IBM Security QRadar Valuable Features

Frank Eargle - PeerSpot reviewer
Information Security Engineer at Glasshouse Systems

The most valuable features of IBM Security QRadar are flexibility, IBM support, and scalability.

View full review »
Anto Sebastin - PeerSpot reviewer
Technical Presales Engineer at Redington India Limited

We had enabled federated search. It allows us to search data both on-premises and on the cloud. We can check the functional insights. We use keywords for threat investigation. We use the product mostly for AWS delivery models.

View full review »
MUHAMMADNADEEM1 - PeerSpot reviewer
Deputy Director at Board Of Revenue

IBM Security QRadar has significantly improved our incident response procedures. We have implemented a structured plan within the system, ensuring adherence and minimizing human error.

View full review »
Buyer's Guide
IBM Security QRadar
March 2024
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
KM
Head of Cyber security analysis at DNV Poland Sp. z o.o.

It's hard for me to pinpoint any one feature that's most valuable because it is all about consuming logs and analyzing them. We started using QRadar UBA because we needed something that could analyze Linux authentication information. Other products take care of the Windows platform.

View full review »
Artur Marzano - PeerSpot reviewer
Security Analyst at Localiza

What I like about IBM QRadar User Behavior Analytics is that it uses machine learning algorithms to generate risk scoring for the user activity. I also like that it syncs with our Active Directory users, so it really has full coverage for all users in our environment. I also find the risk scoring feature of IBM QRadar User Behavior Analytics pretty interesting. I don't use it well enough today, but it's a feature I look at closely.

View full review »
Lokesh Puthalapattu - PeerSpot reviewer
Senior Marketing Specialist II at Harman International

I have used IBM QRadar User Behavior Analytics in a Cloud Pak on Amazon, and there it runs on top of it and is easy to assess. Additionally, I have installed processes and characters.

The most useful feature of IBM QRadar User Behavior Analytics is the User Behavior Analytics aspect. For example, whoever logs into the Amazon AWS to the interface, if someone is logging in for the first time that the administrator has created, or someone is logging in, we receive an email notification saying that they have logged in, we need to check. Based on that, we will start checking to see if the visit was a valid one or a malicious one. Even if we only have a few users, such as 25 to 30 Amazon AWS records.

View full review »
EM
Director of Incident Response at a retailer with 10,001+ employees

I equate QRadar to a robust solution. You get all the live sources. If you have someone there fine-tuning the solution and creating rules for the team to ensure the fence is alert. It's a robust solution.

In the past, I've heard the term that it's like a Cadillac, a trusted Cadillac. It'll get you from point A to B. It does what integration is supposed to do.

View full review »
Elshaday Gelaye - PeerSpot reviewer
Lead Technical Architec at Commercial Bank of Ethiopia

QRadar allows you to filter by the source and destination IPs and see detailed logs on that. For example, if a user is trying to access a server using a malicious port like 4.5.0, I can get valuable data and take action from other devices. 

It also has a graph that shows the traffic history. I can see what happened yesterday or today. If there's an incident, I can check the traffic behavior on QRadar.

View full review »
YE
Technical Analyst at a manufacturing company with 10,001+ employees

Blocks of predefined conditions can be used to configure detection rules without having to write complicated script. 

Real-time detection is quite efficient and valuable. Other products such as Splunk focus only on running searches to detect a particular behavior.

The Vulnerability Manager module is useful and quite efficient. 

View full review »
Jacob_Koithra - PeerSpot reviewer
Project & Program manager at Shell Grp

The monitoring and dashboards are great. 

View full review »
Chetankumar Savalagimath - PeerSpot reviewer
Delivery Manager at a tech services company with 1,001-5,000 employees

There are a lot of features in QRadar. App Exchange is the most valuable feature. User behavior analytics (UBA) is also a very good feature. Watson is also there, but we are not currently using Watson.

It is versatile and quite easy. It also has an all-in-one-box feature and good integration with AWS. 

View full review »
Artur Marzano - PeerSpot reviewer
Security Analyst at Localiza

I think the log search is pretty good. It's very easy to create complex searches and aggregate results and create graphics, etc. 

The rule engine is very easy to use — very flexible. We can create rules based on whatever behavior we want. It's very easy to use compared to Splunk. 

When we analyzed Splunk, that was the criteria that we looked at. Splunk was a lot more difficult to use and to create rules.

The standard rules they have are very comprehensive. There are many content packs in the apps that enrich those rules. We are still using the native rules from QRadar because there are many useful rules there. I think we're going to have a very good experience with them.

View full review »
Mohamed Elprince - PeerSpot reviewer
SOC Manager at ALEXBANK

The most valuable feature is the machine learning module.

View full review »
James Riffenburg - PeerSpot reviewer
Principal Cybersecurity Consultant (Architecture, Engineering, Operations) CISO VCISO at a financial services firm with 10,001+ employees

The most valuable features are the AI assistant, which is good at detecting known types of behavior. The solution can analyze different logged events, and network activity and create a correlation. The solution is easy to customize and tune compared to other products.

View full review »
DipeshBhawsar - PeerSpot reviewer
Archtect manager at Principal Global Limited

To be very frank, it's not that much help as of now. We are not getting that many insights from UVA, which we wanted, actually. As of now, we are exploring that UVA, and we have installed it. It's still quite new.

The initial setup is straightforward. 

View full review »
BS
CS engineer at AYACOM

QRadar has a lot of connectors out of the box. It has a lot of predefined and pre-deployed connectors that you can use. 

It has a lot of good correlation rules. From a customer's point of view, it is one of the best solutions because you don't need to create correlation rules from scratch. You just review them and customize them as you want. 

It supports using SQL queries. Sentinel uses KQL, but you need to learn it from scratch.

View full review »
RR
Cyber Security Specialist at a tech vendor with 10,001+ employees

There is a Pulse dashboard that they have. From a reporting perspective, we'll be creating dashboards based on the pulse functionalities. 

There are other third-party plugins that we can use as well. We can initiate in the QRadar platform, however, Pulse is one of the most user-friendly options. 

Along with that, there are out the box rules and out the box dashboards that we have available to us. Mostly what we are concentrating on is creating the rules and fine-tuning the rules to align properly with the customer infrastructure depending upon the customer's requirements. Pulse, UEBA, and NBAD are the features that are the best. They are the most useful from a SOC manager perspective.

View full review »
QI
Manager SOC at a comms service provider with 10,001+ employees

The QNI feature is the one I am very interested in, and I have also been interested in Watson. From the log analysis and the security perspective, we are able to dive deep into any of the logs and anomalies.

It is user-friendly, and it is easy to develop. If you know the architecture, what to develop, and how to get the output for your results, you can easily work with it.

