc.
The rule engine is very easy to use — very flexible. We can create rules based on whatever behavior we want. It's very easy to use compared to Splunk.
When we analyzed Splunk, that was the criteria that we looked at. Splunk was a lot more difficult to use and to create rules.
The standard rules they have are very comprehensive. There are many content packs in the apps that enrich those rules. We are still using the native rules from QRadar because there are many useful rules there. I think we're going to have a very good experience with them.View full review »
Senior IT Technical Support at a training & coaching company with 1,001-5,000 employees
Inside IBM QRadar there are a lot of engines that actually work to help us to do the correlation and normalization as well for the logs that we're receiving from multiple devices. IBM is very powerful in that regard.
QRadar, as a solution, can integrate with a lot of other applications. You can write your own custom rules if you want to. We can ask it to detect whatever we want it to, even with the devices that are not supported to send logs. IBM QRadar can understand these types of commands and we can still integrate and write our own rules to help us to detect those logs that are coming from, for example, IoT devices or from other devices that usually we don't understand.
It can handle really a huge number of logs with fewer false positives. We can use the artificial intelligence and the rules that IBM is providing to make it really smart. The solution can help you predict even the false positives when we are alerting the admin or the security admin about some offenses that we have seen from the logs.
Their product is very user-friendly.
Customer service is very good and very helpful.
The initial setup is quite straightforward.
The solution can scale.
The solution is very stable.View full review »
It is a pretty solid product for the type that it is representing i.e. SIEM. It can do automatic correlation based on the traffic that you are receiving to some extent. It has plethora of options available for third party application integration. For e.g CISCO Firepower, Palo Alto Dashboard for CISCO and Palo Alto Firewall respectively. Integration with Cloud based Log Sources is also supported via. parsers that support API Connect. This is helpful when pulling in Logs from AWS, Azure, GCP or other Cloud Based Solution like Carbon Black, Imperva etc.
The solution has very good Watson Analyzer integration. It's one of the key differentiators if you compare it to other solutions.
The solution offers very good BSM support. There's 400 BSM support out of the box. That's a huge advantage. with it, you are actually adding almost all the devices that are available in an IT environment.
This is a distributed application, meaning that a customer can stack small and then scale it so that they can expand pretty effectively. You can use, basically, the same product in an SMB or a large enterprise.
You can deploy the solution and leave it. It's very unfussy.
When it comes to deployment, it's very flexible.View full review »
In general, the product is awesome. It's almost perfect.
The most valuable aspect of the solution is the integration capabilities on offer. It's very helpful to have so many options.
The initial setup is pretty straightforward.
The stability is good.
We've found the scalability to be excellent.
It offers all of the specifications of the hardware that we need.
Senior Solutions Architect at a manufacturing company with 51-200 employees
QRadar, Splunk, and ArcSight are SIEM solutions with built-in AI/ML features. They can do the complete investigation and alert the admin about what is happening. They can also do the root cause analysis.
There are many other features that come with QRadar. It has a more granular log, so you can integrate with various non-IT as well as IT-based components. You can get unstructured data to the SIEM data, and you can identify more what is happening in the network or what is happening in the central head office. You can also identify what is happening between your remote offices. You can also use it to identify what the users in the field are doing on their devices and how things are moving.
From the integration point of view, it is very centric. It gives complete control centrally. If a user is not connected to the system, whenever he comes online, we can see the policy updates over the Internet, and we can ensure that the data that is supposed to be protected is protected.View full review »
Analyst at a tech services company with 501-1,000 employees
One very useful feature is the plug-in offering that allows you to integrate it with other solutions, such as integrating it with plug-ins like ForeScout, Carbon Black, and the rest. Additionally, the ability of the agents to filter using XPath query to filter out the specific events you want to pick from, especially Windows log sources, is also very useful. That goes a long way in managing the EPS of the solution.View full review »
There are a lot of features in QRadar. App Exchange is the most valuable feature. User behavior analytics (UBA) is also a very good feature. Watson is also there, but we are not currently using Watson.
It is versatile and quite easy. It also has an all-in-one-box feature and good integration with AWS.View full review »
The SOAR features are very good.
The product is able to handle special requests.
It can effectively search local files.
We are able to deploy in two or more different locations.
The solution is functional right out of the box and it's a pretty simple system with different kinds of solutions that address different types of problems.
The initial setup is pretty straightforward.
The solution is stable.
The product can scale.
Technical support is good overall.
Qradar has a lot of integration capabilities with different security products.
If we talk about functionality in general for SIEM systems, it's good.View full review »
Rama Krishna Bhaskarayani
Founder at Halainfosec
There have been many advancements made in the most recent year. There are many add-ons included in the licenses that I have yet to explore.
There have been many improvements. When I worked with this solution at the core technical level, it was a SIEM solution. Many attributes have been added, such as threat intelligence, SO solutions, automation, and OT security. Many other platforms have been included as part of IBM QRadar.
