IBM Security QRadar Reviews

We have a POC environment but have not onboard it to any of our clients.

The most valuable feature is the correlation function, which is flexible.

It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch.

The technical support can be improved a little bit, and the price could be cheaper.

I have been using IMB QRadar for one year.

IBM QRadar is a stable solution.

Technical support needs improvement.

I know a little bit about Splunk and ELK Elasticsearch. We did not have a PoC with Splunk so it was just theoretical, but I did learn about it.

The initial setup is very easy.

IBM QRadar is a little bit expensive compared to other products.

I would recommend this solution to others who are looking for an on-premises solution. For a SIEM solution, it is the best one to go with. If they are interested in using the cloud, I would not recommend it. The cloud version of QRadar is QRoC and it is a bit complicated.

I would rate this solution an eight out of ten.

We are using the current version.

The solution supports MSSP models, which most service providers have. This means that a single system can be onboarded for all 200 existing customers for monitoring purposes. 

The implementation of the solution's technology needs to be simplified. It is overly complex. 

The integration also must be simplified. 

The licensing is also overly complex, as there is a need to buy the work load performance monitoring separately. These are the different modules we need to buy. 

IBM does not provide a combined, combo suitor solution which the customer can easily look at. The multiple functionalities are segmented and do not allow for an idea which is complete. It makes it difficult for us to do a realistic comparison with other products. I hope that others follow suit. 

We have been using IBM QRadar for almost eight-and-a-half years. 

No doubt about it, the solution is extremely stable. 

The solution needs to be redesigned to allow for scalability or for extending it to the existing one. There is a need to do long-term planning and migration from an existing to a new one and this cannot be easily accomplished. Storage cannot be added to the installation. One must completely migrate to the new storage to add additional terabytes. 

As such, the solution is not quite scalable. The scalability exists, but it requires migration. 

We are very happy with the technical support. 

The initial setup was extremely complex. 

We made use of an integrator. 

We have nearly two hundred customers making use of the solution.

We have direct contact with Ingram Micro or have a service partner relationship with it, but work directly with IBM as our ISP. 

We are a managed security service provider and wholesale customer of IBM QRadar

We buy a bulk license from IBM QRadar and host around 200 plus customers in a single integration so that all the customer events will be integrated in one solution. We are not integrators and do not resell their services.

As such, we don't buy the license or sell the tools to others. We will buy a license, inclusive of the services, host it with our private cloud and provide services to the end clients.

Our customer base of IBM users is limited. When it comes to a security operations center team, IBM will be looked to for providing security monitoring on an ongoing basis. We must see that it is working as it should be. 

I would recommend this solution to others. 

I rate IBM QRadar as an eight out of ten. 

Most valuable features include the granularity of information. Queries provide leads for finding information. We also deal with the Symantec team, which is a different one. 

The solution has definite room for improvement. There were certain bugs we had to deal with. Bigger issues involve the quantity of rules involved in its deployment. Also, false positives can be obtained and there is a need to fine tune the solution once every month or two until everything is correct. 

The stability and product support should also be addressed. 

When an offense occurs, the source IP will automatically provide a source username which is not correct. For reasons I don't understand, it uses the team or the name of the last user of the computer and this is not always accurate. This means that there are times that I obtain offenses that are ascribed to my boss and which serve him. The solution ensures that the host is vulnerable to another attack. The solution will estimate that the targeted host is vulnerable to certain attacks. 

Moreover, the solution may provide information of attacks that failed or that are irrelevant, such as vulnerabilities involving modems in which the target host is the Windows Server. This begs the question of why an offense that was and will always be blocked must be generated, such as that involving vulnerability from a modem. 

I have been using IBM QRadar for five years. 

When it comes to the scalability of the solution, it is possible to install many apps on top of IBM QRadar which can provide a host of views, such as those involving user behavior and analytics. There is no need to construct an SQL report, for example, as there are many free apps available which can be used to extend one's IBM QRadar functionalities. 