View full review »
ST
Cyber Security Services Operations Manager at a aerospace/defense firm with 501-1,000 employees

The most valuable thing about QRadar is that you have a single window into your network, SIEM, network flows, and risk management of your assets. If you use Splunk, for instance, then you still need a full packet capture solution, whereas the full packet capture solution is integrated within QRadar. Its application ecosystem makes it very powerful in terms of doing analysis.

View full review »
Abbasi Poonawala - PeerSpot reviewer
Chief Enterprise Architect at a financial services firm with 10,001+ employees

Integrations are quite a useful and key feature of this solution. It has integration with the CVSS score, which is a central point for all the data and scores about the threats. There is an IBM Bluemix dashboard that is integrated with the CVSS score.

View full review »
it_user634773 - PeerSpot reviewer
Senior Security Analyst at The Hartford

The most valuable feature for us is probably the intelligence we get out of the product.

View full review »
DL
Head of Cybersecurity at a computer software company with 51-200 employees

The most valuable feature of IBM Security QRadar stems from the fact that it is a product that is like a complete suite.

View full review »
it_user1369023 - PeerSpot reviewer
Senior Manager Information Security at Conduent (formerly Xerox Services)

It is a pretty solid product for the type that it is representing i.e. SIEM. It can do automatic correlation based on the traffic that you are receiving to some extent. It has plethora of options available for third party application integration. For e.g CISCO Firepower, Palo Alto Dashboard for CISCO and Palo Alto Firewall respectively. Integration with Cloud based Log Sources is also supported via. parsers that support API Connect. This is helpful when pulling in Logs from AWS, Azure, GCP or other Cloud Based Solution like Carbon Black, Imperva etc.

View full review »
Ayoub Jaaouani - PeerSpot reviewer
Solutions Architectv at Smarttech247

The tool's most valuable feature is log source management. It enables us to connect to various log sources, including content, authentications, or other customized integrations. These integrations can be tailored for use with other platforms that don’t already have built-in IBM add-ons.

Its scalability is also important. It is also compatible with ISO 27001, DSS API, and various certifications.

As part of our security infrastructure, this tool excels in detecting a wide range of attacks. Its responsiveness surpasses that of alternative solutions. Moreover, the user-friendly interface greatly benefits our analysts. The product is helpful in anomaly detection scenarios.

Additionally, we leverage out-of-the-box content and libraries within the IBM ecosystem. Its user behavior analysis helps us to ensure that our customers are protected. 

Correlation plays a pivotal role in our security strategy. It helps us to analyze logs from different sources. This process helps to correlate logs from endpoints. 

View full review »
Du Hoac Kim - PeerSpot reviewer
Deputy Manager at sacombank

The most valuable features currently are the security behaviors and pdf files.

View full review »
MT
IT Solutions Product Manager at SMTSTECH

What I like the most about it is that you can very easily install and configure it. As compared to other SIEM solutions, for which you need to know and do a lot more to prepare your SIEM environment, QRadar is much simpler to install and configure. There are various options in the Admin console. In the Admin tab, you can design dashboards and view various graphs. It has a lot of attractive features, and you don't need to configure everything on your own.

View full review »
it_user634899 - PeerSpot reviewer
Global Security Engineering and Operations Director at a wellness & fitness company with 10,001+ employees
  • The ability to correlate data across our global enterprise in near real time
  • The ability to integrate a lot of third-party solutions
  • The machine learning pieces with Watson, indicators of compromise, and utilizing that across the value stream

I look at the solution as the best-of-the-breed product. The fact that it can work with what everybody else is doing in the cyber landscape is really what gives it the edge.

View full review »
it_user632763 - PeerSpot reviewer
Senior Security Engineer at a consumer goods company with 1,001-5,000 employees

The most valuable features are its ease of use and that it provides good return on investments. It's the best solution out there, in my opinion.

View full review »
CV
Information Security Manager at a financial services firm with 1,001-5,000 employees

What's most valuable in IBM QRadar User Behavior Analytics is its higher availability than other tools. It consolidates all alerts and detections from the other tools, but my team has to check each tool. As my company lacks the manpower to do that, my team has to do monitoring while working on making each function clear.

View full review »
Bobby Sandeep - PeerSpot reviewer
Vice President - Technology & Managed Security Services at Valuepoint Systems

The simplicity of the solution is the best feature.

View full review »
Yaw Agyare - PeerSpot reviewer
Managing Director at Volta River Authority

We find predictive analysis capabilities valuable.

View full review »
DB
Security Sales Consultant at Google, LLC

A valuable feature is the detection capability. I like that the solution can use data other than log data which means that things like vulnerability data, network data and the like, are part of the correlation and detection.

View full review »
MW
Relationship Manager at a financial services firm with 5,001-10,000 employees

The price is very good. It's quite reasonable.

The solution's performance is excellent. The stability is excellent.

We've found the technical support to be very good.

The pricing is very good.

View full review »
SJ
Senior Security Engineer at a tech services company with 1,001-5,000 employees

The features that I have found most valuable in QRadar are its data enrichment, use case creations, and adding references - those kinds of features are very good. Also, QRadar's event filtration and device integration are perfect. 

Actually, we are looking for another product because a customer is demanding different products and they're not going with QRadar, hence we are trying to compare QRadar with other solutions like Securonix, Splunk, Exabeam, LogRhythm. Otherwise, all our customers are happy with QRadar.

I'm doing integrations and deployments for QRadar. So, in regards to integration and deployment, QRadar is very easy as compared to other products.

View full review »
AK
Works

The SOAR features are very good.

The product is able to handle special requests.

It can effectively search local files.

We are able to deploy in two or more different locations.

The solution is functional right out of the box and it's a pretty simple system with different kinds of solutions that address different types of problems. 

The initial setup is pretty straightforward.  

The solution is stable.

The product can scale.

Technical support is good overall.

Qradar has a lot of integration capabilities with different security products.

If we talk about functionality in general for SIEM systems, it's good.

View full review »
RU
Senior Solutions Architect at a manufacturing company with 51-200 employees

QRadar, Splunk, and ArcSight are SIEM solutions with built-in AI/ML features. They can do the complete investigation and alert the admin about what is happening. They can also do the root cause analysis. 

There are many other features that come with QRadar. It has a more granular log, so you can integrate with various non-IT as well as IT-based components. You can get unstructured data to the SIEM data, and you can identify more what is happening in the network or what is happening in the central head office. You can also identify what is happening between your remote offices. You can also use it to identify what the users in the field are doing on their devices and how things are moving.

From the integration point of view, it is very centric. It gives complete control centrally. If a user is not connected to the system, whenever he comes online, we can see the policy updates over the Internet, and we can ensure that the data that is supposed to be protected is protected.