The flexibility is good in terms of pulling log files.View full review »
Information Security Specialist at a comms service provider with 501-1,000 employees
The user behavior analytics as part of our deployment was okay, even though it was clunky.
The solution can scale.View full review »
QRadar has a lot of connectors out of the box. It has a lot of predefined and pre-deployed connectors that you can use.
It has a lot of good correlation rules. From a customer's point of view, it is one of the best solutions because you don't need to create correlation rules from scratch. You just review them and customize them as you want.
It supports using SQL queries. Sentinel uses KQL, but you need to learn it from scratch.View full review »
IT Security Analyst at a manufacturing company with 10,001+ employees
I have found its network traffic log, network bit log, and QBI most valuable.
We have a lot of domain controllers in QRadar tracking all the security. It is also useful for identity management.View full review »
Security Analyst at a tech services company with 51-200 employees
Most valuable features include the granularity of information. Queries provide leads for finding information. We also deal with the Symantec team, which is a different one.View full review »
QRadar allows you to filter by the source and destination IPs and see detailed logs on that. For example, if a user is trying to access a server using a malicious port like 4.5.0, I can get valuable data and take action from other devices.
It also has a graph that shows the traffic history. I can see what happened yesterday or today. If there's an incident, I can check the traffic behavior on QRadar.View full review »
We pay a little bit extra for Watson, and the Watson feature enables the analyst to go through and triage things much faster. It's quite useful for us and worth the smaller extra bit of money.
The solution is quite flexible.
We enjoy the fact that it is cloud-based.
The initial setup was very straightforward.
The solution is very scalable.
We've found the stability to be mostly very good.View full review »
The best feature of IBM QRadar is visualization which shows you when there's a spike in the system, and this makes you realize that there's something wrong with the log.View full review »
Integrations are quite a useful and key feature of this solution. It has integration with the CVSS score, which is a central point for all the data and scores about the threats. There is an IBM Bluemix dashboard that is integrated with the CVSS score.View full review »
Chief Technology Officer at a tech services company with 51-200 employees
I like the new dashboard which enables us to understand how many real threat attempts are made in a day. I also like the QRadar incident response, we installed the QIF last week. The solution has improved visibility so that we've been able to discover that some of our customers have not had any protection and were very vulnerable. It's an important area. I also find that the user behavior analysis is relatively simple. We are customers of QRadar.View full review »
IM Operations Manager at a tech services company with 1,001-5,000 employees
IBM Qradar's ability to simplify the number of events, not only on a technical level but by making that information easy to pan through the orchestration deduplication. It is very impressive given that we have hundreds of devices that send event logs through.View full review »
Managed Security Product at a comms service provider with 1,001-5,000 employees
The feature that I have found most valuable is its artificial intelligence component, Watson. Its contribution is pretty good from a machine-learning artificial intelligence perspective. This compliments the orchestration automation component, as well.View full review »
It is suitable for large companies with critical infrastructure. For our clients, robustness, availability at a high level, and the level of references and experiences connected to the solution are important. They need to know that other energy players are also using it.View full review »
The solution supports MSSP models, which most service providers have. This means that a single system can be onboarded for all 200 existing customers for monitoring purposes.View full review »
Solution Architect Cybersecurity at a tech services company with 501-1,000 employees
The threat hunting capabilities in general are great.View full review »
All of the features offered by this product are useful for analysis. Essentially, everything that it offers is critical and we use it.View full review »
IT Solutions Product Manager at SMTSTECH
What I like the most about it is that you can very easily install and configure it. As compared to other SIEM solutions, for which you need to know and do a lot more to prepare your SIEM environment, QRadar is much simpler to install and configure. There are various options in the Admin console. In the Admin tab, you can design dashboards and view various graphs. It has a lot of attractive features, and you don't need to configure everything on your own.View full review »
Senior Security Engineer at a tech services company with 1,001-5,000 employees
The features that I have found most valuable in QRadar are its data enrichment, use case creations, and adding references - those kinds of features are very good. Also, QRadar's event filtration and device integration are perfect.
Actually, we are looking for another product because a customer is demanding different products and they're not going with QRadar, hence we are trying to compare QRadar with other solutions like Securonix, Splunk, Exabeam, LogRhythm. Otherwise, all our customers are happy with QRadar.
I'm doing integrations and deployments for QRadar. So, in regards to integration and deployment, QRadar is very easy as compared to other products.View full review »
Manager SOC at a comms service provider with 10,001+ employees
The QNI feature is the one I am very interested in, and I have also been interested in Watson. From the log analysis and the security perspective, we are able to dive deep into any of the logs and anomalies.
It is user-friendly, and it is easy to develop. If you know the architecture, what to develop, and how to get the output for your results, you can easily work with it.View full review »
Head of IT Security, Governance and Compliance at a consumer goods company with 10,001+ employees
The most valuable feature is the ease of use.View full review »
The detection rate is good and the false positive rate is low. Having a low false-positive rate is good because it means that if an alert happens then it is very likely a real attack.
