IBM Security QRadar Reviews

It provides many options for searching. I can see devices from different vendors, like Cisco, in one interface, which is good for me.

We sometimes get an error about the hard drive. Approximately once in two months, we can't find the logs, and they go missing, which is a terrible issue. We are getting support for this issue from our support company.

I have been using this solution for one and a half years. We have been using this solution in our company for about four years. We have around 800 to 900 users.

It is very stable, but the hard drive sometimes does not have logs.

IBM is always there to support us. We have no trouble with them.

We have agreements with different companies for support. They are good. For some issues, they take more time, like a day or two days. 

We have almost ten engineers for IT sites.

I would rate IBM QRadar User Behavior Analytics an eight out of ten.

User Behavior Analytics is a part of IBM QRadar. It's a kind of application that can be installed over IBM QRadar SIEM. The primary use case is to detect user behavior anomalies, and through these anomalies, detect and better understand different threats and attacks.

The feature that I find the most useful is that IBM QRadar User Behavior Analytics is free of charge. It's a fully free product that can be installed on top of IBM QRadar SIEM.

The user interface and configurability of IBM QRadar User Behavior Analytics can be improved. It has a lot of pre-configured settings and not many things can be changed.

It also needs more integrations. Currently, User Behavior Analytics is integrated only with IBM QRadar. It could have deeper integrations. 

It can also have more complicated scoring models. Currently, it has a very simple linear scoring model for users.

I have been using this solution for about two years. We implement this solution as well as do demonstrations. We are also using it.

It's quite stable. 

It could be quite scalable, but it is not so easy to use when you have a lot of users. Because of the user interface shortcomings, it's not so useful when you have thousands of users. 

The second line of support is quite inexperienced in User Behavior Analytics, and they rarely are able to help. We had several serious issues with this product, which made it impossible to use for a customer. We had to spend a lot of time in finding the right person to help us in resolving the issues.

The initial setup is really straightforward. IBM QRadar User Behavior Analytics is very easy to deploy. Usually, if someone has already installed QRadar SIEM, then deploying User Behavior Analytics takes two to three hours.

It's free of charge.

I like IBM QRadar User Behavior Analytics. I would rate it an eight of ten. It still needs a lot of improvement, but its main advantage is that it's fully integrated with a SIEM system, and it's free of charge.

Find the malicious activity via filter, don't rely on the rules which trigger the offenses and fix the suspicious activities.

Gaining application visibility and anomaly detection helping IT personnel to quickly identify meaningful deviations. For example, QRadar SIEM can detect off-hours or excessive usage of an application or cloud-based service, or network activity patterns that are inconsistent with historical, moving-average profiles and seasonal usage patterns.

Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure, helping organizations detect and remediate threats often missed by other security solutions. These threats can include inappropriate use of applications; insider fraud; and advanced, “low and slow” threats easily lost in the “noise” of millions of events..

Artificial Intelligence is superb, QRadar correlate the events smartly and remove the same events but need improvements.

One to three years...

No issues.

Very good

Mcafee, switched due to the bad correlation of data.

It was straightforward

Splunk and Logrhythm..

QRadar also supports UBA which is a fantastic feature to detect user's malicious activities.

The first thing that we implemented for user behavior was to find out whether somebody is logging in at odd hours. It studies user behavior.

My favorite thing is that it comes with good usability.

It has a powerful GUI where you can put together your use cases, and don't have to write your own scripts.

The price of this solution is a little bit expensive, so if it were cheaper then it would help.

While the interface is easy to use, it could be a little more responsive. It can be a bit sluggish at times.

I have been using IBM QRadar for about a year.

We have not experienced any issues with stability.

Scalability has not been a problem, although our environment is not very big. Perhaps at a later stage and with a bigger environment, we might have issues.

I have been in contact with technical support on one or two occasions. The experience was good and we are satisfied.

I also have experience using Splunk.

The initial setup is really straightforward. It's a bonus point of this solution.

I would rate this solution an eight out of ten.

Some of these products can be used in any vertical like healthcare, manufacturing, and vehicle. You can use these products in all types of verticals. But I found that there is a limitation in central verticals. These products do not do well in central verticals.

In terms of the most valuable features, the log collections and log processing mechanisms are good. They have good dashboards. They probably have the best cloud management log processing. They are going to announce user intended behavior and management features. Compliance monitoring is okay. All these things become a commodity.

They have to build more quantitative monitoring, profiling, and make it more predictive.

I have been working with IBM QRadar for the last seven to eight years. 

QRadar is quite stable, but I am not sure about the volume. There is no clear volume. If I were to cross to an enterprise and the stability is not available then it would be a problem.

Augmented solutions are very tough to scale because you already fulfilled how well you fulfill the software and then you will have to limit the scalability. That is a problem.

Our clients are small, medium, and enterprise size. 

Technical support is not that strong from IBM. It definitely does not compare to any standard support organization. It's not that great.