View full review »
it_user632664 - PeerSpot reviewer
Information Security Analyst at Allegiance Air

The most valuable feature of this product is the nice UI. It is easy and quick to get the information you're looking for.

View full review »
Khalid Majeed - PeerSpot reviewer
Cyber Security Consultant at Software Productivity Strategists, Inc. (SPS)

It offers good machine learning. The analysis is very helpful. 

The user activity is effectively flagged. It can pinpoint strange activity. 

It is stable and reliable.

The product can scale.

Technical support is good. 

View full review »
SD
IM Operations Manager at a tech services company with 1,001-5,000 employees

IBM Qradar's ability to simplify the number of events, not only on a technical level but by making that information easy to pan through the orchestration deduplication. It is very impressive given that we have hundreds of devices that send event logs through.

View full review »
AK
Cyber Security Consultant at raf

All of the features offered by this product are useful for analysis. Essentially, everything that it offers is critical and we use it.

View full review »
PK
Solution Architect Cybersecurity at a tech services company with 501-1,000 employees

The threat hunting capabilities in general are great. 

View full review »
YS
IT Specialist​ at IT Specialist LLC

The playbook engine is flexible and allows for the graphical visualization of processes, enabling the implementation of dynamic playbooks for incident response or testing.

The integration of our customer's infrastructure with other security management systems, such as Active Directory, firewalls, and vulnerability management systems, is effective.

View full review »
Farid Lalayev - PeerSpot reviewer
Cyber Security Student at Baku Higher Oil School

The best feature of IBM QRadar is visualization which shows you when there's a spike in the system, and this makes you realize that there's something wrong with the log.

View full review »
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET

IBM QRadar User Behavior Analytics's most important feature is its ease of use. 

View full review »
JM
Sr.Network Engineer at NTT Security

The solution will not provide alerts in the event of any particular traffic. It will only alert in the case of a security threat. 

View full review »
DS
SOC Team Lead at a financial services firm with 1,001-5,000 employees

I have found the most important features to be the flexibility, tech framework, and disk manager. Additionally, the solution is easy to learn how to use it.

View full review »
CM
Security Operations Manager at a comms service provider with 501-1,000 employees

We pay a little bit extra for Watson, and the Watson feature enables the analyst to go through and triage things much faster. It's quite useful for us and worth the smaller extra bit of money.

The solution is quite flexible.

We enjoy the fact that it is cloud-based.

The initial setup was very straightforward.

The solution is very scalable.

We've found the stability to be mostly very good.

View full review »
DS
Works at a healthcare company with 5,001-10,000 employees

This solution provides amazing visibility into the network and endpoints. The ability to correlate point in time and things happening over time is priceless in today's threat environment.

The rules can look for things both from log sources and from data traversing your network which is unique in the SIEM world and makes QRadar a consistent magic quadrant leader.

The QNI file hash in-flight search is helpful.

The ability to transition from microscopic to macroscopic view, instantly, is very good.

View full review »
DS
Vice President & Country Head at Inspira Enterprise

QRadar UBA's most valuable feature is the risk rating of users depending on their behavior.

View full review »
AE
Head Of Sales at Cascade Solutions Inc

From a sales perspective, IBM QRadar is very competitive when it comes to prices. It's a flexible and valuable product. It has a good edge in the region and good references as well. You can easily capitalize and upsell on whatever you sold previously.  It's a modular product, so you can set up a roadmap and plan for your customers. This is one of the main advantages of QRadar.

View full review »
AI
Chief Technology Officer at a tech services company with 51-200 employees

I like the new dashboard which enables us to understand how many real threat attempts are made in a day. I also like the QRadar incident response, we installed the QIF last week. The solution has improved visibility so that we've been able to discover that some of our customers have not had any protection and were very vulnerable. It's an important area. I also find that the user behavior analysis is relatively simple. We are customers of QRadar. 

View full review »
AM
Senior Cyber Security Expert at a security firm with 11-50 employees

It is suitable for large companies with critical infrastructure. For our clients, robustness, availability at a high level, and the level of references and experiences connected to the solution are important. They need to know that other energy players are also using it.

View full review »
HH
Senior IT Technical Support at a training & coaching company with 1,001-5,000 employees

Inside IBM QRadar there are a lot of engines that actually work to help us to do the correlation and normalization as well for the logs that we're receiving from multiple devices. IBM is very powerful in that regard. 

QRadar, as a solution, can integrate with a lot of other applications. You can write your own custom rules if you want to. We can ask it to detect whatever we want it to, even with the devices that are not supported to send logs. IBM QRadar can understand these types of commands and we can still integrate and write our own rules to help us to detect those logs that are coming from, for example, IoT devices or from other devices that usually we don't understand.

It can handle really a huge number of logs with fewer false positives. We can use the artificial intelligence and the rules that IBM is providing to make it really smart. The solution can help you predict even the false positives when we are alerting the admin or the security admin about some offenses that we have seen from the logs.

Their product is very user-friendly.

Customer service is very good and very helpful.

The initial setup is quite straightforward.

The solution can scale.

The solution is very stable.

View full review »
JN
Director of Information Security at a financial services firm with 501-1,000 employees

The most valuable feature is the searching capability and real-time operational use.

View full review »
MM
Senior Manager, Security Architecture & Operation, Corporate Security at Omantel

Integration is very easy and the reporting is good.

View full review »
ÖO
B.T. Güvenlik Yöneticisi at a energy/utilities company with 10,001+ employees

The most valuable feature is user-behavior analytics, where it will create logs based on the users' behavior and report suspicious events or other anomalies. I am working with the data analytics so it is a very good one for what I am doing. 

View full review »
VP
Manager-Cloud Security Operations at a retailer with 10,001+ employees

The most valuable feature is that it is a one stop solution for many things. It is a manager for vulnerability, functionality, packet filtering, packet analysis and log analysis.

View full review »
it_user634836 - PeerSpot reviewer
IT Director at MyEyeDr.

It has the ability to summarize all the other security products and give us a one-stop-shop dashboard.

IBM has added a new UBA (User Behavior Analytics) app to QRadar that uses the cognitive abilities of Watson to detect and prioritize user activity and risks on the network. It analyzes log activity already recorded so it can begin providing insights quickly after installation.

View full review »
it_user632775 - PeerSpot reviewer
Sr. Security Architect at American Airlines

We are using it for monitoring different systems, and we are monitoring the logs with QRadar. This is one of the good tools which we have identified, and we are using it for monitoring the application.