:
IBM technical support is always terrible. I have much experience with IBM, dating back 25 years in IT. I worked with IBM as a partner for almost 10 years. The organization is so big that it cannot tell one person from another. One can send an email and then get transferred from one support person to another, needing with the need to reiterate the issue anew with each one. In France they go on vacation and there is no one to whom one can address his issue. They also have problems with directing and redirecting phone calls. 

I found myself in charge of all hardware issues involving IBM. Whenever we had a case with IBM which was escalated, I managed to resolve the issue before them. I would find a solution while they would still be making queries about some version. Sometimes I feel they are buying time. At other times, they start by enquiring about what I did in an attempt to resolve the issue. There are times that they insist on the purchase of a subscription as a condition of benefiting from high level support and at these moments I'm inclined to tell them that they should be paying me for this. 

The initial setup is quite straitforward and not so difficult. 

The pricing is always fine. 

We use the solution with multiple customers on a daily basis. We have experience with its installation, configuration and use. 

I rate IBM QRadar as a six or seven out of ten. 

We are service providers, and we are always exploring tools to accompany existing tools. I am always searching for the best products to meet my clients' requirements. I always look to understand the technology first, learn what benefits we can get from the product, how competitive is it with other tools such as DarkTrace, and Palo Alto.

We are working with this solution, but it is being managed by another vendor.

We are service providers. We are providing SOC service and MSSP services for our clients. 

We are working on various products, not one specific product. We can provide services for any product, in fact, any security solution.

There have been many advancements made in the most recent year. There are many add-ons included in the licenses that I have yet to explore.

There have been many improvements. When I worked with this solution at the core technical level, it was a SIEM solution. Many attributes have been added, such as threat intelligence, SO solutions, automation, and OT security. Many other platforms have been included as part of IBM QRadar.

The flexibility is good in terms of pulling log files.

Automation is an area that people are looking for. IBM does have the SO solutions platform, but it would be more useful if they could have predefined use cases rather than using more generic ones. It would be much better if they could customize their use cases.

It's resource-intensive.

The IBM QRadar team has to be proactive and they have to be informative about the product.

They don't want to spend too much money on the SIEM because it is obviously resource-intensive. But the SIEM is a very useful product when you have good resources and good software.

For large organizations, that want to integrate all of the log sources, the pricing will be too expensive. This is the main reason that clients are not interested in SIEM solutions.

I have been working with IBM QRadar for approximately four years.

I moved into consulting, at the architectural level. I'm not working at the core level but I know the basics of QRadar and how exactly it functions. 

Technical support is good. 

My personal experience was fantastic. They are always good and we have never had any problems.

There are a lot of online resources available.

When compared with other SIEM solutions, QRadar is considerably less expensive. I would like to compare it with Elasticsearch because they have different pricing strategies.

QRadar is events per second, EPS-based, whereas Elasticsearch is resource-based. You have to estimate based on how many resources will be used in the infrastructure, irrespective of log resources and log volumes. 

They are charging based on the resources. 

I'm exploring the Elastic Stack Elasticsearch currently. Splunk is out of scope for us right now, we're not interested in that. Sentinel is one that we are interested in.

There are many competitive tools that are emerging regarding XDR solutions or SO solutions, which are capabilities that QRadar offers.

The competition is very different from the geographical locations.

For the Indian market, locally, they are still working on the old SIEM structure. It is a very generic SIEM model. Western countries, especially North American clients, are advanced in terms of moving the infrastructure to the cloud. Some have OT security and they're also doing some Office 365 advancements and several advanced search engines for endpoint detection.

They are expecting that nothing is left behind without using any licenses. Microsoft provides part of the security services if you go with the EFI license.

As vendors, we need to counter with the important visibility areas, and the critical access, which needs to be monitored as part of security. 

I would rate IBM QRadar a seven out of ten.

We use the solution for network behavior and log analytics. We wish to procure one for behavior analytics.

I am not certain which version we are using. 

There is a need for a behavior analytics solution in the environment. We use the solution to highlight unusual traffic for a single particular link or even single particular user traffic. 

The solution will not provide alerts in the event of any particular traffic. It will only alert in the case of a security threat. 