The setup is comparatively easy, it's not that tough. But if you look at the current situation with COVID-19, people or organizations are not looking at how easy the cost of the innovation is. People want a plug and play option. 

It's like if you go to the market you buy a car, you get the key, just sit in the car and drive it out. With traditional companies like IBM, you have to use all the hardware, you have to use all the software, and the setup can take one month, two months, three months depends on or the scope. Nowadays consumers are looking for a souped-up car. They expect the tool to be operational maximum within a week's time or 15 days. That is what is missing in the QRadar.

The time it takes to deploy depends on the project scope. The order of planning can take a month to three months.

You will need three people to set it up. It can get quite expensive in retrospect. I prefer to have a plug and play service

There are more costs in addition to standard licensing; support, building.

If you are only looking at IBM, make sure to evaluate the product thoroughly. Make sure to see the complete list they offer, like more of the competitive features. Explore the options available on the market.

It doesn't really integrate well with other products. 

I would rate it a three out of ten. It is missing key features. 

Our primary use case is intrusion prevention and detection. We also use this solution for compliance and assisting in network troubleshooting for IT.

This has been indispensable in detecting intrusion attempts and many forms of malicious activity. 

This solution provides amazing visibility into the network and endpoints. The ability to correlate point in time and things happening over time is priceless in today's threat environment.

The rules can look for things both from log sources and from data traversing your network which is unique in the SIEM world and makes QRadar a consistent magic quadrant leader.

The QNI file hash in-flight search is helpful.

The ability to transition from microscopic to macroscopic view, instantly, is very good.

I would still  like to see a better GUI. improvements have been made but there still a way to go.

There are pretty annoyances like clicking out of a rule setup and instead of going back to search results in the rules, with the rule you selected still highlighted, you get the whole list without your search. Start again.  In the new lig source management app if you have a large number of log sources typing a name to filter them by is Java Hell, the high overhead of JIT compiled code means that even two fingered  carpal tunnel afflicted users can outpace the type ahead buffer, leaving random intermediate characters on the floor. Needless to say that makes managing log sources sometimes annoying. You can always cut and paste to go around this, but hey for  5 or 6 figures in hardware  and software, it aught to keep up with my typing. 

But to be fair, these kinds of things are dwarfed by it's awesome ability to ingest and correlate tortured use cases of mind boggling complexity, which is what you REALLY need your SIEM to do. That, QRadar does better than anyone else.

I have been using IBM QRadar for more about five years.

Scalability is very good.

This is not a trivial undertaking. You will need at least one experienced user and considerable infrastructure to support this if you use the on-prem version which we did. The cloud version has less overhead but there are some limitations so choose carefully.

Other solutions were investigated but none none came close to QRadar's capability.

If you absolutely positively have to catch the bad guys, and you have a heterogeneous environment QRadar is a great choice.

Most of the features are good. It is an excellent solution. 

Some of the features should be more cooperative but other than that, everything is okay.

I have been using IBM QRadar User Behavior Analytics for a year. 

It is very stable. 

It is also scalable. 

Our team handles its own support. We are capable of doing our own technical support but we also have IBM to get their help as well.

The initial setup is not straightforward but of medium complexity. It's not simple but not so complex. It usually takes two to three weeks to deploy. 

The price is very high. Some of our customers cannot afford it. 

IMB should reduce the pricing, or reduce some of the features for a more economical solution for the customer.

I would rate it an eight out of ten. They should reduce the pricing. 

We are a telecom company, and we use it for IT systems, for telecom systems and on various different levels of applications. We use it for web servers, routers, firewalls, and other security components. Our SIEM solution serves technical and non technical business units including customer care, engineering, revenue assurance, and anti fraud. 

Instant continuous monitoring so that we can take action immediately and be proactive as much as possible with handling hacking and attacking attempts. Also, It has improved comprehensive visibility for what is going on in the perimeters, and on the inside, as well. We also use it for testing our controls if it is performing well or not. We can say that the visibility, monitoring, testing and reliability of our controls is all assisted by this solution. The most important benefit we get is from the SIEM solution.

The most valuable features are the diversity of logs type that enable us to monitors what is going on from different perspectives and reduces the likelihood that we will miss important attempts. There are different events and flows, and there is diversity from getting the information from different sources. We can also see that there are no false positives. It is well-tuned and the rules are covering everything that we need.

There are some weaknesses with the QRadar Risk Manager. It has some weaknesses because of the connectivity with other vendors. It is limited. There are some vendors that you cannot connect QRadar Risk Manager with, so we you cannot get the maximum benefit of the product.

It is very stable. We have not faced interruptions in the past four and a half years.

It's great! This is one of the major features of the solution.

Technical support is good, but not great. 

It was straightforward, but we had to do some customization. 

When choosing a vendor, we always consider:

• Scalability
• Diversity of Connecting Systems
• Storage

We considered another solution from HP and ArcSight.