View full review »
it_user634848 - PeerSpot reviewer
Security Operation Manager at a transportation company with 10,001+ employees
  • User behavior analytics.
  • Alert features on any suspicious activities.
  • It contributes a lot of knowledge towards your network environment.
View full review »
it_user489405 - PeerSpot reviewer
Security Consultant at a tech services company with 11-50 employees

The SIEM features are what sell this product. Lately, it has been heavily expanded with others. For example vulnerability management, risk management, incident forensics, cognitive security, and user behavior analytics.

Basic SIEM features include log management, reporting, and correlations and alerting. All SIEM products started with those.

Modern SIEM solutions are expanded with additional components that i mentioned.

So today, you will rarely see RFP for only SIEM. It will usually include other requirements. To answer this, vendors started adding additional valuable features.

Lately, Qradar also opened their APIs to the development community, in order to confront Splunk, and that resulted in a large number of additional functionalities in the form of add-ons (Qradar apps).

View full review »
it_user631671 - PeerSpot reviewer
Information Security Analyst at a media company with 1,001-5,000 employees

The most valuable feature is the co-ordination of the data it has, such as getting all sorts of log files from different viewpoints and putting it together in one place, so that the incident responders can get all the data they need to see the bigger picture.

View full review »
willie.Na. - PeerSpot reviewer
System Engineer at Trans Business Machines Ltd

The timeline and the machine learning features are great at quickly flagging users who have either left the organization or have dormant accounts. The way that the app has transformed over time is quite phenomenal. One of the major improvements is its capacity for creating machine models. It comes with 16 default machine learning models, where it tracks user activity and changes in profiles and authentications. There are various default machine learning models and I'm able to model those to parameters that suit my needs. It's great that I'm able to implement an unlimited number of use cases on the UBA, putting in as many different kinds of logic as I want. It's a big advantage. 

View full review »
JR
Cybersecurity Business Development Manager at a comms service provider with 10,001+ employees

Overall a great solution.

View full review »
DD
Head of IT Security, Governance and Compliance at a consumer goods company with 10,001+ employees

The most valuable feature is the ease of use.

View full review »
RO
Information Security Specialist at a comms service provider with 501-1,000 employees

The user behavior analytics as part of our deployment was okay, even though it was clunky.

The solution can scale.

View full review »
it_user398799 - PeerSpot reviewer
Sr. Security Analyst with 1,001-5,000 employees

Currently, the App Exchange offers over 192 applications that allow QRadar to integrate with some of the top security programs on the market, along with extension add-ons provided by QRadar. Some third-party apps include (but not limited to) Splunk, McAfee, Cisco, Carbon Black, Palo Alto, ObservIT, Exabeam, Gigamon, PhishMe. Extension add-ons by QRadar include report extensions, MS AD extensions, user behavior analytics, etc.

We have a very small team and anytime I can integrate with our other tools, and save time doing so, that is a plus for my company.

View full review »
it_user634794 - PeerSpot reviewer
Director of Cyber Security at a insurance company with 10,001+ employees

The ability to correlate large amounts of data into rules that provide real-time alerting is the most valuable feature.

View full review »
it_user545001 - PeerSpot reviewer
Security Operations Center Manager at a financial services firm with 1,001-5,000 employees

Search capabilities are sufficient for most tasks, although not as easy to use as some other products.

View full review »
it_user631740 - PeerSpot reviewer
Security Manager at a pharma/biotech company with 1,001-5,000 employees

The search capability (I've used other solutions) and data consolidation are some of the key features.

View full review »
UzairKhan - PeerSpot reviewer
Business General Manager at Mutex Systems

The most valuable feature is the integration with the GRD, for banking.

View full review »
VK
AVP - Cyber Secuirty at Cloud4C Services

The solution supports MSSP models, which most service providers have. This means that a single system can be onboarded for all 200 existing customers for monitoring purposes. 

View full review »
SG
Vice President at a financial services firm with 10,001+ employees

The product provides a very defined solution. It provides a complete platform for ingesting the log, doing the correlations and handling the runtime.

View full review »
AI
Chief Technology Officer at a tech services company with 51-200 employees

Provided that the report is prebuilt and I can find what I am looking for, the reporting is the most valuable feature in this solution. The reports are very good and very presentable.

View full review »
it_user641277 - PeerSpot reviewer
Information Security Analyst at a transportation company with 5,001-10,000 employees

The pre-canned rules and reports in this product are a huge plus. Along with this, they have new apps to integrate different tools into QRadar’s dashboard. These features are most important, since it provides a single pane for viewing and researching the offenses, thus, saving a lot of time and resolving the complexity of the issues.

View full review »
MI
Certified AIX I.T Manager at a financial services firm with 10,001+ employees

The most important and valuable feature of QRadar is how useful it is for preparing use cases. It's also easy to use. 

View full review »
JT
IT Security Analyst at a manufacturing company with 10,001+ employees

I have found its network traffic log, network bit log, and QBI most valuable.

We have a lot of domain controllers in QRadar tracking all the security. It is also useful for identity management.

View full review »
MA
Information Security Manager at a comms service provider with 1,001-5,000 employees

The most valuable features are the diversity of logs type that enable us to monitors what is going on from different perspectives and reduces the likelihood that we will miss important attempts. There are different events and flows, and there is diversity from getting the information from different sources. We can also see that there are no false positives. It is well-tuned and the rules are covering everything that we need.

View full review »
it_user246402 - PeerSpot reviewer
Sr SIEM Consultant at a tech services company with 51-200 employees
  • Correlation Rule Engine, built-in use cases: QRadar has the highest number of built-in use cases among any SIEM on the market. There are many built-in rules that are enabled by default and easily tunable to meet the specific needs of each organization. The correlation engine automates what is a manual process for many SIEM platforms.
  • Network-Based Anomaly Detection (NBAD): Using NetFlow, JFlow, SFlow, or QFlow (all 7 layers), offenses are detected as a response when a rule is triggered.
  • QRadar Vulnerability Management: Built-in vulnerability scanner or leverage for other supported scanners to either schedule a scan and/or import the results from a scan. Importing the results enriches the assets profile database to quickly identify assets that have known vulnerabilities.
  • X-Force Threat Intelligence: Threat intelligence IP reputation feed which leverages a series of international data centers to collect tens of thousands of malware samples, to analyze web pages and URLs, and to run analysis to categorize potentially malicious IP addresses and URLs.
  • App Exchange: Many vendors have written apps to enhance QRadar. The apps are free and enhance your SIEM experience by adding rules and custom event properties. In some cases a new tab. You will need to have purchased the third party solution. For example, if you have Palo Alto or Blue Coat, there's a free app for better integration.
View full review »
JT
Solution Architect at Ostec

The visibility it gives you into your infrastructure has been great.

The notifications it provides offer valuable information when something is happening in your blind spot.

