IBM Security QRadar Reviews

We are looking for the entire QRadar spectrum but it has many products. QRadar is a kind of program, we are looking for system modelling, point modelling, network side modelling similar to QRadar network inside, and the capability to correlate between the network and endpoint. Most of the SIEM's have to rely on when it comes to network side third party or separate network traffic analysis. When it comes to QRadar, they can do the correlation and not only in networks but also endpoints. This is one of the good features that we have noticed.

Since we have not used the solution very long my information is limited when it comes to improvements. I have noticed the interface has room for improvement.

I have been using the solution for two years. However, my company has not deployed the solution yet and we are in the early stages of testng.

The solution has a good technical team.

The installation is complex. There is some overloading that happens, this could be simplified and made easier by allowing all key features on the first level dashboard to be viewed.

When it comes to the initial pricing there can be a huge discount from there side and also I think they are open to competing with other products. Even though the price can be a little high sometimes there product is number one. They have a wide range of products.

We have compared Securonix and many other solutions to this one.

I rate IBM QRadar a nine out of ten.

I am currently working in the Brazilian operation of my company. I have a project in the airline industry in Brazil. This project improves the correlation of logs. There is another company I ticket to improve the solution, they have chosen to correlate the logs. We have SOC, Security Operation Center in Brazil, with 53 employees. We developed all these solutions in Brazil and it is in operation in 34 countries. 

Overall a great solution.

There needs to be better integration with other applications.

We have approximately 40 users using the solution.

The technical support is good.

The installation is complex.

We do the deployment for the solution.

I rate IBM QRadar a ten out of ten.

We primarily use the solution for log collection and security incidents as well as event management.

We benefit the most from the integration on offer. IBM QRadar offers a solution to our enterprise customers, and certainly, the admin has been benefiting from it, in terms of having more visibility on what's happening on the network in terms of events, flows, et cetera, and all in real-time. 

In general, the product is awesome. It's almost perfect.

The most valuable aspect of the solution is the integration capabilities on offer. It's very helpful to have so many options.

The initial setup is pretty straightforward.

The stability is good.

We've found the scalability to be excellent.

It offers all of the specifications of the hardware that we need.

The performance of the solution could be improved. Right now, it's the weakest aspect. I wish it was better.

Technical support could be improved by a bit.

I've been dealing with the solution for five years at this point.

The stability of the solution is very good. It's reliable. There aren't bugs or glitches. It doesn't crash or freeze. It's been good.

There's nothing better than QRadar when it comes to scalability. You can scale it to 100,000s of events per second. It can be scaled as much as you want. It has no limitations to it.

Technical support is okay. On a scale from one to ten, I would give them an eight. They could do better, however, we are mostly happy with their level of support.

The initial setup is not complex at all. It's quite straightforward. If a company implements this solution, they shouldn't have any issues with the setup process at the outset.

How long it takes to deploy depends on the size of the environment and the company. If it's a small enterprise, it can be done basically in a week or so. It's all about not just the department, however. It's all about collecting the log sources to integrate into it. That is where the process takes time. If the log sources are put together, things become much easier to handle. It's quicker and easier to define the rules, correlations, and reporting. The most time spent at the outset is in collecting the log sources and getting the log sources to send the data to.

The deployment process doesn't need many people. It depends on the deployment structure at first. If it treats a distributed architecture, of course, you need a couple of guys to be on board. However, then it's not only about deploying the solution, it's all about integrating the solution with different products or different platforms. That is where the time goes in. It's not a one-person job. Right from the application database, metro securities, and different controls that are in place, they all need to be integrated into the center. If we're talking about an enterprise, the team in an enterprise is equally responsible for waiting for those things to integrate.

The NEMA licensing structure is very easy. It's far better than the previous licensing structure they had. They charge you based on the number of events per second and flows per second, and that's the beauty of it. The rest of the components are complimentary. That's it. It's not a complex process of licensing anymore. It's very simple and straightforward.

We are resleers of QRadar.

In general, we have been quite happy with the solution. I would rate it nine out of ten.

We get excellent visibility in every aspect. It's easy to handle incidents when you really have everything in one place. You begin to know exactly what's happening on a network, and how the systems are performing and behaving.

When you compare it to other products, what I would advise is you look at how long they have been in business. This product has been in business for a very long time. You also need to look at the other integration factors, such as forensic, as they're very important. When it comes to forensic, nobody does better than what IBM Qradar Forensic does. There are other factors too - like its Watson integration, and all those things really play an equally important role.

It's not only about just the SIM, or your goals towards is going to be in building the SOC, Security Operation Center. It's all about automation as well. The integration should also look into automation capabilities. That way, you will be able to scale it up to build up a proper SOC.

We used this product as a SIEM, for information security.

This product collects all of the system logs and analyzes them to see if there are any security threats, or there have been any attacks. If there are, then it will alert the administrator to take the appropriate actions.

The detection rate is good and the false positive rate is low. Having a low false-positive rate is good because it means that if an alert happens then it is very likely a real attack.