QRadar is quite flexible. Out of ten, I would rate flexibility a nine.View full review »
Team Lead & Principal Software Engineer at a tech services company with 51-200 employees
Solution Security Architect at PT. Sinergy Informasi Pratama
The most valuable feature is that it can analyze event logs, event security, and give a good consult. When you have SIEM, you can easily manage with one single monitor. QRadar can do a lot of analyses of every security product and will let us know what needs to be done to the log. Sometimes we need security orchestration automated response to support the SOC team.View full review »
Ingénieur d'étude R&D at DOGA
The solution is relatively easy to use.
The product helps increase development speed.
The customization is very good, as are the dashboards and the security.View full review »
The most valuable feature is the integration with the GRD, for banking.View full review »
Queretaro at a tech services company with 1-10 employees
The most valuable features are the versatility of this solution and the variety of things you can do with it.View full review »
The monitoring and dashboards are great.View full review »
SOC Team Lead at a financial services firm with 1,001-5,000 employees
I have found the most important features to be the flexibility, tech framework, and disk manager. Additionally, the solution is easy to learn how to use it.View full review »
Deputy General Manager at a comms service provider with 5,001-10,000 employees
We are looking for the entire QRadar spectrum but it has many products. QRadar is a kind of program, we are looking for system modelling, point modelling, network side modelling similar to QRadar network inside, and the capability to correlate between the network and endpoint. Most of the SIEM's have to rely on when it comes to network side third party or separate network traffic analysis. When it comes to QRadar, they can do the correlation and not only in networks but also endpoints. This is one of the good features that we have noticed.View full review »
The price is very good. It's quite reasonable.
The solution's performance is excellent. The stability is excellent.
We've found the technical support to be very good.
The pricing is very good.View full review »
Director of Information Security at a financial services firm with 501-1,000 employees
The most valuable feature is the searching capability and real-time operational use.View full review »
Sr.Network Engineer at NTT Security
The solution will not provide alerts in the event of any particular traffic. It will only alert in the case of a security threat.View full review »
IT Security Manager at a tech services company with 201-500 employees
The feature that I have found most valuable is how it monitors the real network. That is its leading security feature.View full review »
Security Sales Consultant at Google, LLC
A valuable feature is the detection capability. I like that the solution can use data other than log data which means that things like vulnerability data, network data and the like, are part of the correlation and detection.View full review »
Sr. Information Security Analyst at a insurance company with 51-200 employees
Part of the SaaS offering is the SOC service. The best part of this solution is having a third-party SOC.
It's a robust solution.View full review »
Vice President at a financial services firm with 10,001+ employees
The product provides a very defined solution. It provides a complete platform for ingesting the log, doing the correlations and handling the runtime.View full review »
I think this is a good product for enterprises because of the performance and out-of-the-box rules and use cases. If they want to reach the maturity level early, they can use these out-of-the-box rules and use cases. That will help them a lot.View full review »
This product is easy to install, integrate, and use.
It has very rich functionality.View full review »
Professional Services at a tech services company with 51-200 employees
The most valuable feature is user behavior analytics (UBA).
The EPS and FPS graphs are helpful.
The collecting of logs and processes is very good.
Assistant IT Manager at a insurance company with 1,001-5,000 employees
I like that it's easy to use and the performance is good.View full review »
Head Of Sales at Cascade Solutions Inc
From a sales perspective, IBM QRadar is very competitive when it comes to prices. It's a flexible and valuable product. It has a good edge in the region and good references as well. You can easily capitalize and upsell on whatever you sold previously. It's a modular product, so you can set up a roadmap and plan for your customers. This is one of the main advantages of QRadar.View full review »
Regional Director, Customer Success (GTM Solutions & Services) at a tech services company with 51-200 employees
The solution is flexible and easy to use.View full review »
Practice Head at a tech services company with 51-200 employees
The most valuable feature is the correlation function, which is flexible.
It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch.
The most valuable features are log monitoring, easy-to-fix issues, and problem-solving.View full review »
It's a complete platform.
The interface is good.
They have more than 100 features.View full review »
Certified AIX I.T Manager at a financial services firm with 10,001+ employees
I think the QDI is very good.View full review »
AVP - Security at a tech services company with 501-1,000 employees
I have found visibility very helpful for analytics.View full review »
Information Security Leader at a computer software company with 1,001-5,000 employees
The features that I have found most valuable are that it is very stable, easy to get going, and easy to manage. It is also easy to review all incidents.View full review »
The solution is easy to use, manage, and review all incidents.View full review »
Senior Security Engineer at a wholesaler/distributor with 10,001+ employees
One of the most valuable features of this solution is it has very good data correlation.View full review »
Curator is the leader of teams in the market. It's a product with plenty of features and capabilities. It's a very powerful solution.View full review »
Overall a great solution.View full review »
Pre-Sale Consultant (Technical) at a tech services company with 51-200 employees
We are using the platform version, which I like.View full review »
Technical Presales at a tech services company with 1,001-5,000 employees
This solution has excellent security analytics.View full review »