View full review »
it_user927267 - PeerSpot reviewer
Senior Security Architect at a tech services company with 10,001+ employees

QRadar has somewhat of a new structure recently from last gen. They have moved from the standard UI based infrastructure. There are multiple aspects coming in which are actually plugin and play kind of stuff, we don't have to write rules, we don't have to create dashboards and all. For example, on the dashboard we have user behavior analytics. And, it is very helpful for us to use customization and build from scratch.

View full review »
OS
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services

They do have a way to pre-configure or have pre-configurations for companies that are starting and they don't know too much about SIEM or working with SIEMs. The solution uses SIEM to get the information to the managers so I will say that they have an ongoing boarding process that is very good if you are starting because it already has what you need to start up.

In addition, they have more HIPAA. It's a pre-order on QRadar, so when we go to the process of selecting our use cases, they go by building blocks. QRadar links it to building blocks so we don't have too much to cut on it.

View full review »
WP
Vulnerability Manager at a tech services company with 51-200 employees

The threat protection network is the most valuable feature because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why.

View full review »
it_user639687 - PeerSpot reviewer
Cybersecurity Expert at a financial services firm with 10,001+ employees

I believe AQL is the most valuable feature. It allows me to extract data from the QRadar database directly using a very flexible language similar to SQL. So, if somebody has SQL experience, it is easy to learn.

View full review »
it_user634842 - PeerSpot reviewer
Senior Manager at a pharma/biotech company with 1,001-5,000 employees

Its technology is quite new and it has a predefined set of templates that can be readily used for our business, so we don't have to innovate much. These are some unique features about this tool.

View full review »
Muhammad Ali Aziz - PeerSpot reviewer
Senior Manager Cyber Security Services & Solutions at Trillium

I think this is a good product for enterprises because of the performance and out-of-the-box rules and use cases. If they want to reach the maturity level early, they can use these out-of-the-box rules and use cases. That will help them a lot.

View full review »
GR
SOC Manager at Nais Srl

It's a complete platform.

The interface is good.

They have more than 100 features.

View full review »
PP
Management Executive at a security firm with 11-50 employees

IBM QRadar is phenomenal as a SIEM SOC solution. In terms of its capability, in terms of its usability, in terms of the SOC solutions or SIEM solutions out there, we find QRadar the most user-friendly. 

It gives you the right coverage as the analytical platform that's coupled with Watson is phenomenal.

From a deployment perspective, we found it very, very good.

What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value.

It's easy to use if you go through the proper training. We find that the current IBM team in South Africa is not as good as the teams abroad, however, if you get the right support and the right training, which we have got, we find it very, very, very customizable and user-friendly. 

What we have done is we do not use a lot of level-one analysts. We use a lot of developers, so we constantly evolve the rule-set. Most of the organizations that have employed QRadar, what they do is they stack it up with level-one and level-two analysts, as opposed to having more security developers who enhance the rule-set, due to the fact that all of the same technologies work on rule-sets. If you can dynamically change the rule-set on the fly, you're good. We have got a different model in terms of the way we operate a SOC, where we have more developers amending the rules, you will lessen the number of false positives that you encounter. The biggest problem with most of the SIEM technologies out there is that you get too many false positives, and again, it impacts your operational SOC. We don't have that issue here. 

View full review »
RB
Founder at Halainfosec

There have been many advancements made in the most recent year. There are many add-ons included in the licenses that I have yet to explore.

There have been many improvements. When I worked with this solution at the core technical level, it was a SIEM solution. Many attributes have been added, such as threat intelligence, SO solutions, automation, and OT security. Many other platforms have been included as part of IBM QRadar.

The flexibility is good in terms of pulling log files.

View full review »
SP
Senior Security Engineer at a wholesaler/distributor with 10,001+ employees

One of the most valuable features of this solution is it has very good data correlation.

View full review »
JB
Deputy General Manager at a comms service provider with 5,001-10,000 employees

We are looking for the entire QRadar spectrum but it has many products. QRadar is a kind of program, we are looking for system modelling, point modelling, network side modelling similar to QRadar network inside, and the capability to correlate between the network and endpoint. Most of the SIEM's have to rely on when it comes to network side third party or separate network traffic analysis. When it comes to QRadar, they can do the correlation and not only in networks but also endpoints. This is one of the good features that we have noticed.

View full review »
Md Saiful Hyder - PeerSpot reviewer
AGM, Enterprise Solutions at Omgea Exim Ltd

The solution has very good Watson Analyzer integration. It's one of the key differentiators if you compare it to other solutions. 

The solution offers very good BSM support. There's 400 BSM support out of the box. That's a huge advantage. with it, you are actually adding almost all the devices that are available in an IT environment.

This is a distributed application, meaning that a customer can stack small and then scale it so that they can expand pretty effectively. You can use, basically, the same product in an SMB or a large enterprise. 

You can deploy the solution and leave it. It's very unfussy.

When it comes to deployment, it's very flexible.

View full review »
AS
Co-owner and CEO at Data Security Solutions

We have worked with other solutions, such as LogRhythm and Splunk. Compared to others, IBM QRadar has the best price-performance ratio so that you are able to reserve minimum costs. It starts settling in fast and gets the first results very quickly. It is also very scalable.

View full review »
FC
Ingénieur d'étude R&D at DOGA

The solution is relatively easy to use.

The product helps increase development speed.

The customization is very good, as are the dashboards and the security.

View full review »
it_user1379427 - PeerSpot reviewer
Application Security Architect at Bank Al Habib Limited

I really like the feature we have with the logs, that if there are any credit card numbers  being used, like a PII, you can just use rejects and you can mask it. This is a really good feature in QRadar.

View full review »
JK
Lead Security Infrastructure Engineer at a financial services firm with 5,001-10,000 employees
  • Ease of use
  • Time to value in implementation
  • Single pane of glass for analysts and SIEM administrators
View full review »
WP
Vulnerability Manager at a tech services company with 51-200 employees

The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why.

View full review »
it_user634800 - PeerSpot reviewer
Security Consultant at Dimension Data

The most valuable features are all the implementations, the plug-ins, and the User Behavior Analytics (UBA). All that stuff is really cool.

We are using the solution a lot on the customer side. We like the strength of the platform, basically. I know there is no other product like QRadar.

View full review »
it_user642180 - PeerSpot reviewer
Director SOC at a tech services company with 51-200 employees

These features make it easy to operate the application:

  • Integration with multiple platforms
  • Ease of rule making
  • Manufacturer support (IBM)
View full review »
JJ
Managed Security Product at a comms service provider with 1,001-5,000 employees

The feature that I have found most valuable is its artificial intelligence component, Watson. Its contribution is pretty good from a machine-learning artificial intelligence perspective. This compliments the orchestration automation component, as well.