QRadar is quite flexible. Out of ten, I would rate flexibility a nine.

They should speed up the incident response and also, at the same time, reduce the amount of manual effort that is required.

A nice enhancement would be the incorporation of more artificial intelligence and machine learning capabilities.

We have used IBM QRadar for approximately two years.

I would rate the stability a ten out of ten. We have had the occasional bug or other issue but once we report it to IBM, they give us a resolution quite quickly.

Technical support is quick to resolve issues.

We developed our own application to use as a SIEM, but we switched to QRadar.

The initial setup is complex and the deployment takes approximately three months.

It would be great if this product were cheaper.

We did evaluate other options before selecting this product.

Within the past year, IBM developed a SaaS version of QRadar, which is a nice option.

My advice for anybody who is considering this solution is to implement the latest IBM offerings together. QRadar is just one of the products, and multiple products can be combined to create the best solution for their needs.

I would rate this solution an eight out of ten.

The UBA feature is the most valuable because you can see everything about users' activities. 

The threat intelligence functionality can be better. In addition, it can have more monitoring capabilities.

I started to use it two to three years ago.

Its stability is very good. I don't have any problem with it.

It has good scalability. It is easy to scale, but it is a little bit expensive to scale because you have to pay a lot for everything.

Their technical support is good.

I have also used Kibana. It is a good tool. The biggest difference between Kibana and QRadar is that Kibana is an open-source SIEM integration solution. So, you need more professionals, and you have to do everything by yourself, whereas in the case of QRadar, you get everything. You are paying not only for QRadar but also for other things like support and integration. In an open-source SIEM integration solution like KIbana, you don't get these things.

It is an easy tool for me, so the initial setup was easy for me, but it might not be easy for everyone. If you compare it with Kibana, QRadar is easier to implement.

The implementation strategy was to follow the users, collect the logs, and then implement QRadar.

We implemented it ourselves.

Its price is good in terms of efficiency and the number of people required for implementing various things. You might pay more in terms of money, but you might save on the number of people. For example, if you are using Kibana, you have to pay more for people or experts, which is not the case with IBM QRadar.

When you go for this solution, you are paying not only for the product but also for integration, good staff to help you, scalability, and many other things. There are many things that you can use in QRadar. It is easy to use.

I would rate IBM QRadar a nine out of ten.

We use QRadar to detect and gather information about any product vulnerabilities and any sort of attack on the network. It's able to help detect suspicious activity that is coming into the system.

We are also selling this product.

This product is easy to install, integrate, and use.

It has very rich functionality.

QRadar needs to be more specialized, along the lines of what other SIEM solutions are. It needs to be more detailed.

Incorporating an AI component is needed, where the learning feature identifies malicious activities coming into the network.

The GUI and reporting need to be improved.

The footprint needs to be optimized because the application footprint is too heavy. The machine requires a very high amount of resources.

I have been working with IBM QRadar for between three and four years.

This is a very stable product.

QRadar is a scalable solution.

Technical support is very good.

I feel that the price is reasonable but compared to other products that are on the market, such as an offering by Microsoft, it is more expensive.

This is a good product but there is room for improvement in several areas, including the integration of advanced data mining.

I would rate this solution a six out of ten.

The primary use case of this solution is for monitoring the network.

Part of the SaaS offering is the SOC service. The best part of this solution is having a third-party SOC.

It's a robust solution.

The user interface is a bit difficult to get used to. Once you do, it's not difficult.

I have been working with QRadar for two years.

We are working with the latest version.

The stability is excellent.

It's scalable. Everything is done through our third-party vendor.

We have four other people in my group that have access to it, and we have six people who use it.

The third-party vendor manages the system

We had a third party vendor to complete the installation, so it wasn't bad.

We evaluated all of the Gartner top quadrants.

I would recommend having a third-party vendor.

There are a lot of alerts and a lot of tuning that has to be done. Every time we add new rules to it, an alert goes up. Having the SOC to go through it all first is very beneficial.

For what we do, I would rate IBM QRadar a ten out of ten. We are satisfied with it.

We do not implement this tool ourselves but have experience implementing it for our clients. There are several use cases. The two most important ones are network analysis and UBA.

It has helped our clients to see how things have changed when comparing the initial behavior, and what is currently happening with the user's internet. It maintains archives on the behavior.

The most valuable features are the versatility of this solution and the variety of things you can do with it. 

The initial setup requires that you have somebody with the proper skill set, and it would help if the configuration were easier.

We have been working with QRadar for less than one year.

This is a very stable product.

This is a scalable product that can scale to a large-sized organization.

My client for QRadar is medium-sized.

You need someone with the proper skills to complete the setup. The complexity of it depends on the features that you are looking for, and it can become very complex. The deployment can take between 16 and 20 days, depending on what needs to be configured.

It's a process to deploy, but once you have it configured it's easy to operate.

The deployment can be done in-house.

The pricing is okay, it's comparable to other vendors.

It's not expensive for the resources that it gives you.

I think the tool is very complete and very agile.

I would rate this solution a ten out of ten.