I am looking for a solution to replace IBM QRadar. We use it for incident reporting, but I need one for behavior analytics. I need one which will send alerts in the event of any behavior. 

The solution is fine for analyzing logs. We already have basic modules. We require more modules for getting so that we may obtain further details. We essentially use IBM QRadar for analyzing particular logs. 

There are no additional features which should be added or upgraded in the next release. 

The solution is reliable. 

The scalability is fine. 

Technical support is okay. We have had no issues with them. 

The license is not subscription-based. We have been doing the same deployment for more than ten years. 

The pricing is alright. 

Our environment is binding. We have only monitoring and data central traffic.

I would recommend the solution to others. It is fine for analyzing logs. 

There are many use cases for this solution. One example is we are using this solution to monitor user site access to band sites. 

The solution is highly used here in Pakistan and in many sectors, they could improve it by having more SIEM connectors.

I have been using this solution for approximately four years.

The stability is good until you upgrade to a new version. You have to properly shut down services when you are doing some maintenance activities every three to four months. There might be some problems that you do not expect. We have had some complaints from users regarding operation. 

We have had bad experiences with support from IBM. We are not satisfied with the support and they have made me very angry. My customers have had similar experiences.

The initial setup of QRadar is not complex because we have done it before and we are used to the development. It is getting easier all the time.

There is a license required for this solution and it is an annual payment. I have found all solutions in the category to be expensive, including Splunk.

I am evaluating Splunk.

Here in Pakistan, this solution has already saturated the financial market.

I rate IBM QRadar a five out of ten.

We use this solution for advanced threat detection, insider threat monitoring, risk and vulnerability management, and unauthorized traffic detection regarding our network. We can monitor and detect web attacks with it as well. 

Within our organization, there are roughly 2,000 to 3,000 employees using this solution. As of now, we don't have any plans to increase our usage of IBM QRadar.

The basic use case of this solution is to identify insider threats. Insider threats are the most dangerous kind of threat for any type of organization to secure. This solution identifies who the insider threats are, and also determines if there are any malicious activities taking place inside of an organization itself. In short, it provides us with real-time visibility so we can identify who the insider threats and what malicious activities are occurring inside of our own network. It also protects our web applications from DNS attacks.

The threat hunting capabilities in general are great. 

I was going to say that the reporting could be improved, but IBM recently introduced a new cloud-based security service that integrates with QRadar. Now, reporting is much easier than before. I personally can't think of an area for improvement.

I have been using this solution for two and a half years. 

This solution is quite stable. 

We receive 24/7 support via email; however, we don't have to contact support often because we have our own trained team. They handle most issues.

We used to use Splunk.

How complex the initial setup is completely depends on the customer's infrastructure. If there are lots of tools that need to be integrated, then the setup is going to be really complex. I wouldn't say that the initial setup is complex, it's more moderate than anything. 

Deployment took two to three weeks from beginning to end.

The price of this solution is a little high.

Before implementing a new solution, you need to understand your network infrastructure completely. You need to determine if third-party integration is supported or not. IBM Qradar supports a lot of third-party integration because third-party tool integration is often required. 

Storage also needs to be defined properly as logs need to be kept for a certain amount of time. If you have to store logs for three to six months, then you'll need to ensure that you've evaluated the storage capacity properly.

Overall, on a scale from one to ten, I would give this solution a rating of eight. We're very satisfied with it. 

We are a service provider and we are providing the solution as a managed service for multitenancy security.

The solution is flexible and easy to use.

IBM is going through some problems with its resources currently making its support response time slow.

I have been using the solution for a couple of months.

I find the solution reliable. 

The solution is scalable. We have 15 customers using it at the moment.

The support could be a lot better by being faster.

We recently switched to this solution from LogRhythm cloud. One of the main reasons we switched solutions was because it is more scalable.

The installation was a little difficult and could be made easier.

We have evaluated Secureonix and this solution is far superior. We did the implementation of Securonix for two customers and we canceled it. We rolled back those clients onto this solution because Securonix failed on both implementations.

I would recommend this solution to others. We have invested in it and we plan on using it in the future.

I rate IBM QRadar an eight out of ten.