View full review »
BK
Program Manager at a tech services company

First, the dashboard is a valuable feature. There is a single dashboard that gives us a complete overview of what is happening around the globe. We are able to follow the devices that are connected to the network. 

The second thing is the customization that we have done. For example, if there is an account login made in Tokyo then we will immediately get an alert.

View full review »
WP
Vulnerability Manager at a tech services company with 51-200 employees

The most valuable feature is the QRadar Vulnerability Manager which provides vulnerability scans. In addition, I like the way QRadar generates alerts.

View full review »
it_user797751 - PeerSpot reviewer
Security Consultant at Varutra Consulting
  • IBM Resilient Incident
  • IBM Threat Intelligence
  • IBM QRadar is easy to use.
View full review »
NH
General Manager at Global Solutions Services
  • DSM parsing
  • Log correlation
  • X-Force connectivity
  • Ease of DSM customisation
  • Multiple reports
View full review »
it_user632703 - PeerSpot reviewer
Senior security analyst at a financial services firm with 1,001-5,000 employees

Some of the most valuable things that I get from QRadar are the custom parsers. A lot of the syslog items I get pushed to QRadar, instead of trying to build a custom parser to parse out the information that we need in order to do our investigations or to review that data. There's a ton of already defined ones in the application.

Plus, when you build rules, it's a really good user experience. It's like plug-and-play rules to flow out what you want, for whether what you want to look at has a certain level of severity or if you want real-time alerting on something that's happening right away in your environment that you want to investigate.

View full review »
it_user632781 - PeerSpot reviewer
Cyber Security Manager at a energy/utilities company with 1,001-5,000 employees

It gives me insight and visibility, so I can detect a threat coming in and all the offenses are coming in from monitoring one spot.

View full review »
VS
President, Consultant, Trainer at MEI Security

The searching capability is good.

View full review »
NB
IT Security and Business Development Manager at a tech services company with 51-200 employees

The securing of data is the most important feature because nowadays as cloud has come in, it is especially challenging to secure. We are actually planning for Palo Alto to be a better option because IBM needs better security for their cloud.

View full review »
it_user393954 - PeerSpot reviewer
Application Infrastructure innovation at a financial services firm with 1,001-5,000 employees

What is valuable is that we're using it through IBM's MSS services, and that they're doing a really good job of keeping us alerted of what events are hitting, and adapting for it.

View full review »
Ashok Kumar Biswas - PeerSpot reviewer
System Engineer (Cybersecurity) at Omgea Exim Ltd

The event collector, flow collector, PCAP and SOAR are valuable.

View full review »
Ahmed Hossam - PeerSpot reviewer
SOC Analyst Tier 2 at IP Protocol INC

I like the graphical interface. It's so good and easy.

View full review »
PD
Assistant Engineer at Harel Mallac Technologies Ltd

The solution is easy to use, manage, and review all incidents.

View full review »
JW
Solution Security Architect at PT. Sinergy Informasi Pratama

The most valuable feature is that it can analyze event logs, event security, and give a good consult. When you have SIEM, you can easily manage with one single monitor. QRadar can do a lot of analyses of every security product and will let us know what needs to be done to the log. Sometimes we need security orchestration automated response to support the SOC team.

View full review »
MD
Cybersecurity Engineer Consultant at a tech services company with 501-1,000 employees

The correlation and the parsing are important features, since it is very important for a SIEM to have a good scalability and performance.

View full review »
MH
Network and Security Technical Team Leader at a wholesaler/distributor with 201-500 employees
  • The artificial intelligence ease of integration; it has a good integration with the artificial intelligence engine of Watson.
  • There is good collaboration between IBM Cloud and all IBM customers. 
View full review »
it_user309240 - PeerSpot reviewer
Cyber Security Advisor / CISO / Healthcare Security Pro at OMC SYSTEMS LLC

I find that the dashboards are the most helpful to get an overview of traffic flow and issues.

View full review »
SU
Team Lead - Information Security at a computer software company with 10,001+ employees

The simple user access model, or the user interface, is something that is very helpful.

The initial setup is not too difficult. 

So far, we have found the product to be stable. 

We've found the solution to be scalable.

View full review »
RP
Regional Director, Customer Success (GTM Solutions & Services) at a tech services company with 51-200 employees

The solution is flexible and easy to use.

View full review »
GO
Marketing Director at a aerospace/defense firm with 1-10 employees

Vulnerability detection is the most valuable feature. It's the tool that finds the threats.

View full review »
it_user163854 - PeerSpot reviewer
Security Solution Architect with 1,001-5,000 employees

IBM Qradar is

  • Ease of install . Its effectively redhat6.5 with an app on top.
  • Automatic log source identification
  • Inbuilt rules and reports are comprehensive so out of the box the system does things
  • Recognises every log source we have added.
  • IBM supply a virtual image which makes the standing up of a system a small piece of work.
View full review »
SW
Cyber Security Consultant at Gulf Business Machines

In general, the product is awesome. It's almost perfect.

The most valuable aspect of the solution is the integration capabilities on offer. It's very helpful to have so many options.

The initial setup is pretty straightforward.

The stability is good.

We've found the scalability to be excellent.

It offers all of the specifications of the hardware that we need.

View full review »
DP
Chief Technical Officer at IT Specialist LLC

The feature that I find the most useful is that IBM QRadar User Behavior Analytics is free of charge. It's a fully free product that can be installed on top of IBM QRadar SIEM.

View full review »
SO
Deputy General Manager - Network Security at a tech services company with 201-500 employees

In terms of valuable features, QRadar shows very effective correlations. If you combine all the logins plus user behavior and the current intelligence, it give a very good correlation for business. I think it reduces the false positives in user activity monitoring because we have a lot of social information to correlate with other data.

View full review »
NM
Solution Manager at ZZTL

Most of the features are good. It is an excellent solution. 

View full review »
SS
Director of Market Enabling Solutions at Raksha Technologies Pvt Ltd

Watson, which is an artificial intelligence, is the most valuable feature. On the back-end, Watson helps me figure out an exact problem, sometimes giving me the result. I never would have imagined this before.

View full review »
JC
Director, Cybersecurity at a media company with 51-200 employees
  • It has a logical, user-friendly GUI. 
  • Very easy to drill down in offenses and get to the bottom of raw data.
View full review »
Kamal Abdelrahman - PeerSpot reviewer
Country Manager at Magarah

IBM QRadar User Behavior Analytics has easy architecture, has a good portfolio and integration.

View full review »
TG
Sr. Information Security Analyst at a insurance company with 51-200 employees

Part of the SaaS offering is the SOC service. The best part of this solution is having a third-party SOC.

It's a robust solution.

View full review »
BB
Enterprise Architect, CISSP at a tech services company with 1,001-5,000 employees

My favorite thing is that it comes with good usability.

It has a powerful GUI where you can put together your use cases, and don't have to write your own scripts.

View full review »
it_user970365 - PeerSpot reviewer
Cybersecurity Practice Lead at a tech services company with 201-500 employees

One of the most valuable features is its ability to integrate with other solutions. In our current setup, we need a holistic view of our network to provide better service. Therefore, integration with our security tools and infrastructure is a must. We managed to get our NGFW, Endpoint Security, network servers, compliance tools and others to integrate with QRadar which enables our team to better understand what is happening in our network and respond accordingly.

View full review »
TM
Senior Cybersecurity Consultant at CIA Botswana

The vulnerability management aspect is the most valuable feature. IBM QRadar is the only SIEM solution with integrated vulnerability management. That's why most clients are flocking to it. API integration is very easy.

View full review »
it_user634860 - PeerSpot reviewer
Cyber Security Engineer

The most valuable feature is the ability to get the logs and analyze them. These logs help us in terms of analyzing and actually using Watson on them. It's a pretty great tool for intelligence. I think it is really a great product.

View full review »
it_user634782 - PeerSpot reviewer
Security Analyst at a government with 10,001+ employees

It's easy for us to see what's happening in the environment. It's very good to see the logs and the analytic stuff.

View full review »
it_user634830 - PeerSpot reviewer
Group CIO at a tech services company with 501-1,000 employees

We are using this SIEM solution, which is pretty good in terms of detecting threats and managing the intelligence for us.

View full review »
it_user285759 - PeerSpot reviewer
Security Consultant at a tech services company with 11-50 employees

The most valuable features are:

  • Auto update: QRadar will download new logs from the database on the supported security device, so that it will automatically normalize the new log format and you will not need to rewrite all your rules/offenses again.
  • X-Force/TAXII feed: QRadar can collect different types of security feeds and correlate them in real-time with your logs.

  • Search engine: QRadar is like Excel, i.e., you can add rows and filter like your daily office work, without writing any scripts. So level 1 support also can handle this type of jobs.
View full review »
it_user140676 - PeerSpot reviewer
Information Security Consultant at a tech services company with 51-200 employees
IBM Security QRadar has many valuable features. One of the most valuable features of IBM Security QRadar is the ease of extracting information from raw logs/events, whether the log source sending the events is supported by IBM or not (for example, a custom in-house application) and use this information in creating searches, correlation rules, reports, and dashboards. Another feature is scalability; scaling up a deployment to support more events per second is made simple just by “linking” new appliances to the main deployment through configuration steps that only take minutes to complete. I do not know if I can call this a feature, but a “general” feature of QRadar is that it does not require highly technically skilled personnel to administer. The dashboards and configurations through the web UI are easy to read, understand, and change. View full review »
MB
Information Security Leader at a computer software company with 1,001-5,000 employees

The features that I have found most valuable are that it is very stable, easy to get going, and easy to manage. It is also easy to review all incidents.

View full review »
FA
Security Analyst at a security firm with 11-50 employees
  • Its default set of rules: It comes with many rules disabled. You can tune them and modify them according to your enterprise needs and avoid false positives.
  • The extension management: There are more than 120 extensions in QRadar, which are easy to install and configure. These can improve your analysis of events. 
  • UBA 2.7: It can help you detect insider threats. 
View full review »
it_user632760 - PeerSpot reviewer
Lead Developer

The most valuable features of this solution are analyzing who is saying what and in case of a threat, we can easily identify from where the threat is originating, based on the analysis.

View full review »
it_user643884 - PeerSpot reviewer
Senior System Administrator at a tech services company with 11-50 employees

In my understanding, the best features are:

  • DSMs (Device Support Modules),
  • Device auto-discovery, and
  • Hundreds of rules and reports already created for you to mix up.

These features are keeping QRadar on top in Gartner. You can have it running in a few hours, then start collecting your logs and events in no time.

View full review »
RR
IT Security Manager at a tech services company with 201-500 employees

The feature that I have found most valuable is how it monitors the real network. That is its leading security feature.

View full review »
OK
Analyst at a tech services company with 501-1,000 employees

One very useful feature is the plug-in offering that allows you to integrate it with other solutions, such as integrating it with plug-ins like ForeScout, Carbon Black, and the rest. Additionally, the ability of the agents to filter using XPath query to filter out the specific events you want to pick from, especially Windows log sources, is also very useful. That goes a long way in managing the EPS of the solution.

View full review »
JS
Cybersecurity Architecture and Technology Lead at Appxone

Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure, helping organizations detect and remediate threats often missed by other security solutions. These threats can include inappropriate use of applications; insider fraud; and advanced, “low and slow” threats easily lost in the “noise” of millions of events..

View full review »
OU
Technical Consultant at activedge

The most valuable features would have to be the products' ability to customize vulnerability management settings and the ability to customize integration functions.

View full review »
DA
Senior Server Security Engineer

This solution has many valuable features but I especially like the Log Manager feature.

View full review »
SO
Member at CIFAL Argentina

The threat protection integration with other vendors.

View full review »
it_user634779 - PeerSpot reviewer
Security Intelligence at a tech services company with 10,001+ employees

The most valuable feature that we found, especially this year, was the ability to build apps over it. Basically, the platform has opened up and we can now customize it, as per our needs and requirements. We can build interactive dashboards and other interesting things around it.

View full review »
BT
Assistant IT Manager at a insurance company with 1,001-5,000 employees

I like that it's easy to use and the performance is good.

View full review »
KA
AVP - Security at a tech services company with 501-1,000 employees

I have found visibility very helpful for analytics.

View full review »
LY
Partner at a tech services company with 1-10 employees
  • UI capabilities
  • High degree of interconnection with other systems.
  • The business activity monitoring on the part of the solution.
View full review »
DC
Operations Analyst at a logistics company with 51-200 employees

The "Network Activity" feature was really good. An engineer can live monitor all the flow happening in real-time. This would help us a lot while investigating a case, and it would even help us with preventive actions.

View full review »
LD
Technical Presales at a tech services company with 1,001-5,000 employees

This solution has excellent security analytics.

View full review »
OO
Cyber threat Intelligence Manager at CyberLab Africa

The most valuable features are log monitoring, easy-to-fix issues, and problem-solving.

View full review »
MK
Practice Head at a tech services company with 51-200 employees

The most valuable feature is the correlation function, which is flexible.

It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch.

View full review »
LB
Security Engineer at a tech services company with 11-50 employees

The first feature that I love to demonstrate for my customers is the fact that the vulnerability manager is integrated in QRadar SIEM. This lets us stop and detect vulnerability. The reports provide many methods to fix it. The circumvention method and the patch method is perfected very well in the QRadar area. 

The second valuable feature is when we get events and make the correlation or rules. In IBM, we can implement our customer's rules. We can have very clear status threats and severity of antigens. The other fact I love about IBM is that we can integrate many other tiers solutions, such as Carbon Black and other plans.

View full review »
AB
IT Manager at a comms service provider with 1,001-5,000 employees
  • Paradigm shift, security intelligence 2.0
  • Contextual-based incident management
  • Threat-based incident management
  • A single management console to handle all the data
  • Ease of use
  • Existing integration capabilities
  • Out-of-the-box reports
  • Parser development
View full review »
MH
Team Lead & Principal Software Engineer at a tech services company with 51-200 employees

I am unable to pick one, every component is valuable. It is a very good SIEM.

View full review »
JM
CEO at a tech services company with 11-50 employees

Curator is the leader of teams in the market. It's a product with plenty of features and capabilities. It's a very powerful solution.

View full review »
AK
Security Analyst at a tech services company with 51-200 employees

Most valuable features include the granularity of information. Queries provide leads for finding information. We also deal with the Symantec team, which is a different one. 

View full review »
AC
General manager at a tech services company with 201-500 employees

The detection rate is good and the false positive rate is low. Having a low false-positive rate is good because it means that if an alert happens then it is very likely a real attack.

QRadar is quite flexible. Out of ten, I would rate flexibility a nine.

View full review »
EK
Network & Cyber Security Engineer at a manufacturing company with 1,001-5,000 employees

It provides many options for searching. I can see devices from different vendors, like Cisco, in one interface, which is good for me.

View full review »
it_user984276 - PeerSpot reviewer
Senior Analyst at a tech services company with 201-500 employees

It's user-friendly when compared to other products. New users can easily understand the product.

It integrates very easily with other solutions. The solution is flexible. We can add anything to it, as it is a good companion to other tools.

View full review »
DC
Security Solutions Architect at Micro Strategies

It works well with IBM products.

View full review »
it_user197457 - PeerSpot reviewer
IT Security Manager at a tech services company

Some of the valuable features are QM, QRM, and forensics.

View full review »
OO
Founder at a university with 11-50 employees

The UBA feature is the most valuable because you can see everything about users' activities. 

View full review »
VB
Principal Security Architect at a computer software company with 10,001+ employees

In terms of the most valuable features, the log collections and log processing mechanisms are good. They have good dashboards. They probably have the best cloud management log processing. They are going to announce user intended behavior and management features. Compliance monitoring is okay. All these things become a commodity.

View full review »
DS
Works at a tech services company with 11-50 employees

The most valuable feature of IBM QRadar is its slow control and even activation. I also like the post notifications on the screen.

View full review »
it_user795519 - PeerSpot reviewer
Senior Security Engineer at dig8labs

The most valuable feature is the DSM Editor. The custom parsing tool is very nice, outstanding. I have used McAfee's SIEM and LogRhythm as well, but because of this feature of QRadar, I don't think their solutions are good.

Customizing it is very easy and it has a user-friendly interface. 

View full review »
it_user575124 - PeerSpot reviewer
Sr. Security Engineer at a tech services company with 11-50 employees
  • User-friendly
  • Easy to deploy
  • Easy to create use cases
  • Easy to review an offense
  • Its correlation engine is one of the best
View full review »
YC
Security Consultant at a tech services company with 11-50 employees

I like the API and it's easy to use. 

View full review »
OO
Founder at a university with 11-50 employees

I think the QDI is very good.

View full review »
KJ
CEO at Xcelliti

This product is easy to install, integrate, and use.

It has very rich functionality.

View full review »
it_user610512 - PeerSpot reviewer
Technical Security Specialist at a tech services company with 51-200 employees

IBM Security's QRadar Security Intelligence is a multi-feature security monitoring platform that provides log management, SIEM, NetFlow, application monitoring, vulnerability scanning, full packet capture and risk analysis.

The platform is designed to be deployed as an all-in-one appliance, as discrete components that can be scaled horizontally for distributed and larger environments.

View full review »
GC
Queretaro at a tech services company with 1-10 employees

The most valuable features are the versatility of this solution and the variety of things you can do with it. 

View full review »
MA
General Manager at New System Engineering

The most valuable feature is that it reports a very small number of false positives. It is a very optimized engine.

View full review »
it_user934623 - PeerSpot reviewer
Senior Information Security Analyst at a financial services firm with 501-1,000 employees

QNI is the most valuable feature. 

View full review »
it_user923115 - PeerSpot reviewer
Cloud Security Architect at Nordcloud Oy
  • It's easy to set up.
  • There are a lot of great out-of-the-box features included.
  • It's a state-of-the-art product for security information and event management (SIEM).
View full review »
it_user640416 - PeerSpot reviewer
Assistant Manager-Information Security at a transportation company with 1,001-5,000 employees

SIEM technology is the most valuable feature of this solution, as it can be integrated with almost every application and system. If not, then you may ask IBM to write a parser for it.

View full review »
AS
Cyber Security Team Leader at a tech services company with 501-1,000 employees

The ability to add extensions is the most valuable feature. For example, extensions that provide valuable test ports.

View full review »
it_user632667 - PeerSpot reviewer
Cyber Security Engineer at a tech services company with 501-1,000 employees

We have very large, distributed implementations. The best case that we get out of the solution is the rapid insight into security events and offenses in our environment.

View full review »
OF
Professional Services at a tech services company with 51-200 employees

The most valuable feature is user behavior analytics (UBA).

The EPS and FPS graphs are helpful.

The collecting of logs and processes is very good.

View full review »
AT
Software Trainee at a tech services company with 1,001-5,000 employees

Almost every feature is useful. In particular:

  • Sense and detect fraud, both insider and advanced threats.
  • Sense, track, and link significant incidents and threats.
View full review »
it_user805179 - PeerSpot reviewer
Solution Architect with 201-500 employees
  • X-Force feed
  • Watson for cyber security
  • App Exchange
  • Scalability and licensing model
  • Vulnerability and risk management on network topology
View full review »
it_user5160 - PeerSpot reviewer
IT Security Consultant at a tech vendor with 201-500 employees

It's very helpful in meeting compliance monitoring and reporting (PCI DSS, PA DSS, ISO, SOX) requirements.

View full review »
SH
Pre-Sale Consultant (Technical) at a tech services company with 51-200 employees

We are using the platform version, which I like.

View full review »
Buyer's Guide
IBM Security QRadar
March 2024
Learn what your peers think about IBM Security QRadar. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.